Web Hosting Break-Ins, Security Update
Posted (June 11th, 2007 at 3:17 pm PST) by DallasThis is a follow-up to our previously announced security breach.
Once we identified the original problem, implemented some immediate security tightening measures, and assessed the scope of the problem, we immediately notified our affected users. The best way to improve security is to share information about flaws like this and we hope that being public about this will help. Though we are a bit ashamed that such a thing has happened to us, keeping it a secret would ultimately cause even more harm. We appreciate all of the information everyone has provided to us regarding this situation.
In the ensuing discussion since we announced this to our users we have seen and heard evidence that similar attacks have been successfully made on several other prominent web hosting companies in the past few weeks as well, some of them much more serious than this attack on us. That makes it look like this may not be an isolated incident. If anyone at other web hosting companies has any additional information, we’d love to talk about it!
We have already taken some steps to improve our security:
1. We have already removed the ability to view your passwords from our web control panel. That feature was in there as a convenience to users that misplace their passwords frequently but we feel it is no longer safe. This may have been used to grab our user passwords as part of this breach but there is some evidence suggesting that is not the case.
2. A couple of unexploited and minor security flaws in our software have been closed up as a precautionary measure. Thanks to those that reported these to us.
3. We have tightened down web control panel user logins to make it much harder for a would-be attacker to gain unauthorized access to our web control panel while still staying out of the way of legitimate users. This is not the sort of feature you should ever notice but it is there working behind the scenes.
In addition, we are working on some back-end changes to greatly improve our ability to identify potential security problems such as this one and to improve overall system security. A security breach is a very good wake up call and we intend to learn all we can from it. These are in progress and will be implemented in the coming days and weeks.
1. We are developing an early-warning system to notify us promptly when unusual activity on our web control panel is detected. The first phase of this has already gone live.
2. We are developing documentation to help our users take advantage of all of the security tools we have available already. We already support SSL for all email transmissions and we support SSH and SFTP for account logins. In the Internet of today, you can never have enough encryption and we want to make that easy to use.
3. We are also making a number of other behind the scenes improvements to tighten things down. We’re surveying our code and our system setups to identify areas where security can be improved and implementing changes as quickly as possible. Many of these changes are small but together they will create a much more secure system than before.
We have been actively monitoring activity on our network and investigating any reports of suspicious activity. If you believe someone is accessing your account without your permission, please notify our support team as soon as possible with as much information as you can provide.
If anyone has additional questions or concerns feel free to ask and I’ll check back through the comments and answer them.
64 Responses to “Web Hosting Break-Ins, Security Update”
Yes better then getting to know it from others! Thanks 
allthough this kind of breach aint good for the company :/
Thanks guys, at least use this as a lesson, maybe even make a better system of stopping DDos’s? thanks again for warning.
Did I miss the part where you explained how the compromises happened?
When are we going to get the full explanation? I understand that you may not be able to go into the details yet, but this post pretends that we already know the method used by the attackers.
I was hoping on more information than this, but it’s still a reassuring explanation.
What about the step where you start believing your customers when they
report symptoms of such breaches weeks beforehand?
Yes, to improve it and make it more security. I hope you can do it early in future.
I recommend that you block access to anyone coming in from an open relay/proxy.
I wrote a Perl module that checks for this and installs a blackhole route (actually a group of modules but its all one project). I never got the queue-for-retest part working to my satisfaction but in any case do have a look on CPAN at HTTPD::CheckProxy (http://search.cpan.org/author/DHUDES/HTTP-CheckProxy-0.4/lib/HTTP/CheckProxy.pm)
and the associated http://search.cpan.org/author/DHUDES/Net-IP-Route-Reject-0.5/lib/Net/IP/Route/Reject.pm
Net::IP::Route::Reject
all related to HTTPD::ADS (Abuse Detection System).
Re: DOS…mod_dos_evasive is looked on favorably some and then there is mod_security.
