Sigh. I wake up today, check my mail and notice a mail from Dreamhost (where, as some of you know, I am hosting this site) titled “URGENT: FTP Account Security Concerns…”. Ok, this can’t be good. I continue reading and find out that somebody found an exploit in Dreamhost’s security, got a shitload (~3500) of ftp passwords and had some automated script login to the ftp and modify the index page.
Ok, “only” 20% of the affected accounts had been accessed and out those not all had files modified (the bot just downloaded the directory listings). Now what are the odds that my files had been modified? Very high, of course. Sigh again.
Well, it’s no biggie really, the automated script added 360 spam links to my index.php. The links had display:none so you probably even wouldn’t know about them if i wasn’t writing this. Still not very nice, especially if a search robot crawled my site during the time it was affected. Spamlinks are the obviously a big no-no if you check your SEO A-B-C…
Check out index.php after the modification. The first 5 lines are from WordPress, the rest…well, yeah.
According to Dreamhost’s e-mail only index.php (and other index files) were affected. I definitely don’t have the time to go through every single file i have on my server, so i won’t. If you find anything weird, please let me know
Last week Dreamhost had severe problems with the DNS, now this. Frustrating is the first word that pops to my head. I mean, in general I’m happy with Dreamhost–what you get for the money is great–but i don’t want to receive more emails like this one.
If you got the same mail and found similar (or some other?) activity, drop a comment