[olug] *nix website hosting / security question

DYNATRON tech dynatron at gmail.com
Fri Mar 9 19:09:16 UTC 2012 

if you connect via simple ftp it is extremely easy to shark the password in
a variety of situations. ftp login is something that most hosting companies
still use, but shouldn't.
On Mar 8, 2012 8:12 AM, "Kevin" <sharpestmarble at gmail.com> wrote:

> Dreamhost is a very large provider. I doubt that they were hacked. However,
> they did post a security-related tweet yesterday, so evaluate that for
> yourself. I would be looking at more generic security stuff, however. Bad
> and/or guessed and/or re-used password, phished, virus on computer used to
> upload to website, etc.
> On Mar 7, 2012 9:07 PM, "Sam Tetherow" <tetherow at shwisp.net> wrote:
>
> > There was a Plesk whole released earlier in the week as well, although
> one
> > would think dreamhost would be on top of something like that.  Best bet
> is
> > figure out what they are using for a website as mentioned below and check
> > known vulnerabilities.  Both Drupal and Wordpress have pretty easy
> upgrade
> > paths as long as there is not custom modules (and even then it probably
> > won't be difficult unless moving major versions).
> >
> > On 03/07/2012 07:38 PM, T. J. Brumfield wrote:
> >
> >> Where they using a common CMS package like Wordpress, Joomla or Drupal?
> >>
> >> They're both blessings and curses. They have tons of extensions and are
> >> easy to get something going, but they have known security
> vulnerabilities
> >> for old versions and are frequently targeted. Just yesterday I was
> reading
> >> another story that people were compromising old Wordpress sites again to
> >> spread malware.
> >>
> >> http://www.networkworld.com/**news/2012/030712-fake-av-**
> >> attack-targets-wordpress-**257030.html?hpg1=bn<
> http://www.networkworld.com/news/2012/030712-fake-av-attack-targets-wordpress-257030.html?hpg1=bn
> >
> >>
> >> The lesson is to keep your install up to date.
> >>
> >> On Wed, Mar 7, 2012 at 7:35 PM, Jordan Fox<vmifox at gmail.com>  wrote:
> >>
> >>  I have a co-worker who's husband's company website (it's his company)
> >>> was hacked.  The hacker is continuously loading malware onto the
> >>> website.  She's a solaris admin, so she knows a lot about computers.
> >>> She's not sure if it was the website that was hacked or the provider.
> >>> The provider is Dreamhost.  Her husband has a contract with a company
> >>> called Securi (she thinks that's what it's called) to monitor and
> >>> remove malware from the website, but they can't keep up with the
> >>> hacker.
> >>>
> >>> I'm sending the email to ask if 1) anyone can provide some insight
> >>> into the two companies mentioned  - i.e how likely is it that it was
> >>> Dreamhost that was hacked and not their website (who's problem is it
> >>> and, therefore, who is responsible to fix it)- and 2) her and her
> >>> husband are looking to contract with someone to analyse their current
> >>> situation to provide, and possibly implement, a solution.
> >>>
> >>> These are all the details that I have.  I know there are some really
> >>> knowledgeable people on this list and told her I'd pass along the
> >>> above information / requests.  If anyone is interested in helping, let
> >>> me know and I'll get you in contact with them.
> >>>
> >>> Thanks,
> >>> Jordan
> >>>
> >>>
> >>> ------------------------------**------------------------------**
> >>> ---------------------
> >>> "Do not be anxious about anything, but in everything, by prayer and
> >>> petition, with thanksgiving, present your requests to God.  And the
> >>> peace of God, which transcends all understanding, will guard your
> >>> hearts and minds in Christ Jesus."  Phil 4:6-7
> >>>
> >>> "The shortest distance between a problem and a solution is the
> >>> distance between your knees and the floor."  Anonymous
> >>> ______________________________**_________________
> >>> OLUG mailing list
> >>> OLUG at olug.org
> >>> https://lists.olug.org/**mailman/listinfo/olug<
> https://lists.olug.org/mailman/listinfo/olug>
> >>>
> >>>
> >>
> >>
> > ______________________________**_________________
> > OLUG mailing list
> > OLUG at olug.org
> > https://lists.olug.org/**mailman/listinfo/olug<
> https://lists.olug.org/mailman/listinfo/olug>
> >
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>

More information about the OLUG mailing list