08 Jun 2007
My web hosting provider, DreamHost, got hacked recently. In an e-mail to me, they wrote:
> We have detected what appears to be the exploit of a number of accounts belonging to DreamHost customers, and it appears that your account was one of those affected.
> We’re still working to determine how this occurred, but it appears that a 3rd party found a way to obtain the password information associated with approximately 3,500 separate FTP accounts and has used that information to append data to the index files of customer sites using automated scripts (primarily for search engine optimization purposes).
> Our records indicate that only roughly 20% of the accounts accessed – less than 0.15% of the total accounts that we host – actually had any changes made to them. Most accounts were untouched.
So yes, I was affected. So was Brendan at Bokane.org. Apparently what the hackers did on my websites was replace every
index.php file with their own copy, which just linked to all kinds of ad sites, and apparently even contained some viruses (probably only an issue for IE users). Anyway, the whole thing is very annoying, but easy enough to undo. (Luckily I do have backups of those files.)
The blog and main page are back to normal, and other pages should be returning to normal in the next few days.
P.S. Has anyone else noticed that a lot of Flickr’s image servers are all of a sudden being blocked in China? Not all Flickr images are blocked, but many are now. For instance, I can no longer see the Chinese doughnut image from my last entry.