Being that this is, you know, the internet and all, it seems fitting that my first post be a review of Dreamhost, my current web hosting service.
Now I've been a customer of Dreamhost for about 13 years. My fees have varied from year to year, so let's just be conservative and call it $13 a month. So thats...(1, 2, 3...) $2,028 not including registration for 18 different sites.
Unfortunately, in the past 6 months I have experienced multiple full-blown server failures that have involved every site in my portfolio being down for multiple days. Hackers, hardware failures, you name it. Each time, even when Dreamhost explained that they failed on their end, they had pushed back and insisted that the responsibility for restoring the sites fell solely on my shoulders.
If a web hosting company is in business to provide services as Dreamhost does, they are beholden to the customer to:
a) Maintain their equipment
b) Ensure a safe environment for their client's files
c) Fix their mistakes
d) Treat their customers with respect. The rude I.T. guy act is not acceptable in this customer/vendor relationship.
e) Take the time to properly educate themselves about the current issues concerning their customers before contacting them so as not to add insult to injury.
My personal experience is that my eCommerce site has been down during truly crucial moments. The last time was the same day that a national publication did a piece on my business. We missed out on all of the traffic and sales that would have resulted because that's when Dreamhost failed to provide the service I pay for due to "unscheduled server maintenance".
My current situation is that every single one of my 18 sites is now redirecting to a Russian malware site. My eCommerce site is included in this batch. Coding error on my part? Maybe. But the same error on 18 sites, all of them different? Unlikely. Add to this the fact that many sites were produced via 1-click installs and automatic updates provided by Dreamhost themselves.
I work as a full time interactive professional. I do not know of anyone, professional peers included, who has the chronic issues with server security that I do with Dreamhost web hosting service.
A phone call from Elizabeth with Dreamhost web hosting support started off with being told that she was calling, but couldn't discuss the issue with me due to it being a security issue. The said that Dreamhost does not believe it is their responsibility to restore my sites even when the failure is their fault. She refused to allow me to speak with a supervisor despite multiple requests to do so. She talked over me, did not hear me when I told her what was going on, was cavalier and antagonistic.
Since this is the third experience like this I've had in the past few months, the most recent being only a month ago, I am changing services.
All of my sites were hacked last night, 2/7/12. As of 9:33pm on 2/8/12 they are all still infected. I used the restore from backup functionality which supposedly restores from files a couple of weeks old. It did not resolve the issue. I have multiple service requests into Dreamhost. As of right now, I have not received any communications that they are working toward restoring my sites.
Should you be curious enough to Google "Dreamhost Sites Hacked" you might turn up an article such as this one, ironically dated last night, right about the same exact time my sites were hacked. Baffling!
http://www.computerworlduk.com/news/security/3335528/spammers-abusing-dreamhost-sites-following-january-hack/
Here's another article about the same issue, now obviously known by Dreamhost since they are actively claiming that they don't know of any customers who have been effected by this attack (odd).
http://www.wpsecuritylock.com/breaking-news-wordpress-hacked-with-zettapetta-on-dreamhost/
At this link http://news.ycombinator.com/item?id=3491246 A question was posed to a Dreamhost employee:
Update Wed, Feb 8, 2012 at 11:17 PM
This message received from Dreamhost:
Your account was escalated to me and I wanted to reach out to see if there is some way I can help. I understand your site was hacked and I see in your support notes our team has made some suggestions on how to restore your files. We identified the issue and as we have explained it is not on the DreamHost side. We are happy to help and walk through and advise on the best way to keep these public files from continually being hacked. Please let me know if we can help with further detail than what you have already received.
Update Thurs, Feb 8, 2012 at 10:57 AM:
Looking through all of my site files, there are domains that have no files associated with them (i.e. no Wordpress or any other 3rd party files, including none of my own.) that have /.htaccess (Redirects to congatarclyauli.ru) files which have been put on the server.
This issue is not due to my code, it is not due to Wordpress or any other 3rd party applications. These .htaccess files were placed at the server level. Every single domain holds these files. What is Dreamhost doing to ensure their servers are safe for their customers? I am at a loss. Every domain is so heavily infested.
This is absolutely Dreamhost's to clean up. I have provided so much evidence to support that fact and that Dreamhost's official response is "not it!"
