[Steering Committee] Fwd: [tlh 116912912] DreamHost Security Alert - Site Compromised.
Jason Lee
jason at steeplesoft.com
Thu Mar 17 12:59:54 PDT 2016
This sounds fun. I'll look into this...soon.
-------- Forwarded Message --------
Subject: [tlh 116912912] DreamHost Security Alert - Site Compromised.
Date: Wed, 16 Mar 2016 15:53:53 -0700 (PDT)
From: DreamHost Security Team <secalerts at dreamhost.com>
<secalerts at dreamhost.com>
To: jason at steeplesoft.com
Hello Jason,
We have recently scanned one or more users on your DreamHost account for
potential security threats. Unfortunately, we found some potential
indications that your website(s) *may* be compromised.
We understand that this may not be the best news you can get. This
notification is intended to help you through the process and serve as
a starting point to assist you in getting your account cleaned and
secured. While we won't be able to complete these processes for you, if
you have any questions about the items that follow please don't hesitate
to reply to this email and we will be happy to clarify any points or
offer any further guidance to help you through getting your account back
to normal.
We have identified attacker-added malicious content, which may include
malware such as backdoor shells, adware, botnet, and spammer scripts.
The following file(s) specifically have been identified as attacker-added
malware. These files have been DISABLED by setting their permissions to 200
(Owner write-only). These files should be audited and either replaced with
known good versions or, if not legitimate site components, removed
altogether:
/home/okcjug/okcjug.org/wp/wp-includes/Text/Diff/Renderer/default.php
The existence of this known attacker content indicates that your website
or user password has been compromised. You or a trusted webmaster will
need to determine the attack vector and then take actions to mitigate
further exploit:
http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites#Determining_the_Hack_Method
http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites#Preventing_Future_Hacks
The following files/directories had insecure permissions (777), which
have been remediated.
/home/okcjug/okcjug.org/wp/wp-content/plugins/wp-hashcash/hashes/o.out
/home/okcjug/okcjug.org/wp/wp-content/plugins/wp-hashcash/hashes/o4.out
Additionally, the following steps should be taken to ensure password
security.
* Change your users password(s) by clicking under the Action Column for
that user in our Web Panel:
https://panel.dreamhost.com/index.cgi?tree=users.users
* Change your database password(s) by clicking the database username in
our Web Panel: https://panel.dreamhost.com/index.cgi?tree=goodies.mysql
IMPORTANT: You may need to modify your site's configuration file to
reflect the new password.
* Use a complex (8-31 characters) password or passphrase that contains
mixed case letters, numbers, and symbols. You should avoid using
dictionary words (in any language), names, dates, addresses, phone
numbers, etc. as these can potentially be guessed or acquired through
other sources. The username that the password is being used for, or the
domain name/site name the user is attached to should never be included
in any part of the password. Also note that it is a good idea to
periodically change your passwords.
If you have any questions, please reply to this email and we will be
more than happy to assist you with securing your sites.
Please also see http://wiki.dreamhost.com/Security
Sincerely,
DreamHost Security Bot
------------------------------------------------------------------------
To unsubscribe from all automatic notifications, please visit this link
in your web browser:
https://panel.dreamhost.com/unsubscribe.cgi?email=jason%40steeplesoft%2Ecom&token=hbfB9wGqyToTGl7-1u34
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okcjug.org/pipermail/sc-okcjug.org/attachments/20160317/21e56fbd/attachment.htm>
More information about the sc
mailing list