[olug] *nix website hosting / security question

Kevin sharpestmarble at gmail.com
Thu Mar 8 14:12:36 UTC 2012

Dreamhost is a very large provider. I doubt that they were hacked. However,
they did post a security-related tweet yesterday, so evaluate that for
yourself. I would be looking at more generic security stuff, however. Bad
and/or guessed and/or re-used password, phished, virus on computer used to
upload to website, etc.
On Mar 7, 2012 9:07 PM, "Sam Tetherow" <tetherow at shwisp.net> wrote:

> There was a Plesk whole released earlier in the week as well, although one
> would think dreamhost would be on top of something like that.  Best bet is
> figure out what they are using for a website as mentioned below and check
> known vulnerabilities.  Both Drupal and Wordpress have pretty easy upgrade
> paths as long as there is not custom modules (and even then it probably
> won't be difficult unless moving major versions).
> On 03/07/2012 07:38 PM, T. J. Brumfield wrote:
>> Where they using a common CMS package like Wordpress, Joomla or Drupal?
>> They're both blessings and curses. They have tons of extensions and are
>> easy to get something going, but they have known security vulnerabilities
>> for old versions and are frequently targeted. Just yesterday I was reading
>> another story that people were compromising old Wordpress sites again to
>> spread malware.
>> http://www.networkworld.com/**news/2012/030712-fake-av-**
>> attack-targets-wordpress-**257030.html?hpg1=bn<http://www.networkworld.com/news/2012/030712-fake-av-attack-targets-wordpress-257030.html?hpg1=bn>
>> The lesson is to keep your install up to date.
>> On Wed, Mar 7, 2012 at 7:35 PM, Jordan Fox<vmifox at gmail.com>  wrote:
>>  I have a co-worker who's husband's company website (it's his company)
>>> was hacked.  The hacker is continuously loading malware onto the
>>> website.  She's a solaris admin, so she knows a lot about computers.
>>> She's not sure if it was the website that was hacked or the provider.
>>> The provider is Dreamhost.  Her husband has a contract with a company
>>> called Securi (she thinks that's what it's called) to monitor and
>>> remove malware from the website, but they can't keep up with the
>>> hacker.
>>> I'm sending the email to ask if 1) anyone can provide some insight
>>> into the two companies mentioned  - i.e how likely is it that it was
>>> Dreamhost that was hacked and not their website (who's problem is it
>>> and, therefore, who is responsible to fix it)- and 2) her and her
>>> husband are looking to contract with someone to analyse their current
>>> situation to provide, and possibly implement, a solution.
>>> These are all the details that I have.  I know there are some really
>>> knowledgeable people on this list and told her I'd pass along the
>>> above information / requests.  If anyone is interested in helping, let
>>> me know and I'll get you in contact with them.
>>> Thanks,
>>> Jordan
>>> ------------------------------**------------------------------**
>>> ---------------------
>>> "Do not be anxious about anything, but in everything, by prayer and
>>> petition, with thanksgiving, present your requests to God.  And the
>>> peace of God, which transcends all understanding, will guard your
>>> hearts and minds in Christ Jesus."  Phil 4:6-7
>>> "The shortest distance between a problem and a solution is the
>>> distance between your knees and the floor."  Anonymous
>>> ______________________________**_________________
>>> OLUG mailing list
>>> OLUG at olug.org
>>> https://lists.olug.org/**mailman/listinfo/olug<https://lists.olug.org/mailman/listinfo/olug>
> ______________________________**_________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/**mailman/listinfo/olug<https://lists.olug.org/mailman/listinfo/olug>

More information about the OLUG mailing list