Dreamhost security problems: Wordpress sites hacked

Unsettling
Dave Shea's Mezzoblue
Wed, Jun 6 2007

 

OUCH. Sucks for them, I know wordpress had some vulns in older versions, I hope this isn't a wordpress problem. (Although it sounds like a DH problem, more likely.)

 

Dreamhost is also having problems with other scripts being hacked, e.g., phpLD. There's another thread about this in the Directories forum here at DP.

 

Well this was a compromise of a bunch of accounts. Now dreamhost cannot protect people from poorly made scripts getting exploited. There are tools to block some exploits on scripts but generally it's the persons responsibility to keep things secure on their site script wise. So basically any web host can have trouble with customer scripts like wordpress phpld being exploited.

 

Would you care to explain what's insecure about Wordpress? And why only Dreamhost seems to be having this problem with Wordpress?

 

The fact that FTP passwords were taken, preeeetty much proves it wasn't a wordpress problem.

 

Yep it does

My point was the comment about phpLD having problems to about being exploited. If you do not update your scripts your host cannot save you from being exploited.

So this dreamhost problem has nothing to do with wordpress, phpld or any script at all. I could have a generic index.html and have the code inserted to when the bad guy has access to my ftp.

So your site gets exploited you're on dream host it may very well not have anything to do with the ftp hacking but your scripts being exploited.

 

Whuch brings us full circle: It's not a Wordpress problem and it's not a phpLD problem. It's a Dreamhost problem.

Call a spade a spade.

And this is on top of them asking cutomers to bar search engine bots from spidering their websites because they oversold their bandwidth.

This is NOT a professional hosting service, any way you slice it.