Log In | Register
I just recieved this email from Dreamhost. It seems that they've leaked 3500 FTP account passwords somehow.
That explains a lot - about 2 weeks ago, someone used my password to upload tons of spam links to my sites. At the time, I contacted Dreamhost indicating the problem, and they assured me that their servers were secure, and it *must* be my problem. Looks like it wan't me.
Dreamhost leaks 3,500 FTP passwords
Seeded on Wed Jun 6, 2007 7:22 AM EDT
Article Source: caydel.com- Enjoy this article? Help vote it up the 'Vine.
- Public Discussion (29)
I belive Mike D uses Dreamhost for his personal site over at http://www.mikeindustries.com/
- 2 votes
#1 - Wed Jun 6, 2007 7:35 AM EDTI belive Mike D uses Dreamhost for his personal site over at http://www.mikeindustries.com/
That was the first thing I thought of as well when I saw this.
Ohh well, things like this will happen. Hopefully it didn't create too much damage.
- 1 vote
If I remember correctly -- Mike earns quite a lot of money by referring people to Dreamhost, as well.
:)
- 2 votes
If I remember correctly -- Mike earns quite a lot of money by referring people to Dreamhost, as well.
I can only imagine. After his recommendation I almost considered switching to Dreamhost over Site5 (current host).
- 1 vote
Hmm. I, too, use DreamHost. I guess I'd better go change my passwords. Thanks for the heads-up, Killfile.
#3 - Wed Jun 6, 2007 12:04 PM EDTIt seems to only be about 0.15% or something.
Our records indicate that only roughly 20% of the accounts accessed -
less than 0.15% of the total accounts that we host - actually had
any changes made to them. Most accounts were untouched.
Still, pretty bad.
- 2 votes
#5 - Wed Jun 6, 2007 12:30 PM EDTI've recently been considering hosting with dreamhost instead of godaddy. Any suggestions or comments about hosting with them?
- 2 votes
#6 - Wed Jun 6, 2007 2:26 PM EDTDreamhost has gotten glowing reviews from everyone I know who uses it.
- 1 vote
This is honestly the first bad thing I've ever seen about them. I only seeded it b/c I knew Mike D uses it.
- 1 vote
Yeah, I had heard rumors about downtime, but I don't believe them. I mean, Dreamhost is one of the few hosts I've seen that will withstand the Digg effect...
- 1 vote
I've recently been considering hosting with dreamhost instead of godaddy. Any suggestions or comments about hosting with them?
I've only heard great things about Dreamhost. I almost switched over to it from my current host: Site5. There are some subtle differences and after much thought I stayed with Site5 - but in my mind they are pretty much equal.
It is just my opinion, but GoDaddy sucks all around - not just hosting but domain registration as well.
- 1 vote
Well, I never got that email from DreamHost and I've been with them for almost two years now, so I can't vouch for the veracity of this SEO blog post. There's also no notice about this on http://www.dreamhoststatus.com/
- 2 votes
#7 - Wed Jun 6, 2007 3:14 PM EDTYes, many people have noticed no 'official' notice from Dreamhost. However, if you read the comments at , about 50 other users confirm that they recieved the same email and endured the same intrusions I did...
- 2 votes
here is the link to the digg I was indicating:
digg.com|security/Dreamhost_Leaks_3500_FTP_Passwords_Sites_Get_Hacked_Big_Time
replace the | with a /
- 1 vote
Huh? The Digg link just goes right back to the same post as the one seeded here. That lends no more veracity to this story than pointing to a google link to the same post on your blog. If I do get an email from DreamHost, I'll be sure to let everyone know here. So far, that hasn't happened.
Aine, I think Caydel wants you to look at the comments over at Digg. Like this guy:
http://digg.com/security/Dreamhost_Leaks_3500_FTP_Passwords_Sites_Get_Hacked_Big_Time#c7051835
- 1 vote
Thanks OnlineApps - that's what I meant. The point is many users in the comments at the digg have the same story as I do. Killfile has also pointed out that it is verified on Dreamhost's support forums.
By the way, what is the deal with me not being able to post links in my messages?
- 1 vote
You're a new user. To protect Newsvine from spam, new users are prevented from posting links.
Stick around for a while and you'll be able to post links.
- 1 vote
Hello.
Thanks for seeding my article.
I've used Dreamhost for two years, and the rumours you've heard of downtime are likely true - we've had 24+ blocks of downtime last summer when California was in the midst of their rolling blackouts. DH lost power for an extended period of time, then one of their generators caught fire, knocking out power to their entire datacenter. This took quite some time to repair.
- 2 votes
#8 - Wed Jun 6, 2007 3:16 PM EDTWe are looking to a host for a service we are putting together and one of the partners suggested Dreamhost, but two other partners shot that idea down due to a history of problems over there.
- 3 votes
Anyone have anything to say regarding dreamhosts generosity? I've heard sometimes they give existing members extra bandwidth and storage increases for free. How about tech support? Can anyone claim there is a better hosting service than Dreamhost?
- 2 votes
#9 - Wed Jun 6, 2007 3:33 PM EDTDave Shea, another prominent web developer like Mike Davidson, was also hacked. His readers noticed the spam code on his website and alerted him to it.
The more disappointing part of this story was Dreamhost's initial response to Dave Shea's inquire about possible security holes: They blamed him and his website code.
You can read more about his perspective in this article, Unsettling, on on his website.
- 1 vote
#10 - Wed Jun 6, 2007 3:58 PM EDTMy own experience with Dreamhost wasn't good, and led to me leaving them. Of course that's only one person, and anyone can be lucky or unlucky, especially with a shared hosting setup.
I found that there were a lot of outages, a lot of slowdowns (people on my server were running processor intensive scripts), and a lot of hassles with mail. This last was the killer, because the dreamhost IPs had been the origin of a lot of spam - I wonder if it was those same scripts? - it meant that many people blocked email from me and my leased domains because of the originating IP. Nothing I can do about that but if looks so bad and it's so inconvenient to my customers that I had to move. It's not dreamhost's fault, by the way.
They're terrific value for money, but it comes at a cost... that's my opinion.
#11 - Wed Jun 6, 2007 7:02 PM EDTI personally have loved using Hostrocket for the last 5 years and have never had a problem once even with the huge loads some of my sites place on it. I highly recommend them!
#12 - Wed Jun 6, 2007 7:26 PM EDTYou're in Easy Mode. If you prefer, you can use XHTML Mode instead. |
As a new user, you may notice a few temporary content restrictions. Click here for more info.
