Dreamhost hacked

[specto_]

OK so I discover dreamhost (my web host) was hacked 22 hrs ago.

They say they have informed all affected customers, and I have yet to receive an email from them.
Checking timestamps and last logins on my site nothing has been compromised but either way this is not a good thing.

Comments

[whitez]

Eeek! How did you find out?

I'd not be a happy bunny if my dreamhost site was modified or deleted.

[specto_]

One of the forums I use (which I happen to know if hosted by dh) went down so I checked the status page (see http://www.dreamhoststatus.com/).
Note: I think the status page has died due to anxious customers.

Apparently the hackers stole usernames and passwords and have used the data to place spam/ads/redirects into various web sites.

You can check if you have been hacked buy:
- Login via ssh (do not use telnet!)

- Execute one or more of the following commands:

- 'last [username]'
^^ shows you last login times - check for when you know you didn't

- ls -a -c -lt -h -R > /yoursite.com/dirlist.txt
Check the dirlist.txt file it creates for files recently modified.

- find ~/mydomain.com/ -mtime -3-
&& Finds all files modified in the last 3 days - you might want to extend this period a bit. (does almost the same as the 'ls' command above)