“This may have been used to grab our user passwords as part of this breach but there is some evidence suggesting that is not the case.”
I am pleased that DreamHost has tightened the security of the system, but I am concerned that there has been no definitive statement that the company knows exactly what happened. The statement I have quoted above indicates that DreamHost is still unable to determine the cause and is, therefore, reduced to acting on hunches and suspicions.
Now that you are feeling paranoid will you enable ssl for svn now? That would make me happy. Or is it already enabled and I am just clueless?
@Simon - One reason for not publicly disclosing what happened is that other companies may be susceptible to attack.
You may also be right in thinking that DH doesn’t know, but I’ll bet that closing any known door is much better than closing just the door the thieves came in.
“One reason for not publicly disclosing what happened is that other companies may be susceptible to attack.”
I am not suggesting that DreamHost describes exactly what happened. I just want confirmation that they have identified the specific exploit and closed it. There is no indication at all that this has happened, and it leaves me concerned. It is entirely possible that the exploit has been closed by the measures that have been taken, but not knowing for sure is rather disconcerting - particularly as I was a victim on two occasions.
“We have already removed the ability to view your passwords from our web control panel.”
Is there a reason why mysql user passwords can still be viewed in the web control panel?
1. We have already removed the ability to view your passwords from our web control panel.
You can still see the passwords for MySQL users.
OK I swear Steve’s comment was not there when I posted mine.
I won’t leave Dreamhost because of this as I think Dreamhost really cares about security, and still does a really good job securing our servers. I just think the explaination is incomplete. Dreamhost has been very courageous and open for posting this information on the status blog and explaining some facts, but it doesn’t explain how did attackers impersonated other users. Sniffing ftp passwords would let them just to log into the control panel, nothing more. I think Dreamhost has a bunch of bad guys as customers that pay for the account and also would be able to attack the flaws without having to steal passwords, so this part of the explanation is just a smoke screen. Please, tell us all the truth. You could also consider consulting with a very serious security company to do some risk assessment and source code review (I known this could cost too much, so it’s just a suggestion). Some really good security consulting companies are: http://www.matasano.com , http://www.sabre-labs.com , http://www.korelogic.com (all small companies that still have a soul).
SSL is available for email, sort of. The certificates won’t match (they are made for mail.dreamhost.com and my mail servers are different. If you want to make it actually secure, I’d like to be able to trust the certificates. Can I do that?
Why hasn’t FTP been killed completely? Plain text passwords are so 1997.
I see that the original “Security Breach” posting from five days ago has been altered. Josh Jones will apparently NOT be reporting about this in his blog as previously announced.
Oh, darn!
thanks dreamhost! 
I’m glad to see the new strides taken towards tighter security. I’m also glad my accounts weren’t affected during this. My last host used to get attacked so often it was ridiculous. Several times in a year I lost data as a result of them reverting to backups that were ancient. I’m so glad to be with Dreamhost now and I’m one customer that truly appreciates the openness.
Hello.
I have to commend Dreamhost for being public with this break in. Thank you for not being tight-lipped about it, even though my account wasn’t compromised. By not being closed about it, it makes me trust you more as a company.
I am curious about what exactly happened (just like everyone else, I suppose) but I trust that you have a good reason for withholding this information.
Keep it up, DH - By far the best hosting I’ve ever used.
“… we have seen and heard evidence that similar attacks have been successfully made on several other prominent web hosting companies in the past few weeks as well …”
anyone know the company-names for the other hacked hosting companies?
btw thanks DH for making news about the breach more or less open.
Completely agree with TjL, Dreamhost unfortunately encourages users to send email passwords in the clear because of the certificate domain mismatch errors - it makes using secure IMAP too confusing for the average user; any workarounds encourage bad practice.
I can understand that providing valid certs for every registered domain could be pricey; even having a “home” mailserverX.dreamhost.com to use which had a valid cert would be an improvement (or sign the cert for all .dreamhost.com?).
