<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Exactly what I was thinking.<br>
<br>
<div class="moz-cite-prefix">On 3/17/16 4:30 PM, Chad Gorshing
wrote:<br>
</div>
<blockquote
cite="mid:CAFCyQUOmd4Ob=Y6AZBTBrqoD74V=LGriRKmxRPSsgPWMeUKaSQ@mail.gmail.com"
type="cite">
<meta http-equiv="Context-Type" content="text/html; charset=UTF-8">
<div dir="ltr">hmmm - maybe a good time to move to a static site
like gh-pages?<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Mar 17, 2016 at 2:59 PM, Jason
Lee <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:jason@steeplesoft.com" target="_blank">jason@steeplesoft.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote">
<div> This sounds fun. I'll look into this...soon.<br>
<div><br>
<br>
-------- Forwarded Message --------
<table>
<tbody>
<tr>
<th nowrap="nowrap">Subject: </th>
<td>[tlh 116912912] DreamHost Security Alert -
Site Compromised.</td>
</tr>
<tr>
<th nowrap="nowrap">Date: </th>
<td>Wed, 16 Mar 2016 15:53:53 -0700 (PDT)</td>
</tr>
<tr>
<th nowrap="nowrap">From: </th>
<td>DreamHost Security Team <a
moz-do-not-send="true"
href="mailto:secalerts@dreamhost.com"
target="_blank"><a class="moz-txt-link-rfc2396E" href="mailto:secalerts@dreamhost.com"><secalerts@dreamhost.com></a></a>
<a moz-do-not-send="true"
href="mailto:secalerts@dreamhost.com"
target="_blank"><secalerts@dreamhost.com></a></td>
</tr>
<tr>
<th nowrap="nowrap">To: </th>
<td><a moz-do-not-send="true"
href="mailto:jason@steeplesoft.com"
target="_blank">jason@steeplesoft.com</a></td>
</tr>
</tbody>
</table>
<br>
<br>
<p>Hello Jason, </p>
<p>We have recently scanned one or more users on your
DreamHost account for <br>
potential security threats. Unfortunately, we found
some potential <br>
indications that your website(s) *may* be compromised.
</p>
<p>We understand that this may not be the best news you
can get. This <br>
notification is intended to help you through the
process and serve as <br>
a starting point to assist you in getting your account
cleaned and <br>
secured. While we won't be able to complete these
processes for you, if <br>
you have any questions about the items that follow
please don't hesitate <br>
to reply to this email and we will be happy to clarify
any points or <br>
offer any further guidance to help you through getting
your account back to normal. </p>
<p> </p>
<p>We have identified attacker-added malicious content,
which may include <br>
malware such as backdoor shells, adware, botnet, and
spammer scripts. </p>
<p>The following file(s) specifically have been
identified as attacker-added <br>
malware. These files have been DISABLED by setting
their permissions to 200 <br>
(Owner write-only). These files should be audited and
either replaced with <br>
known good versions or, if not legitimate site
components, removed altogether: </p>
<p>/home/okcjug/<a moz-do-not-send="true"
href="http://okcjug.org/wp/wp-includes/Text/Diff/Renderer/default.php"
target="_blank">okcjug.org/wp/wp-includes/Text/Diff/Renderer/default.php</a>
</p>
<p> </p>
<p>The existence of this known attacker content
indicates that your website <br>
or user password has been compromised. You or a
trusted webmaster will <br>
need to determine the attack vector and then take
actions to mitigate <br>
further exploit: </p>
<p><a moz-do-not-send="true"
href="http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites#Determining_the_Hack_Method"
target="_blank">http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites#Determining_the_Hack_Method</a>
</p>
<p><a moz-do-not-send="true"
href="http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites#Preventing_Future_Hacks"
target="_blank">http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites#Preventing_Future_Hacks</a>
</p>
<p>The following files/directories had insecure
permissions (777), which <br>
have been remediated. </p>
<p>/home/okcjug/<a moz-do-not-send="true"
href="http://okcjug.org/wp/wp-content/plugins/wp-hashcash/hashes/o.out"
target="_blank">okcjug.org/wp/wp-content/plugins/wp-hashcash/hashes/o.out</a><br>
/home/okcjug/<a moz-do-not-send="true"
href="http://okcjug.org/wp/wp-content/plugins/wp-hashcash/hashes/o4.out"
