<div dir="ltr">hmmm - maybe a good time to move to a static site like gh-pages?<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 17, 2016 at 2:59 PM, Jason Lee <span dir="ltr"><<a href="mailto:jason@steeplesoft.com" target="_blank">jason@steeplesoft.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

  <div bgcolor="#FFFFFF" text="#000000">

    This sounds fun. I'll look into this...soon.<br>

    <div><br>

      <br>

      -------- Forwarded Message --------

      <table border="0" cellpadding="0" cellspacing="0">

        <tbody>

          <tr>

            <th align="RIGHT" nowrap valign="BASELINE">Subject:

            </th>

            <td>[tlh 116912912] DreamHost Security Alert - Site

              Compromised.</td>

          </tr>

          <tr>

            <th align="RIGHT" nowrap valign="BASELINE">Date: </th>

            <td>Wed, 16 Mar 2016 15:53:53 -0700 (PDT)</td>

          </tr>

          <tr>

            <th align="RIGHT" nowrap valign="BASELINE">From: </th>

            <td>DreamHost Security Team <a href="mailto:secalerts@dreamhost.com" target="_blank"><secalerts@dreamhost.com></a>

              <a href="mailto:secalerts@dreamhost.com" target="_blank"><secalerts@dreamhost.com></a></td>

          </tr>

          <tr>

            <th align="RIGHT" nowrap valign="BASELINE">To: </th>

            <td><a href="mailto:jason@steeplesoft.com" target="_blank">jason@steeplesoft.com</a></td>

          </tr>

        </tbody>

      </table>

      <br>

      <br>

      <p>Hello Jason,

      </p>

      <p>We have recently scanned one or more users on your DreamHost

        account for

        <br>

        potential security threats. Unfortunately, we found some

        potential

        <br>

        indications that your website(s) *may* be compromised.

      </p>

      <p>We understand that this may not be the best news you can get.

        This

        <br>

        notification is intended to help you through the process and

        serve as

        <br>

        a starting point to assist you in getting your account cleaned

        and

        <br>

        secured. While we won't be able to complete these processes for

        you, if

        <br>

        you have any questions about the items that follow please don't

        hesitate

        <br>

        to reply to this email and we will be happy to clarify any

        points or

        <br>

        offer any further guidance to help you through getting your

        account back to normal.

      </p>

      <p>

      </p>

      <p>We have identified attacker-added malicious content, which may

        include

        <br>

        malware such as backdoor shells, adware, botnet, and spammer

        scripts.

      </p>

      <p>The following file(s) specifically have been identified as

        attacker-added

        <br>

        malware. These files have been DISABLED by setting their

        permissions to 200

        <br>

        (Owner write-only). These files should be audited and either

        replaced with

        <br>

        known good versions or, if not legitimate site components,

        removed altogether:

      </p>

      <p>/home/okcjug/<a href="http://okcjug.org/wp/wp-includes/Text/Diff/Renderer/default.php" target="_blank">okcjug.org/wp/wp-includes/Text/Diff/Renderer/default.php</a>

      </p>

      <p>

      </p>

      <p>The existence of this known attacker content indicates that

        your website

        <br>

        or user password has been compromised. You or a trusted

        webmaster will

        <br>

        need to determine the attack vector and then take actions to

        mitigate

        <br>

        further exploit:

      </p>

      <p><a href="http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites#Determining_the_Hack_Method" target="_blank">http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites#Determining_the_Hack_Method</a>

      </p>

      <p><a href="http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites#Preventing_Future_Hacks" target="_blank">http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites#Preventing_Future_Hacks</a>

      </p>

      <p>The following files/directories had insecure permissions (777),

        which

        <br>

        have been remediated.

      </p>

      <p>/home/okcjug/<a href="http://okcjug.org/wp/wp-content/plugins/wp-hashcash/hashes/o.out" target="_blank">okcjug.org/wp/wp-content/plugins/wp-hashcash/hashes/o.out</a><br>

/home/okcjug/<a href="http://okcjug.org/wp/wp-content/plugins/wp-hashcash/hashes/o4.out" target="_blank">okcjug.org/wp/wp-content/plugins/wp-hashcash/hashes/o4.out</a>

      </p>

      <p>

      </p>

      <p>Additionally, the following steps should be taken to ensure

        password

        <br>

        security.

      </p>

      <ul>

        <li>Change your users password(s) by clicking under the Action

          Column for

          <br>

          that user in our Web Panel:

          <a href="https://panel.dreamhost.com/index.cgi?tree=users.users" target="_blank">https://panel.dreamhost.com/index.cgi?tree=users.users</a></li>

        <li>Change your database password(s) by clicking the database

          username in

          <br>

          our Web Panel:

          <a href="https://panel.dreamhost.com/index.cgi?tree=goodies.mysql" target="_blank">https://panel.dreamhost.com/index.cgi?tree=goodies.mysql</a></li>

      </ul>

      <p>IMPORTANT: You may need to modify your site's configuration

        file to

        <br>

        reflect the new password.

      </p>

      <ul>

        <li>Use a complex (8-31 characters) password or passphrase that

          contains

          <br>

          mixed case letters, numbers, and symbols. You should avoid

          using

          <br>

          dictionary words (in any language), names, dates, addresses,

          phone

          <br>

          numbers, etc. as these can potentially be guessed or acquired

          through

          <br>

          other sources. The username that the password is being used

          for, or the

          <br>

          domain name/site name the user is attached to should never be

          included

          <br>

          in any part of the password. Also note that it is a good idea

          to

          <br>

          periodically change your passwords.

        </li>

      </ul>

      <p>

      </p>

      <p>If you have any questions, please reply to this email and we

        will be

        <br>

        more than happy to assist you with securing your sites.

      </p>

      <p>Please also see <a href="http://wiki.dreamhost.com/Security" target="_blank">http://wiki.dreamhost.com/Security</a>

      </p>

      <p>

      </p>

      <p>Sincerely,

      </p>

      <p>DreamHost Security Bot

        <br>

        <br>

      </p>

      <hr><br>

      <br>

      To unsubscribe from all automatic notifications, please visit this

      link in your web browser: <a href="https://panel.dreamhost.com/unsubscribe.cgi?email=jason%40steeplesoft%2Ecom&token=hbfB9wGqyToTGl7-1u34" target="_blank">https://panel.dreamhost.com/unsubscribe.cgi?email=jason%40steeplesoft%2Ecom&token=hbfB9wGqyToTGl7-1u34</a>

      <br>

    </div>

    <br>

  </div>

<br>_______________________________________________<br>

sc mailing list<br>

<a href="mailto:sc@lists.okcjug.org">sc@lists.okcjug.org</a><br>

<a href="http://lists.okcjug.org/listinfo.cgi/sc-okcjug.org" rel="noreferrer" target="_blank">http://lists.okcjug.org/listinfo.cgi/sc-okcjug.org</a><br>

<a href="http://wiki.okcjug.org" rel="noreferrer" target="_blank">http://wiki.okcjug.org</a><br>

<a href="http://tech.groups.yahoo.com/group/okcjug/" rel="noreferrer" target="_blank">http://tech.groups.yahoo.com/group/okcjug/</a><br>

<br></blockquote></div><br></div>