Log In | Register
KILLFILE
Epicurean Intelligentsia
Articles Posted: 305; Links Seeded: 7611
Member Since: 2/2006Last Seen: 11/24/2009
Member Since: 2/2006Last Seen: 11/24/2009
22 Votes
29 Comments
Dreamhost leaks 3,500 FTP passwords
News Type: Event — Seeded on Wed Jun 6, 2007 7:22 AM EDT
Article Source: caydel.comadvertisement
I just recieved this email from Dreamhost. It seems that they've leaked 3500 FTP account passwords somehow.
That explains a lot - about 2 weeks ago, someone used my password to upload tons of spam links to my sites. At the time, I contacted Dreamhost indicating the problem, and they assured me that their servers were secure, and it *must* be my problem. Looks like it wan't me.
Published to:
- Killfile's Column, All of Newsvine
- Groups: Web Development
- Regions: none
- Public Discussion (29)
- Web Development
What's this?
Who's leading the conversation?
This visualization below allows you to see the impact that each user
has on the current conversation.
The top row contains the group of users who have had the most impact, the 2nd
row the group of users who have had the 2nd most impact (et cetera).
Users with similar impact are grouped together, and the average score of the group
is shown to the left of the group. The author of the article is also shown on the
left, in their corresponding group.
Each user's score is based on the number of comments the user has made plus the
number of votes their comments have received. The scores are calculated relative
one another, so while their absolute value is not particularly important, their
relative difference does indicate a larger difference in impact on the conversation.
7.2
3.5
1.1
{"commentId":761096,"authorDomain":"killfile"}
I belive Mike D uses Dreamhost for his personal site over at http://www.mikeindustries.com/
{"commentId":761096,"threadId":"110960","contentId":"759025","authorDomain":"killfile"}
- 2 votes
#1 - Wed Jun 6, 2007 7:35 AM EDT{"commentId":761379,"authorDomain":"2timothy42"}
I belive Mike D uses Dreamhost for his personal site over at http://www.mikeindustries.com/
That was the first thing I thought of as well when I saw this.
Ohh well, things like this will happen. Hopefully it didn't create too much damage.
{"commentId":761379,"threadId":"110960","contentId":"759025","authorDomain":"2timothy42"}
- 1 vote
{"commentId":762271,"authorDomain":"brianford"}
If I remember correctly -- Mike earns quite a lot of money by referring people to Dreamhost, as well.
:)
{"commentId":762271,"threadId":"110960","contentId":"759025","authorDomain":"brianford"}
- 2 votes
{"commentId":762327,"authorDomain":"2timothy42"}
If I remember correctly -- Mike earns quite a lot of money by referring people to Dreamhost, as well.
I can only imagine. After his recommendation I almost considered switching to Dreamhost over Site5 (current host).
{"commentId":762327,"threadId":"110960","contentId":"759025","authorDomain":"2timothy42"}
- 1 vote
{"commentId":763040,"authorDomain":"darkside"}
I use dreamhost. I think I used him as my referrer. I wonder...
{"commentId":763040,"threadId":"110960","contentId":"759025","authorDomain":"darkside"}
{"commentId":761368,"authorDomain":"aris"}
A lot of rumours and speculation...
{"commentId":761368,"threadId":"110960","contentId":"759025","authorDomain":"aris"}
#2 - Wed Jun 6, 2007 9:54 AM EDT{"commentId":761704,"authorDomain":"emix"}
Hmm. I, too, use DreamHost. I guess I'd better go change my passwords. Thanks for the heads-up, Killfile.
{"commentId":761704,"threadId":"110960","contentId":"759025","authorDomain":"emix"}
#3 - Wed Jun 6, 2007 12:04 PM EDT{"commentId":761712,"authorDomain":"tke132"}
The password was "anonymous," right?
{"commentId":761712,"threadId":"110960","contentId":"759025","authorDomain":"tke132"}
- 4 votes
#4 - Wed Jun 6, 2007 12:06 PM EDT{"commentId":761775,"authorDomain":"onlineapps"}
Naw, it was "password".
{"commentId":761775,"threadId":"110960","contentId":"759025","authorDomain":"onlineapps"}
- 4 votes
{"commentId":761766,"authorDomain":"onlineapps"}
It seems to only be about 0.15% or something.
