[olug] *nix website hosting / security question
dynatron at gmail.com
Fri Mar 9 19:09:16 UTC 2012
if you connect via simple ftp it is extremely easy to shark the password in
a variety of situations. ftp login is something that most hosting companies
still use, but shouldn't.
On Mar 8, 2012 8:12 AM, "Kevin" <sharpestmarble at gmail.com> wrote:
> Dreamhost is a very large provider. I doubt that they were hacked. However,
> they did post a security-related tweet yesterday, so evaluate that for
> yourself. I would be looking at more generic security stuff, however. Bad
> and/or guessed and/or re-used password, phished, virus on computer used to
> upload to website, etc.
> On Mar 7, 2012 9:07 PM, "Sam Tetherow" <tetherow at shwisp.net> wrote:
> > There was a Plesk whole released earlier in the week as well, although
> > would think dreamhost would be on top of something like that. Best bet
> > figure out what they are using for a website as mentioned below and check
> > known vulnerabilities. Both Drupal and Wordpress have pretty easy
> > paths as long as there is not custom modules (and even then it probably
> > won't be difficult unless moving major versions).
> > On 03/07/2012 07:38 PM, T. J. Brumfield wrote:
> >> Where they using a common CMS package like Wordpress, Joomla or Drupal?
> >> They're both blessings and curses. They have tons of extensions and are
> >> easy to get something going, but they have known security
> >> for old versions and are frequently targeted. Just yesterday I was
> >> another story that people were compromising old Wordpress sites again to
> >> spread malware.
> >> http://www.networkworld.com/**news/2012/030712-fake-av-**
> >> attack-targets-wordpress-**257030.html?hpg1=bn<
> >> The lesson is to keep your install up to date.
> >> On Wed, Mar 7, 2012 at 7:35 PM, Jordan Fox<vmifox at gmail.com> wrote:
> >> I have a co-worker who's husband's company website (it's his company)
> >>> was hacked. The hacker is continuously loading malware onto the
> >>> website. She's a solaris admin, so she knows a lot about computers.
> >>> She's not sure if it was the website that was hacked or the provider.
> >>> The provider is Dreamhost. Her husband has a contract with a company
> >>> called Securi (she thinks that's what it's called) to monitor and
> >>> remove malware from the website, but they can't keep up with the
> >>> hacker.
> >>> I'm sending the email to ask if 1) anyone can provide some insight
> >>> into the two companies mentioned - i.e how likely is it that it was
> >>> Dreamhost that was hacked and not their website (who's problem is it
> >>> and, therefore, who is responsible to fix it)- and 2) her and her
> >>> husband are looking to contract with someone to analyse their current
> >>> situation to provide, and possibly implement, a solution.
> >>> These are all the details that I have. I know there are some really
> >>> knowledgeable people on this list and told her I'd pass along the
> >>> above information / requests. If anyone is interested in helping, let
> >>> me know and I'll get you in contact with them.
> >>> Thanks,
> >>> Jordan
> >>> ------------------------------**------------------------------**
> >>> ---------------------
> >>> "Do not be anxious about anything, but in everything, by prayer and
> >>> petition, with thanksgiving, present your requests to God. And the
> >>> peace of God, which transcends all understanding, will guard your
> >>> hearts and minds in Christ Jesus." Phil 4:6-7
> >>> "The shortest distance between a problem and a solution is the
> >>> distance between your knees and the floor." Anonymous
> >>> ______________________________**_________________
> >>> OLUG mailing list
> >>> OLUG at olug.org
> >>> https://lists.olug.org/**mailman/listinfo/olug<
> > ______________________________**_________________
> > OLUG mailing list
> > OLUG at olug.org
> > https://lists.olug.org/**mailman/listinfo/olug<
> OLUG mailing list
> OLUG at olug.org
More information about the OLUG