Update Thurs, Feb 8, 2012 at 3:44 PM (All sites still infected, no response from Dreamhost):
I have spent most of the day deleting entire sites and replacing them with backups as old as October 2011, only to have them redirect to the malware site as soon as anything is clicked on again. I have received zero response from Dreamhost today on the issue despite posts to their support interface and Facebook page. They don't seem to respond until a big public stink is made, which is not professional. They should be addressing this respectfully and promptly, but that's not happening.
There are more articles popping up about Dreamhost being ravaged by hackers, yet they are denying the issue entirely. One only need Google "dreamhost hackers" to see that this is a big issue for Dreamhost and it doesn't sound like they intend to do anything to clean up the mess, preferring to push it onto their customers.
I have signed up for hosting with HostGator.com and hopefully once the site files are finally clean, if Dreamhost ever cleans up their servers, I'm moving everything over there. My frustration levels are at a 10.
Read my DreamHost review at Who Is Hosting ThisNow I've been a customer of Dreamhost for about 13 years. My fees have varied from year to year, so let's just be conservative and call it $13 a month. So thats...(1, 2, 3...) $2,028 not including registration for 18 different sites.
Unfortunately, in the past 6 months I have experienced multiple full-blown server failures that have involved every site in my portfolio being down for multiple days. Hackers, hardware failures, you name it. Each time, even when Dreamhost explained that they failed on their end, they had pushed back and insisted that the responsibility for restoring the sites fell solely on my shoulders.
If a web hosting company is in business to provide services as Dreamhost does, they are beholden to the customer to:
a) Maintain their equipment
b) Ensure a safe environment for their client's files
c) Fix their mistakes
d) Treat their customers with respect. The rude I.T. guy act is not acceptable in this customer/vendor relationship.
e) Take the time to properly educate themselves about the current issues concerning their customers before contacting them so as not to add insult to injury.
My personal experience is that my eCommerce site has been down during truly crucial moments. The last time was the same day that a national publication did a piece on my business. We missed out on all of the traffic and sales that would have resulted because that's when Dreamhost failed to provide the service I pay for due to "unscheduled server maintenance".
My current situation is that every single one of my 18 sites is now redirecting to a Russian malware site. My eCommerce site is included in this batch. Coding error on my part? Maybe. But the same error on 18 sites, all of them different? Unlikely. Add to this the fact that many sites were produced via 1-click installs and automatic updates provided by Dreamhost themselves.
I work as a full time interactive professional. I do not know of anyone, professional peers included, who has the chronic issues with server security that I do with Dreamhost web hosting service.
A phone call from Elizabeth with Dreamhost web hosting support started off with being told that she was calling, but couldn't discuss the issue with me due to it being a security issue. The said that Dreamhost does not believe it is their responsibility to restore my sites even when the failure is their fault. She refused to allow me to speak with a supervisor despite multiple requests to do so. She talked over me, did not hear me when I told her what was going on, was cavalier and antagonistic.
Since this is the third experience like this I've had in the past few months, the most recent being only a month ago, I am changing services.
All of my sites were hacked last night, 2/7/12. As of 9:33pm on 2/8/12 they are all still infected. I used the restore from backup functionality which supposedly restores from files a couple of weeks old. It did not resolve the issue. I have multiple service requests into Dreamhost. As of right now, I have not received any communications that they are working toward restoring my sites.
Should you be curious enough to Google "Dreamhost Sites Hacked" you might turn up an article such as this one, ironically dated last night, right about the same exact time my sites were hacked. Baffling!
http://www.computerworlduk.com/news/security/3335528/spammers-abusing-dreamhost-sites-following-january-hack/
Spammers abusing DreamHost sites following January hack
Zscaler identified rogue PHP redirect scripts uploaded on hundreds of websites hosted at DreamHost
By Lucian Constantin | IDG News Service | Published 11:31, 07 February 12
The security breach suffered by DreamHost in January has resulted in hundreds of rogue PHP pages redirecting users to work-at-home scams, according to researchers from cloud security vendor Zscaler.
DreamHost decided to reset the FTP and shell access passwords for all of its customers after discovering that hackers compromised one of its database servers on January 20.
The company said at the time that no malicious activity had been immediately detected on its customers' accounts, but the situation might have changed in the meantime, according to Zsclaer.Following the Dreamhost hack many websites hosted by the company have been hijacked to redirect users to a Russian scam page, said Zscaler senior security researcher Julien Sobrier at the end of last week. "I've identified hundreds of websites hosted by DreamHost that contained a PHP page redirecting to hxxp://www.otvetvam.com/."
