Sep/090
Dreamhost? More like Nightmarehost!
To anyone that hasn't used Dreamhost before, they are not the greatest host on the net. There are regular down times on their servers, and if the server is up then it's going slow so you're contacting support at least once or twice a week. However, this new incident with Dreamhost takes the cake. Here is a direct quote from their status blog.
We had to take this machine offline while we investigated the source of widespread website defacement. Fortunately we were able to determine that the machine was not completely compromised and are now in the process of cleaning up the mess that was made. We apologize for not providing information sooner but due to the sensitive nature of the situation we wanted to complete our investigation before disclosing details.
Update: the vulnerability has been confirmed as fixed (we had actually previously addressed it but this specific machine had become vulnerable after a reboot – the cause of that has been corrected and will not be a cause for concern any longer). We are now in the process of cleaning up and our Abuse team will be contacting customers who were effected.
Security issues much? Looks like everyone's FTP was compromised during an attack where the hacker managed to find an exploit in their servers. How can such a professional company, have such a big big flaw.
The hacker was "NobodyCoder", someone Vorbb has run into before when he hacked our forum using a MyBB exploit. Thankfully he only uploaded index files and didn't really do any damage.
For anybody thinking about trying out Dreamhost, I would strongly advise against it.