You really shouldn’t encourage users to just dismiss the errors/warnings that come up for domain mismatch (and it completely confuses some users anyway).
Same goes for ssh: changing the public key of a machine when you updgrade/replace hardware then telling users that this “just happens” encourages bad practice.
I’d vote for an automatic backup of server data every week or so. not as if we all have too little space. with 200gb of webspace I’d spare 5gb of backup easily.
oh wow. there was a security breach on the internet? that never happens!
I don’t give a shit that they were hacked. Everyone is gunna get hacked at some point, and having as many features and flexibility as DH does, makes it impossible for it to be impenetrable.
What i do give a shit about, is that they actually told us and fixed the damages(we hope )
My last host got hacked several times. The thing was, they kept getting in over and over and my files kept getting filled with viri, or deleted, or marred some other way(aka mass amounts of porn links). They never said anything, and ended up just freezing all affected accounts. When that didn’t work, they shut down various features.
Hell, they never even let me download my backups. Why? Because that would mean unfreezing my account. Why couldn’t they just let me dl it by some other means? Because the sales rep I was emailing with didn’t know how to. Why didn’t he just have an admin do it? Because they don’t give a fuck.
So I switched here.
I’d vote for an automatic backup of server data every week or so.
They do. And I don’t *think* it counts against your diskspace. I of course could be wrong…
Jez, wanna see something cool? SSH into your server. do “cd .snapshot” and then “ls.” Hourly, daily and weekly backups - only 1-2 weeks old though. Not sure if that’s what you were looking for, but it’s saved my skin a few times
Questions for the author:
Is it true that some user accounts are still being hacked, even after changing FTP and panel passwords?
Is it true that some user accounts are still being hacked even after the user disabled FTP?
Should database passwords also be changed?
Is it true that credit card info was obtained, as some users are claiming? ..or perhaps that is a result of keyloggers they downloaded as a result of the hack.
Appreciate the update.
I can understand the need to control the display of user’s passwords.
BUT, how does one manage multiple domains and users ?
Is there a su for us account holders so we can get the information and access to manage our users ?
Echoing previous posts - how do we get passwords now that they’re not visible in the control panel?
I think that simply removing the plain-text passwords from the control panel is not a good solution. Assuming that you are still storing plain text passwords somewhere, the bad guys can still get them and security has not been improved. By not displaying them on the control panel, it merely inconveniences your legitimate users. I would support either: a) store passwords only as one-way hashes (displaying them would no longer be possible), or b) continue storing in plain text and displaying them. The decision is simply one of convenience over security. Currently, convenience has been decreased without a corresponding increase in security. Suggestion: Allow users to set their main account to encrypted vs. plain-text mode and let them decide for themselves.
@jsl
You don’t, you just reset your password now, if you forget it.
> The best way to improve security is to share information about flaws like this and we hope that being public about this will help.
This is the most professional, mature, and security-conscious statement I’ve ever heard from a hosting company. This is my reason for sticking with DreamHost.
> Tjl: Why hasn’t FTP been killed completely? Plain text passwords are so 1997.
Agreed. Thank you for adding the “turn off FTP” feature for shell accounts.
One other request: Stop sending passwords in account confirmation emails. I cringe anytime I see my plaintext password.
What krp said. Certificate and ssh key warnings shouldn’t be dismissed so easily.
Also, thanks for the update.
Is it true that credit card info was obtained, as some users are claiming?
I believe the first post stated that they tried… but failed.
Some answers to your questions:
Many many of our customers still actively use FTP and we are unable to disable it entirely. We are discussing making the SFTP option be the default for new users but have not come to a decision about that. It may be ’so 1997′ for many of you (and it is for us as well!) but there are a lot of people out there that still rely on it on a day to day basis.