target="_blank">okcjug.org/wp/wp-content/plugins/wp-hashcash/hashes/o4.out</a>
</p>
<p> </p>
<p>Additionally, the following steps should be taken to
ensure password <br>
security. </p>
<ul>
<li>Change your users password(s) by clicking under
the Action Column for <br>
that user in our Web Panel: <a
moz-do-not-send="true"
href="https://panel.dreamhost.com/index.cgi?tree=users.users"
target="_blank"><a class="moz-txt-link-freetext" href="https://panel.dreamhost.com/index.cgi?tree=users.users">https://panel.dreamhost.com/index.cgi?tree=users.users</a></a></li>
<li>Change your database password(s) by clicking the
database username in <br>
our Web Panel: <a moz-do-not-send="true"
href="https://panel.dreamhost.com/index.cgi?tree=goodies.mysql"
target="_blank">https://panel.dreamhost.com/index.cgi?tree=goodies.mysql</a></li>
</ul>
<p>IMPORTANT: You may need to modify your site's
configuration file to <br>
reflect the new password. </p>
<ul>
<li>Use a complex (8-31 characters) password or
passphrase that contains <br>
mixed case letters, numbers, and symbols. You should
avoid using <br>
dictionary words (in any language), names, dates,
addresses, phone <br>
numbers, etc. as these can potentially be guessed or
acquired through <br>
other sources. The username that the password is
being used for, or the <br>
domain name/site name the user is attached to should
never be included <br>
in any part of the password. Also note that it is a
good idea to <br>
periodically change your passwords. </li>
</ul>
<p> </p>
<p>If you have any questions, please reply to this email
and we will be <br>
more than happy to assist you with securing your
sites. </p>
<p>Please also see <a moz-do-not-send="true"
href="http://wiki.dreamhost.com/Security"
target="_blank">http://wiki.dreamhost.com/Security</a>
</p>
<p> </p>
<p>Sincerely, </p>
<p>DreamHost Security Bot <br>
<br>
</p>
<hr><br>
<br>
To unsubscribe from all automatic notifications, please
visit this link in your web browser: <a
moz-do-not-send="true"
href="https://panel.dreamhost.com/unsubscribe.cgi?email=jason%40steeplesoft%2Ecom&token=hbfB9wGqyToTGl7-1u34"
target="_blank"><a class="moz-txt-link-freetext" href="https://panel.dreamhost.com/unsubscribe.cgi?email=jason%40steeplesoft%2Ecom&token=hbfB9wGqyToTGl7-1u34">https://panel.dreamhost.com/unsubscribe.cgi?email=jason%40steeplesoft%2Ecom&token=hbfB9wGqyToTGl7-1u34</a></a>
<br>
</div>
<br>
</div>
<br>
_______________________________________________<br>
sc mailing list<br>
<a moz-do-not-send="true" href="mailto:sc@lists.okcjug.org">sc@lists.okcjug.org</a><br>
<a moz-do-not-send="true"
href="http://lists.okcjug.org/listinfo.cgi/sc-okcjug.org"
rel="noreferrer" target="_blank">http://lists.okcjug.org/listinfo.cgi/sc-okcjug.org</a><br>
<a moz-do-not-send="true" href="http://wiki.okcjug.org"
rel="noreferrer" target="_blank">http://wiki.okcjug.org</a><br>
<a moz-do-not-send="true"
href="http://tech.groups.yahoo.com/group/okcjug/"
rel="noreferrer" target="_blank">http://tech.groups.yahoo.com/group/okcjug/</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
sc mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sc@lists.okcjug.org">sc@lists.okcjug.org</a>
<a class="moz-txt-link-freetext" href="http://lists.okcjug.org/listinfo.cgi/sc-okcjug.org">http://lists.okcjug.org/listinfo.cgi/sc-okcjug.org</a>
<a class="moz-txt-link-freetext" href="http://wiki.okcjug.org">http://wiki.okcjug.org</a>
<a class="moz-txt-link-freetext" href="http://tech.groups.yahoo.com/group/okcjug/">http://tech.groups.yahoo.com/group/okcjug/</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Jason Lee
<a class="moz-txt-link-freetext" href="http://cubtracker.com">http://cubtracker.com</a>
<a class="moz-txt-link-freetext" href="http://blogs.steeplesoft.com">http://blogs.steeplesoft.com</a>
<a class="moz-txt-link-freetext" href="http://twitter.com/jasondlee">http://twitter.com/jasondlee</a>
<a class="moz-txt-link-freetext" href="http://blogs.steeplesoft.com/+">http://blogs.steeplesoft.com/+</a>
<a class="moz-txt-link-freetext" href="http://blogs.steeplesoft.com/in">http://blogs.steeplesoft.com/in</a></pre>
</body>
</html>