<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=windows-1252">
</head>
<body bgcolor="#FFFFFF" text="#000000">
This sounds fun. I'll look into this...soon.<br>
<div class="moz-forward-container"><br>
<br>
-------- Forwarded Message --------
<table class="moz-email-headers-table" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject:
</th>
<td>[tlh 116912912] DreamHost Security Alert - Site
Compromised.</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date: </th>
<td>Wed, 16 Mar 2016 15:53:53 -0700 (PDT)</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">From: </th>
<td>DreamHost Security Team <a class="moz-txt-link-rfc2396E" href="mailto:secalerts@dreamhost.com"><secalerts@dreamhost.com></a>
<a class="moz-txt-link-rfc2396E" href="mailto:secalerts@dreamhost.com"><secalerts@dreamhost.com></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">To: </th>
<td><a class="moz-txt-link-abbreviated" href="mailto:jason@steeplesoft.com">jason@steeplesoft.com</a></td>
</tr>
</tbody>
</table>
<br>
<br>
<p>Hello Jason,
</p>
<p>We have recently scanned one or more users on your DreamHost
account for
<br>
potential security threats. Unfortunately, we found some
potential
<br>
indications that your website(s) *may* be compromised.
</p>
<p>We understand that this may not be the best news you can get.
This
<br>
notification is intended to help you through the process and
serve as
<br>
a starting point to assist you in getting your account cleaned
and
<br>
secured. While we won't be able to complete these processes for
you, if
<br>
you have any questions about the items that follow please don't
hesitate
<br>
to reply to this email and we will be happy to clarify any
points or
<br>
offer any further guidance to help you through getting your
account back to normal.
</p>
<p>
</p>
<p>We have identified attacker-added malicious content, which may
include
<br>
malware such as backdoor shells, adware, botnet, and spammer
scripts.
</p>
<p>The following file(s) specifically have been identified as
attacker-added
<br>
malware. These files have been DISABLED by setting their
permissions to 200
<br>
(Owner write-only). These files should be audited and either
replaced with
<br>
known good versions or, if not legitimate site components,
removed altogether:
</p>
<p>/home/okcjug/okcjug.org/wp/wp-includes/Text/Diff/Renderer/default.php
</p>
<p>
</p>
<p>The existence of this known attacker content indicates that
your website
<br>
or user password has been compromised. You or a trusted
webmaster will
<br>
need to determine the attack vector and then take actions to
mitigate
<br>
further exploit:
</p>
<p><a class="moz-txt-link-freetext" href="http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites#Determining_the_Hack_Method">http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites#Determining_the_Hack_Method</a>
</p>
<p><a class="moz-txt-link-freetext" href="http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites#Preventing_Future_Hacks">http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites#Preventing_Future_Hacks</a>
</p>
<p>The following files/directories had insecure permissions (777),
which
<br>
have been remediated.
</p>
<p>/home/okcjug/okcjug.org/wp/wp-content/plugins/wp-hashcash/hashes/o.out<br>
/home/okcjug/okcjug.org/wp/wp-content/plugins/wp-hashcash/hashes/o4.out
</p>
<p>
</p>
<p>Additionally, the following steps should be taken to ensure
password
<br>
security.
</p>
<ul>
<li>Change your users password(s) by clicking under the Action
Column for
<br>
that user in our Web Panel:
<a class="moz-txt-link-freetext" href="https://panel.dreamhost.com/index.cgi?tree=users.users">https://panel.dreamhost.com/index.cgi?tree=users.users</a></li>
<li>Change your database password(s) by clicking the database
username in
<br>
our Web Panel:
<a class="moz-txt-link-freetext" href="https://panel.dreamhost.com/index.cgi?tree=goodies.mysql">https://panel.dreamhost.com/index.cgi?tree=goodies.mysql</a></li>
</ul>
<p>IMPORTANT: You may need to modify your site's configuration
file to
<br>
reflect the new password.
</p>
<ul>
<li>Use a complex (8-31 characters) password or passphrase that
contains
<br>
mixed case letters, numbers, and symbols. You should avoid
using
<br>
dictionary words (in any language), names, dates, addresses,
phone
<br>
numbers, etc. as these can potentially be guessed or acquired
through
<br>
other sources. The username that the password is being used
for, or the
<br>
domain name/site name the user is attached to should never be
included
<br>
in any part of the password. Also note that it is a good idea
to
<br>
periodically change your passwords.
</li>
</ul>
<p>
</p>
<p>If you have any questions, please reply to this email and we
will be
<br>
more than happy to assist you with securing your sites.
</p>
<p>Please also see <a class="moz-txt-link-freetext" href="http://wiki.dreamhost.com/Security">http://wiki.dreamhost.com/Security</a>
</p>
<p>
</p>
<p>Sincerely,
</p>
<p>DreamHost Security Bot
<br>
<br>
</p>
<hr><br>
<br>
To unsubscribe from all automatic notifications, please visit this
link in your web browser: <a moz-do-not-send="true"
href="https://panel.dreamhost.com/unsubscribe.cgi?email=jason%40steeplesoft%2Ecom&token=hbfB9wGqyToTGl7-1u34">https://panel.dreamhost.com/unsubscribe.cgi?email=jason%40steeplesoft%2Ecom&token=hbfB9wGqyToTGl7-1u34</a>
<br>
</div>
<br>
</body>
</html>