MySQL logins are restricted to only our own network by default so it has not been deemed necessary to remove those from our web panel yet. That may change in the future. You would have to explicitly open up access to outside networks for someone on the outside to be able to get in.
No customer credit card info has been accessed or stolen from our database. If a customer of ours is reporting lost credit card info it must have been stolen from them in another way.
@Mark: We get a lot of reports of hacked websites and we have for many years. We were wrong in this situation and I think we have owned up to that.
Regarding passwords, rest assured that we are taking more steps to update our back-end systems for better security and the steps taken so far are not the end of it. It is not practical for us to store passwords in an undecryptable form due to the requirements of our support team to provide support to you, but there are steps we can take to greatly limit access.
We have heard a few reports of break-ins occurring after the passwords have been changed and we are investigating those as they come in. So far we have seen no indication that the password information is being taken from our system, and we have looked very thoroughly. There have not been very many of these reports and we are still monitoring our network for any signs of remaining security holes. Note that we have also not seen any additional break-ins beyond the ones initially identified via our ftp logs.
First, I like the openness policy of Dreamhost and will continue business and recommend you to the others. I have & manage my own servers as well, and I do understand how hard it is to keep them 100% secure (read: impossible). Being open about it help us all to manage the risks.
@Dana Hudes - mod_security by default is already enabled. You can disable it, but I won’t advise that.
Big kudos to dreamhost for this.
Yes FTP is so 1997, but so many people still live in the 1997. Even my new web designer is one of it, only after spending about an hour did he managed to start using SFTP. Luckily I’m in the position to force this policy to him, but it’s not that easy for Dreamhost.
Balancing ease of use and security is not an easy feat to accomplish, and from my experiences I think Dreamhost is among the most successful around.
Somewhat extending discussion on SFTP etc.
I suggest disabling *all* open passwords (FTP, POP, IMAP, etc) and only using secure (SFTP, POP over SSH etc). Users should have a security screen to see this, and have options to open things up if they really, really want. With lots of warnings of course.
I think Dreamhost can do this with existing accounts, and they should. They can provide info, and track usage to hound users before making the switch. Maybe providing an opt-out for those who need to stay open.
I doubt this was related to the hack (just my guess) but it seems like good practice.
Thanks for those answers Dallas *lick*
I saw some mention of the possibility that the inserted code led to keyloggers being downloaded to individual systems, so perhaps that may be an answer to those post-password change hacks occurring.. I have seen no additional unauthorized access on my space since changing passwords, fortunately. I don’t use IE either. 
Another suggestion to add to Big Numbers’ above - perhaps users who insist on using plain old FTP can be placed on separate servers from users who don’t want plain old FTP available at all.. watch how many of the die-hard FTP users suddenly change their minds about FTP then.. *evil grin*
I think they should start with the dreamhost status blog comments.
Henrik
http://hostingaffect.com/
DavidYin
http://redirect.alexa.com/redirect?seo.g2soft.net
All lead to well known trojan, malware websites that like to hijack your browser.
Nice to see that none of them are hosted by Dreamhost as they are just spammers.
Pop those websites in siteadvisor.com and you get big red Xs. Which I would suspect they are using XSS exploits or something against poor IE users and those without protection.
Just wondering for email and websites it might be a good idea to enable shared certificates, or apply to become an SSL issuer, as I would rather purchase one from Dreamhost then some of these other websites. There is also a security problem with the web ftp as if your session expires and you press back you are taken to the developers website instead of Dreamhosts webftp site.
I would actually recommend customizing and stripping the webftp program down to make sure there are no holes or built in exploits by the developer included.
@ Dallas
> We have heard a few reports of break-ins occurring after the passwords
> have been changed and we are investigating those as they come in. So far
> we have seen no indication that the password information is being taken
> from our system, and we have looked very thoroughly.
I’ll bet you dollars to doughnuts you’re missing something then. I changed passwords on an account Wednesday, June 6th and there were logins via FTP on Friday June 8th.