Russian scam
The landing website promoted a work-at-home scam in Russian. These kind of scams have been around for many years and they usually trick users into buying a so-called starter kit that is supposed to help them earn money on the internet.
"I'm sure this is just the beginning of massive abuses on websites hosted by DreamHost," Sobrier said. However, other web security researchers are not convinced that these attacks are necessarily connected to the DreamHost breach.
Website integrity monitoring firm Sucuri Security has been tracking these attacks and similar ones for a while now and it cannot say whether they started after the DreamHost security breach or that they affect only websites hosted there, said David Dede, a security researcher with the company.
According to Dede, most of the compromised websites analysed by Sucuri had outdated software and other security issues.
Backdoor PHP script
Independent security researcher Denis Sinegubko, who created the Unmask Parasites web scanner, looked at some of the compromised websites given as examples by Zscaler and determined that they all had a backdoor PHP script installed on December 26, long before the DreamHost breach. It might still be an infrastructure-wide compromise though, he said.
Sinegubko was also able to tell who was behind this attack campaign because he'd seen some of the spam domains before. "It's the gang that promotes one of the largest scam campaigns in Russian," the researcher said. "They target themes such as genealogy, horoscopes, medical devices, diets, free downloads, and all other sorts of snake oil."
Regardless of whether these sites were compromised as a result of stolen credentials, vulnerabilities in outdated software or a misconfiguration, webmasters should follow security best practices. These include regularly reviewing the access logs for suspicious activity, checking their web directory trees for any newly created files that look out of place, changing their administrative passwords regularly and keeping their software up to date. Scanning their websites with free services like Zulu, Sucuri or Unmask Parasites, is also recommended.
Here's another article about the same issue, now obviously known by Dreamhost since they are actively claiming that they don't know of any customers who have been effected by this attack (odd).
http://www.wpsecuritylock.com/breaking-news-wordpress-hacked-with-zettapetta-on-dreamhost/
At this link http://news.ycombinator.com/item?id=3491246 A question was posed to a Dreamhost employee:
"Surely they don't send you your old password, but a freshly generated one? Then they could still be hashing them after emailing you."
Dreamhost employee answers: "Embarrassingly... no. Our login/authentication system was written in 1999, and it shows -- we store panel login passwords using symmetric encryption, and send out the decrypted password when you request it.
Getting this fixed was already on our to-do list. This incident has moved it up to near the top of the list (competing with a few other security-related tasks)."
Update Wed, Feb 8, 2012 at 11:17 PM
This message received from Dreamhost:
Your account was escalated to me and I wanted to reach out to see if there is some way I can help. I understand your site was hacked and I see in your support notes our team has made some suggestions on how to restore your files. We identified the issue and as we have explained it is not on the DreamHost side. We are happy to help and walk through and advise on the best way to keep these public files from continually being hacked. Please let me know if we can help with further detail than what you have already received.
Update Thurs, Feb 8, 2012 at 10:57 AM:
Looking through all of my site files, there are domains that have no files associated with them (i.e. no Wordpress or any other 3rd party files, including none of my own.) that have /.htaccess (Redirects to congatarclyauli.ru) files which have been put on the server.
This issue is not due to my code, it is not due to Wordpress or any other 3rd party applications. These .htaccess files were placed at the server level. Every single domain holds these files. What is Dreamhost doing to ensure their servers are safe for their customers? I am at a loss. Every domain is so heavily infested.
This is absolutely Dreamhost's to clean up. I have provided so much evidence to support that fact and that Dreamhost's official response is "not it!"
Update Thurs, Feb 8, 2012 at 3:44 PM (All sites still infected, no response from Dreamhost):
I have spent most of the day deleting entire sites and replacing them with backups as old as October 2011, only to have them redirect to the malware site as soon as anything is clicked on again. I have received zero response from Dreamhost today on the issue despite posts to their support interface and Facebook page. They don't seem to respond until a big public stink is made, which is not professional. They should be addressing this respectfully and promptly, but that's not happening.
There are more articles popping up about Dreamhost being ravaged by hackers, yet they are denying the issue entirely. One only need Google "dreamhost hackers" to see that this is a big issue for Dreamhost and it doesn't sound like they intend to do anything to clean up the mess, preferring to push it onto their customers.
I have signed up for hosting with HostGator.com and hopefully once the site files are finally clean, if Dreamhost ever cleans up their servers, I'm moving everything over there. My frustration levels are at a 10.
No comments:
Post a Comment