[Steering Committee] Fwd: [tlh 116912912] DreamHost Security Alert - Site Compromised.

Chad Gorshing gorshing at gmail.com
Thu Mar 17 14:30:19 PDT 2016 

hmmm - maybe a good time to move to a static site like gh-pages?

On Thu, Mar 17, 2016 at 2:59 PM, Jason Lee <jason at steeplesoft.com> wrote:

> This sounds fun. I'll look into this...soon.
>
>
> -------- Forwarded Message --------
> Subject: [tlh 116912912] DreamHost Security Alert - Site Compromised.
> Date: Wed, 16 Mar 2016 15:53:53 -0700 (PDT)
> From: DreamHost Security Team <secalerts at dreamhost.com>
> <secalerts at dreamhost.com> <secalerts at dreamhost.com>
> <secalerts at dreamhost.com>
> To: jason at steeplesoft.com
>
> Hello Jason,
>
> We have recently scanned one or more users on your DreamHost account for
> potential security threats. Unfortunately, we found some potential
> indications that your website(s) *may* be compromised.
>
> We understand that this may not be the best news you can get. This
> notification is intended to help you through the process and serve as
> a starting point to assist you in getting your account cleaned and
> secured. While we won't be able to complete these processes for you, if
> you have any questions about the items that follow please don't hesitate
> to reply to this email and we will be happy to clarify any points or
> offer any further guidance to help you through getting your account back
> to normal.
>
> We have identified attacker-added malicious content, which may include
> malware such as backdoor shells, adware, botnet, and spammer scripts.
>
> The following file(s) specifically have been identified as attacker-added
> malware. These files have been DISABLED by setting their permissions to
> 200
> (Owner write-only). These files should be audited and either replaced with
> known good versions or, if not legitimate site components, removed
> altogether:
>
> /home/okcjug/okcjug.org/wp/wp-includes/Text/Diff/Renderer/default.php
>
> The existence of this known attacker content indicates that your website
> or user password has been compromised. You or a trusted webmaster will
> need to determine the attack vector and then take actions to mitigate
> further exploit:
>
>
> http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites#Determining_the_Hack_Method
>
>
> http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites#Preventing_Future_Hacks
>
> The following files/directories had insecure permissions (777), which
> have been remediated.
>
> /home/okcjug/okcjug.org/wp/wp-content/plugins/wp-hashcash/hashes/o.out
> /home/okcjug/okcjug.org/wp/wp-content/plugins/wp-hashcash/hashes/o4.out
>
> Additionally, the following steps should be taken to ensure password
> security.
>
>    - Change your users password(s) by clicking under the Action Column
>    for
>    that user in our Web Panel:
>    https://panel.dreamhost.com/index.cgi?tree=users.users
>    - Change your database password(s) by clicking the database username
>    in
>    our Web Panel: https://panel.dreamhost.com/index.cgi?tree=goodies.mysql
>
> IMPORTANT: You may need to modify your site's configuration file to
> reflect the new password.
>
>    - Use a complex (8-31 characters) password or passphrase that contains
>    mixed case letters, numbers, and symbols. You should avoid using
>    dictionary words (in any language), names, dates, addresses, phone
>    numbers, etc. as these can potentially be guessed or acquired through
>    other sources. The username that the password is being used for, or
>    the
>    domain name/site name the user is attached to should never be included
>    in any part of the password. Also note that it is a good idea to
>    periodically change your passwords.
>
> If you have any questions, please reply to this email and we will be
> more than happy to assist you with securing your sites.
>
> Please also see http://wiki.dreamhost.com/Security
>
> Sincerely,
>
> DreamHost Security Bot
>
> ------------------------------
>
>
> To unsubscribe from all automatic notifications, please visit this link in
> your web browser:
> https://panel.dreamhost.com/unsubscribe.cgi?email=jason%40steeplesoft%2Ecom&token=hbfB9wGqyToTGl7-1u34
>
>
> _______________________________________________
> sc mailing list
> sc at lists.okcjug.org
> http://lists.okcjug.org/listinfo.cgi/sc-okcjug.org
> http://wiki.okcjug.org
> http://tech.groups.yahoo.com/group/okcjug/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okcjug.org/pipermail/sc-okcjug.org/attachments/20160317/b3c3964e/attachment-0002.htm>

More information about the sc mailing list