This account is _never_ accessed by me via a protocol that passes passwords in clear text (SSH/SFTP only) and is only accessed with an OSX machine. The logins only ceased when you enabled the ability to turn off FTP access and I disabled it for that account.
Dallas, contact me if you want the details (steveax -at- pobox -dot- com)
Simon Jessey: Yes, they’re acting on hunches and suspicions just like the police do when they start investigating a crime. They collect evidence and see what the evidence suggests, then they use their experience to investigate where the evidence leads them. Rarely does any criminal leave a note behind syaing what they did, how they did it, and who they are for further questioning.
Dreamhost: ++ for honesty and communication.
I run a zen cart store. Is there any way to to determine if there were hacks into it? I don’t get tons of orders but more than I’ve been getting the last several days since the attack was mentioned. Coincidence or could someone have cleverly sidelined some of my orders and be getting our paypal cash? Just wondering about feasibility of partial hacking, which is what I think I would do to reduce detection.
The credit card I use to pay dreamhost’s account was recently involved in a string of fraudulent purchases overseas- right around the time of this break-in. This is probably unrelated, but is there any evidence that these criminals got into your billing records? Are any other Dreamhost customers seeing fraudulent charges?
The problem is apparently still ongoing. On 2007-06-13 between 15:31 and 15:35 someone ran a script and altered the index.html and index.php files on my site. So far as I know, no one at dreamhost has attempted to contact me prior.
@Preston L. Bannister. Yep, I had three sites hacked yesterday as well. I thought I had changed my FTP password but I may not have. I’m off now to see how I can switch to SFTP for my stuff. I’m the only FTP user so I can get away with it.
My sites definitely got re-hacked *after* I changed the user password. (And I was connecting securely, personally.) After that I changed the user password again, but also changed the panel password, and disallowod FTP logins, and I haven’t been re-hacked since then.
Changing the password on the one account seems (so far) to be all that is needed. Recorded what I have found:
http://bannister.us/weblog/2007/06/15/caught-in-the-dreamhost-security-breach/
I understand that my voice/opinion is only one of the many users this company has, but i am truly disappointed with the handling of this situation. I was one of the unfortunate ones who had his business website defaced several times. I constantly went to support to alert them of this problem, but i was treated with disrespect and was told that the problem was on my end and nothing was wrong with dreamhosts system.
I must have changed my password 4 times, formated my own comp twice due to fear that the problem was on my end and still had my website getting defaced. I have so many domains that i am still in the process of reloading my websites from the backups. If anyone is curious, i havent gotten a chance to load this domain’s info from the backup….but go to http://www.iphone.st to see how a defaced domain name looks like.
I get it these situations happen..”thats life” but if dreamhost could have just listened and looked into this situation when a customer has been with them for so long, but all i got was a robotic response the first time….”change your password”. The second time in a row after a week when it got defaced…i sent an angrier msg to dreamhost and i got “your password isnt secure enough and we are sorry you don’t like that answer” Wtf? Atleast tell me that we will look into it further or something along those lines.
Its the disrespect that bothers me….anyways this is the views of one of your users. If you can please look into the tech support and tell them to kick it down a gear with the HUBRIS and Arrogance that would be appreciated.
dont worry they even close your ftp and http manually without warning.
so they will never take care of you personal information
There are literally 1000s of possible exploits, some of which attack the running services (ftp, etc) and others exploiting poorly written scripts. I have seen many sites defaced because code on the site (say some php script) was exploitable, this includes exploits that allow installation of the C99 shell. And I’ve seen it on every hosting company that I’ve had access to in my work as a programmer. The only real way to be “secure” is to get your own dedicated server (with root access) and hire a professional administrator, in other words, take matters into your own hands.
As an alarm system you could have another server periodically load URLs from your site to determine if content has changed. It won’t stop hacking, but would alert you when things go awry.