Our records indicate that only roughly 20% of the accounts accessed -
less than 0.15% of the total accounts that we host - actually had
any changes made to them. Most accounts were untouched.
Still, pretty bad.
{"commentId":761766,"threadId":"110960","contentId":"759025","authorDomain":"onlineapps"}
- 2 votes
#5 - Wed Jun 6, 2007 12:30 PM EDT{"commentId":762098,"authorDomain":"aw4re"}
I've recently been considering hosting with dreamhost instead of godaddy. Any suggestions or comments about hosting with them?
{"commentId":762098,"threadId":"110960","contentId":"759025","authorDomain":"aw4re"}
- 2 votes
#6 - Wed Jun 6, 2007 2:26 PM EDT{"commentId":762114,"authorDomain":"onlineapps"}
Dreamhost has gotten glowing reviews from everyone I know who uses it.
{"commentId":762114,"threadId":"110960","contentId":"759025","authorDomain":"onlineapps"}
- 1 vote
{"commentId":762205,"authorDomain":"killfile"}
This is honestly the first bad thing I've ever seen about them. I only seeded it b/c I knew Mike D uses it.
{"commentId":762205,"threadId":"110960","contentId":"759025","authorDomain":"killfile"}
- 1 vote
{"commentId":762241,"authorDomain":"onlineapps"}
Yeah, I had heard rumors about downtime, but I don't believe them. I mean, Dreamhost is one of the few hosts I've seen that will withstand the Digg effect...
{"commentId":762241,"threadId":"110960","contentId":"759025","authorDomain":"onlineapps"}
- 1 vote
{"commentId":762333,"authorDomain":"2timothy42"}
I've recently been considering hosting with dreamhost instead of godaddy. Any suggestions or comments about hosting with them?
I've only heard great things about Dreamhost. I almost switched over to it from my current host: Site5. There are some subtle differences and after much thought I stayed with Site5 - but in my mind they are pretty much equal.
It is just my opinion, but GoDaddy sucks all around - not just hosting but domain registration as well.
{"commentId":762333,"threadId":"110960","contentId":"759025","authorDomain":"2timothy42"}
- 1 vote
{"commentId":762252,"authorDomain":"aine"}
Well, I never got that email from DreamHost and I've been with them for almost two years now, so I can't vouch for the veracity of this SEO blog post. There's also no notice about this on http://www.dreamhoststatus.com/
{"commentId":762252,"threadId":"110960","contentId":"759025","authorDomain":"aine"}
- 2 votes
#7 - Wed Jun 6, 2007 3:14 PM EDT{"commentId":762270,"authorDomain":"caydel"}
Yes, many people have noticed no 'official' notice from Dreamhost. However, if you read the comments at , about 50 other users confirm that they recieved the same email and endured the same intrusions I did...
{"commentId":762270,"threadId":"110960","contentId":"759025","authorDomain":"caydel"}
- 2 votes
{"commentId":762274,"authorDomain":"caydel"}
here is the link to the digg I was indicating:
digg.com|security/Dreamhost_Leaks_3500_FTP_Passwords_Sites_Get_Hacked_Big_Time
replace the | with a /
{"commentId":762274,"threadId":"110960","contentId":"759025","authorDomain":"caydel"}
- 1 vote
{"commentId":762365,"authorDomain":"aine"}
Huh? The Digg link just goes right back to the same post as the one seeded here. That lends no more veracity to this story than pointing to a google link to the same post on your blog. If I do get an email from DreamHost, I'll be sure to let everyone know here. So far, that hasn't happened.
{"commentId":762365,"threadId":"110960","contentId":"759025","authorDomain":"aine"}
{"commentId":762386,"authorDomain":"onlineapps"}
Aine, I think Caydel wants you to look at the comments over at Digg. Like this guy:
http://digg.com/security/Dreamhost_Leaks_3500_FTP_Passwords_Sites_Get_Hacked_Big_Time#c7051835
{"commentId":762386,"threadId":"110960","contentId":"759025","authorDomain":"onlineapps"}
- 1 vote
{"commentId":762397,"authorDomain":"killfile"}
Here's the discussion on Dreamhost's Support Forums.
