You could be hacked too

Published May 31, 2007 on adamfortuna

    Sometimes I forget about personal security. From a design perspective this is a relatively easy task with acceptable solutions, whether it be hashing passwords or doing some crazy salt implementation to keep your clients passwords secure. Unfortunately I was a little lazy with my own passwords. My main Dreamhost FTP account was compromised in the past week sometime (I expect it was in the last week at least) and I found some rather interesting results from this invasion. So what's in a dreamhost FTP account? When you log in you see a list of domains that user has access to (for my username it's everything of course), with full access to everything. There's also ssh access with the same credentials, but that seems to have been left untouched. Instead the perpetrator grabbed every single index.* file and added their own text to the bottom of it — about 70k of links that were hidden. The dangerous part was that I didn't even notice this, so I'm not completely sure when it happend! Dreamhost has a great backup plan luckily. You can login and CD over to /.snapshot and it contains folders with a full snapshot of your files at various times (1 hour ago, 2 hours ago, 1 day ago, 2 days ago, 1 week ago). The files from a week ago were last edited on 5/27 with this malicious code, although that could have been done directly in the snapshot directory. On the bright side for the most part it's just a matter of removing the offending code and reuploading the files; with the exception of one or two files which actually broke due to this editing. Lucky they did too because that's how I noticed something was wrong. Moral of the story is don't take your hosting passwords lightly! They need to be changed and checked on just like anything else important. I'm lucky that the worst something like this could've done is hurt my pagerank (or possibly offend someone if they actually read the links). I'm slowly removing them and cleaning up the rest of my hosting now which is why there has been no ColdFusion 8 headline today, aside from the one Digg was nice enough to do for me. Wait for it tomorrow.