As far as I can tell, I haven’t been affected - but even if it happens - well…shit happens and I forgive you guys in advance.
and after using many-many hosts over-the-years, I have found no one else with the combination of price, amazing benefits, and genuine good will towards their customers that DH has. i have been with you for some time now and I gotta say…
DH Rocks!
I’m sorry to say that this whole experience was the last straw for me. I’ve now moved on from Dreamhost.
I was hacked, fixed it, reported it, changed my password and was hacked again before Dreamhost even seemed to be aware of the situation. I’m still not happy with the story being presented by dreamhost, I *only* ever use SFTP to access my sites (WinSCP is just so much nicer to user than any FTP client would be anyway!), and I ran exhaustive scans for viruses, malware, keyloggers on both my machines and found nothing.
In short, I’m still not happy with the official story about what happened.
I’ve since done a bit of research and moved 90% of my sites over to a managed dedicated server, sure - it costs a fair bit more. But if you’re doing anything professional I’ve now come to realise it’s necessary. I wasted nearly a whole week dealing with the fallout of this event, and time is money.
Dreamhost is a bargain, there’s no debating it. But I think this event has shown that perhaps it’s got a bit _too_ big to handle situations like this with the required amount of customer care.
I’ll still be using my Dreamhost account until it expires for file storage, but I’ve now moved on to a smaller and better things.
Glad to see the ability to disable FTP has finally come to pass. This was a suggestion I’d posted over a year ago, I would only transfer files with scp/sftp anyway, but not being able to disable clear text logins was a disaster waiting to happen. Too bad it took a security breach to make it a reality. Totally disabling it for everyone makes sense as there are many less than properly educated folks out there that still that don’t know better…yet. I hope there is a plan in place to get the word out to new (and existing customers) of how and better yet WHY to use a secure transport mechanism, there are dozens of free tools out there for windoze folks too.
You should force all users to use SFTP and make no exceptions. One of the risks with a shared hosting environment is that all it takes is one end user’s account to be compromised which can then lead to a security foothold that can then compromise all other shared accounts on that server or network.
For example, how many users use FTP at work or at public access points? It happens. The larger your user community, the more likely at least one host will be compromised at some point.
Somehow I doubt the forbidding FTP and requiring SFTP would have made any difference in this case. So far the DreamHost folks have said nothing specific about how all the FTP passwords got disclosed. My first guess would be a crack in some of the hosting software - say something that allowed SQL injection.
Yes, sending plaintext passwords across the internet is not especially secure, but only if one of the bad guys has access to and has subverted one of the intermediate nodes. Do a traceroute between your machine and DreamHost. It would have to be one of those machines that was subverted (or a machine on the same subnet). In my case:
traceroute to http://ftp.bannister.us (208.97.130.244), 30 hops max, 40 byte packets
1 gateway.bannister.home (192.168.1.1) 7.496 ms 0.267 ms 0.188 ms
2 ip70-181-68-1.oc.oc.cox.net (70.181.68.1) 9.654 ms 8.961 ms 8.765 ms
3 ip68-4-14-141.oc.oc.cox.net (68.4.14.141) 8.688 ms 9.195 ms 7.867 ms
4 rsmtdsrj02-ge600.0.rd.oc.cox.net (68.4.14.213) 21.449 ms 9.425 ms 7.846 ms
5 langbbr01-as0.r2.la.cox.net (68.1.0.230) 11.677 ms 11.681 ms 13.279 ms
6 68.105.30.190 (68.105.30.190) 24.827 ms 24.014 ms 25.927 ms
7 core1.lax.inappnet-12.cr1.lax009.internap.net (66.79.149.130) 17.736 ms 15.801 ms 15.967 ms
8 border1.po2-bbnet2.ext1a.lax.pnap.net (216.52.255.95) 12.592 ms 12.024 ms 11.789 ms
9 newdream-1.border1.ext1a.lax.pnap.net (216.52.220.78) 12.599 ms 12.646 ms 12.655 ms
10 apache2-argon.rexford.dreamhost.com (208.97.130.244) 12.499 ms 11.665 ms 11.065 ms
My FTP password was taken. Were all the DreamHost customers caught in the breach also Cox customers? I doubt this. Did the bad guys subvert a node on the backbone? Very unlikely (then this would be a lot more than just a DreamHost problem). That leaves machines on the DreamHost network. Was a machine managed by DreamHost subverted? Possible - but my guess is the methods to avoid and detect subversion of machines at a hosting service are well known even to the DreamHost folks.
