[Steering Committee] Fwd: [tlh 116912912] DreamHost Security Alert - Site Compromised.

Jason Lee jason at steeplesoft.com
Thu Mar 17 14:48:00 PDT 2016 

Exactly what I was thinking.

On 3/17/16 4:30 PM, Chad Gorshing wrote:
> hmmm - maybe a good time to move to a static site like gh-pages?
>
> On Thu, Mar 17, 2016 at 2:59 PM, Jason Lee <jason at steeplesoft.com 
> <mailto:jason at steeplesoft.com>> wrote:
>
>     This sounds fun. I'll look into this...soon.
>
>
>     -------- Forwarded Message --------
>     Subject: 	[tlh 116912912] DreamHost Security Alert - Site
>     Compromised.
>     Date: 	Wed, 16 Mar 2016 15:53:53 -0700 (PDT)
>     From: 	DreamHost Security Team <secalerts at dreamhost.com>
>     <mailto:secalerts at dreamhost.com> <secalerts at dreamhost.com>
>     <mailto:secalerts at dreamhost.com>
>     To: 	jason at steeplesoft.com <mailto:jason at steeplesoft.com>
>
>
>
>     Hello Jason,
>
>     We have recently scanned one or more users on your DreamHost
>     account for
>     potential security threats. Unfortunately, we found some potential
>     indications that your website(s) *may* be compromised.
>
>     We understand that this may not be the best news you can get. This
>     notification is intended to help you through the process and serve as
>     a starting point to assist you in getting your account cleaned and
>     secured. While we won't be able to complete these processes for
>     you, if
>     you have any questions about the items that follow please don't
>     hesitate
>     to reply to this email and we will be happy to clarify any points or
>     offer any further guidance to help you through getting your
>     account back to normal.
>
>     We have identified attacker-added malicious content, which may
>     include
>     malware such as backdoor shells, adware, botnet, and spammer scripts.
>
>     The following file(s) specifically have been identified as
>     attacker-added
>     malware. These files have been DISABLED by setting their
>     permissions to 200
>     (Owner write-only). These files should be audited and either
>     replaced with
>     known good versions or, if not legitimate site components, removed
>     altogether:
>
>     /home/okcjug/okcjug.org/wp/wp-includes/Text/Diff/Renderer/default.php
>     <http://okcjug.org/wp/wp-includes/Text/Diff/Renderer/default.php>
>
>     The existence of this known attacker content indicates that your
>     website
>     or user password has been compromised. You or a trusted webmaster
>     will
>     need to determine the attack vector and then take actions to mitigate
>     further exploit:
>
>     http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites#Determining_the_Hack_Method
>
>
>     http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites#Preventing_Future_Hacks
>
>
>     The following files/directories had insecure permissions (777), which
>     have been remediated.
>
>     /home/okcjug/okcjug.org/wp/wp-content/plugins/wp-hashcash/hashes/o.out
>     <http://okcjug.org/wp/wp-content/plugins/wp-hashcash/hashes/o.out>
>     /home/okcjug/okcjug.org/wp/wp-content/plugins/wp-hashcash/hashes/o4.out
>     <http://okcjug.org/wp/wp-content/plugins/wp-hashcash/hashes/o4.out>
>
>     Additionally, the following steps should be taken to ensure password
>     security.
>
>       * Change your users password(s) by clicking under the Action
>         Column for
>         that user in our Web Panel:
>         https://panel.dreamhost.com/index.cgi?tree=users.users
>       * Change your database password(s) by clicking the database
>         username in
>         our Web Panel:
>         https://panel.dreamhost.com/index.cgi?tree=goodies.mysql
>
>     IMPORTANT: You may need to modify your site's configuration file to
>     reflect the new password.
>
>       * Use a complex (8-31 characters) password or passphrase that
>         contains
>         mixed case letters, numbers, and symbols. You should avoid using
>         dictionary words (in any language), names, dates, addresses,
>         phone
>         numbers, etc. as these can potentially be guessed or acquired
>         through
>         other sources. The username that the password is being used
>         for, or the
>         domain name/site name the user is attached to should never be
>         included
>         in any part of the password. Also note that it is a good idea to
>         periodically change your passwords.
>
>     If you have any questions, please reply to this email and we will be
>     more than happy to assist you with securing your sites.
>
>     Please also see http://wiki.dreamhost.com/Security
>
>     Sincerely,
>
>     DreamHost Security Bot
>
>     ------------------------------------------------------------------------
>
>
>     To unsubscribe from all automatic notifications, please visit this
>     link in your web browser:
>     https://panel.dreamhost.com/unsubscribe.cgi?email=jason%40steeplesoft%2Ecom&token=hbfB9wGqyToTGl7-1u34
>
>
>
>     _______________________________________________
>     sc mailing list
>     sc at lists.okcjug.org <mailto:sc at lists.okcjug.org>
>     http://lists.okcjug.org/listinfo.cgi/sc-okcjug.org
>     http://wiki.okcjug.org
>     http://tech.groups.yahoo.com/group/okcjug/
>
>
>
>
> _______________________________________________
> sc mailing list
> sc at lists.okcjug.org
> http://lists.okcjug.org/listinfo.cgi/sc-okcjug.org
> http://wiki.okcjug.org
> http://tech.groups.yahoo.com/group/okcjug/

-- 
Jason Lee
http://cubtracker.com
http://blogs.steeplesoft.com
http://twitter.com/jasondlee
http://blogs.steeplesoft.com/+
http://blogs.steeplesoft.com/in

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okcjug.org/pipermail/sc-okcjug.org/attachments/20160317/cfee1f3d/attachment-0002.htm>

More information about the sc mailing list