{"commentId":762397,"threadId":"110960","contentId":"759025","authorDomain":"killfile"}
{"commentId":762423,"authorDomain":"caydel"}
Thanks OnlineApps - that's what I meant. The point is many users in the comments at the digg have the same story as I do. Killfile has also pointed out that it is verified on Dreamhost's support forums.
By the way, what is the deal with me not being able to post links in my messages?
{"commentId":762423,"threadId":"110960","contentId":"759025","authorDomain":"caydel"}
- 1 vote
{"commentId":762471,"authorDomain":"killfile"}
You're a new user. To protect Newsvine from spam, new users are prevented from posting links.
Stick around for a while and you'll be able to post links.
{"commentId":762471,"threadId":"110960","contentId":"759025","authorDomain":"killfile"}
- 1 vote
{"commentId":762258,"authorDomain":"caydel"}
Hello.
Thanks for seeding my article.
I've used Dreamhost for two years, and the rumours you've heard of downtime are likely true - we've had 24+ blocks of downtime last summer when California was in the midst of their rolling blackouts. DH lost power for an extended period of time, then one of their generators caught fire, knocking out power to their entire datacenter. This took quite some time to repair.
{"commentId":762258,"threadId":"110960","contentId":"759025","authorDomain":"caydel"}
- 2 votes
#8 - Wed Jun 6, 2007 3:16 PM EDT{"commentId":762300,"authorDomain":"thepef"}
We are looking to a host for a service we are putting together and one of the partners suggested Dreamhost, but two other partners shot that idea down due to a history of problems over there.
{"commentId":762300,"threadId":"110960","contentId":"759025","authorDomain":"thepef"}
- 3 votes
{"commentId":762301,"authorDomain":"aw4re"}
Anyone have anything to say regarding dreamhosts generosity? I've heard sometimes they give existing members extra bandwidth and storage increases for free. How about tech support? Can anyone claim there is a better hosting service than Dreamhost?
{"commentId":762301,"threadId":"110960","contentId":"759025","authorDomain":"aw4re"}
- 2 votes
#9 - Wed Jun 6, 2007 3:33 PM EDT{"commentId":762367,"authorDomain":"snowfallen"}
Dave Shea, another prominent web developer like Mike Davidson, was also hacked. His readers noticed the spam code on his website and alerted him to it.
The more disappointing part of this story was Dreamhost's initial response to Dave Shea's inquire about possible security holes: They blamed him and his website code.
You can read more about his perspective in this article, Unsettling, on on his website.
{"commentId":762367,"threadId":"110960","contentId":"759025","authorDomain":"snowfallen"}
- 1 vote
#10 - Wed Jun 6, 2007 3:58 PM EDT{"commentId":762920,"authorDomain":"djehuty"}
My own experience with Dreamhost wasn't good, and led to me leaving them. Of course that's only one person, and anyone can be lucky or unlucky, especially with a shared hosting setup.
I found that there were a lot of outages, a lot of slowdowns (people on my server were running processor intensive scripts), and a lot of hassles with mail. This last was the killer, because the dreamhost IPs had been the origin of a lot of spam - I wonder if it was those same scripts? - it meant that many people blocked email from me and my leased domains because of the originating IP. Nothing I can do about that but if looks so bad and it's so inconvenient to my customers that I had to move. It's not dreamhost's fault, by the way.
They're terrific value for money, but it comes at a cost... that's my opinion.
{"commentId":762920,"threadId":"110960","contentId":"759025","authorDomain":"djehuty"}
#11 - Wed Jun 6, 2007 7:02 PM EDT{"commentId":762994,"authorDomain":"urban10"}
I personally have loved using Hostrocket for the last 5 years and have never had a problem once even with the huge loads some of my sites place on it. I highly recommend them!
{"commentId":762994,"threadId":"110960","contentId":"759025","authorDomain":"urban10"}
#12 - Wed Jun 6, 2007 7:26 PM EDT{"canLink":false,"threadId":"110960","isPrivate":false}
You're in Easy Mode. If you prefer, you can use XHTML Mode instead. |
As a new user, you may notice a few temporary content restrictions. Click here for more info.
Start Tracking
Stop TrackingCOMPANY STUFF:
LEGAL STUFF:
- © 2005-2009 Newsvine, Inc. |
- Newsvine® is a registered trademark of Newsvine, Inc. |
- Newsvine is a property of