That really leaves two most-likely possibilities. First, the DreamHost software was written by young, enthusiastic guys who more than likely did not know what could cause them trouble, and thus were vulnerable to one of the more common attacks. The next most likely possibility is a “social engineering” attack. Someone working at DreamHost either intentionally or unintentionally gave the bad guys access.
My guess is that SFTP versus FTP would have made no difference, in this instance.
If something like this happens again I swear I will cancel my account. If you cannot secure FTP passwords you need to close doors. Since the hacking they gained access to my e-mail accounts and from there gained access to my eBay account by reading e-mails I received through eBay. There is no telling what other sort of information they gained as a result of gaining those FTP passwords. I’m having to deal with retarded eBay representatives and all sort of stuff. If you need more money to be able to properly secure your servers then please notify us and I will gladly pay more if it means I don’t have to go through this bullshit again.
By reading the comments here you’ve already lost customers as a result of this stupid oversight.
If something like this happens again I swear I will cancel my account. If you cannot secure FTP passwords you need to close doors. Since the hacking they gained access to my e-mail accounts and from there gained access to my eBay account by reading e-mails I received through eBay.
And your inability to pick a different password for email than for FTP is DH’s fault how? That’s what I thought.
You thought incorrectly.
Some people got their panel hacked into as well as FTP and I was one of them. They got a list of FTP accounts and passwords along with a short list of panel accounts and passwords before Dreamhost caught it. I have the e-mail to prove it urging me to change my password immediately. Before I knew it they gained access to my FTP account, downloaded everything off of my server then got into the panel and gained all my information from there as well including adding in some MySQL databases (I didn’t have any prior to their hacking). My panel uses and has used a different password since I’ve started being hosted here. From there they gained access to my e-mail account, altered my postmaster e-mail account, and had all my e-mail from my e-mail account forwarded also to that one. During all of this I changed my passwords across the board and eBay has the bright idea of including your changed password in the confirmation e-mail. From there they gained access to my eBay account and then started trying to sell things on eBay.
This all started from that security hole.
In addition I’m perhaps more angry at eBay than I am at Dreamhost because really stuff like this security breach happens. It doesn’t make it any less of a headache especially for the ones that got hit badly such as myself. A couple of my friends and family have websites on Dreamhost and only one other of them had their panel hacked into as well.
I find it even more alarming that eBay contains your changed password in the confirmation e-mail. I’m dealing with those idiots to get that practice stopped. I’m just stating that if something like this happens again (and it probably won’t considering they probably handled the aftermath properly) I will have to go somewhere else for my hosting. I’m as happy as I can be with Dreamhost; it’s just that this security breach was nothing but a headache for me (and apparently for them, too).
I have to say that I commend you guys for being so open and honest about these sorts of things. The bottom line is that this IS going to happen sometime, and trying to keep a tight lip about it doesn’t help your or anyone’s case. So, you’ve done a good job. I think it’s also dangerous that some people wanted details as to how it happened. That’s just looking for trouble. We have to trust that you knew (or, now know) and that the holes have sufficiently been closed. Good job again!
Thank you for sharing with us your security measures. The best about you is you constantly communicate with us making us feel that somehow somewhere there are people out there who work with us.
I wish you all the best,
John
Great that you guys are so open about this and that action has been taken.