Comments on: Spam Again

By: oldnumberseven

oldnumberseven — Sat, 09 Jun 2007 04:52:09 +0000

I am wondering what course you are taking in regards to changing hosts? My partner is the director of a non-profit group, and dreamhost gave them free hosting. The non-profit’s site has not been compromised as far as I can tell. It is http://montrails.org/ but I would welcome any other crooked timber eyes looking upon it to give their two cents.

Does anyone know of any other hosting companies that will provide free hosting to a non-profit?

By: Fatal Claws

Fatal Claws — Sat, 09 Jun 2007 00:04:28 +0000

Try pair.com

By: Alan Bostick

Alan Bostick — Thu, 07 Jun 2007 18:36:14 +0000

abb1 @ 3: Password databases (at least on UNIX-type systems) are encrypted and so ought to be useless to hackers, even if they were able to get access to them

But if the hackers compromised the hosting company’s NOC, they could monitor the network and gobble up every password of every customer that was typed in cleartext. FTP was developed in a less distrustful time, and so account passwords are vulnerable to network sniffers.

It is basically irresponsible for a hosting company to encourage use of FTP for password-protected access to file transfer. They should encourage, and you should use, something like SFTP (SSH File Transfer Protocol) so that all traffic, including logins and passwords, are encrypted between the client and the server, and eavesdroppers can’t grab passwords.

(Disclaimer: I am not a real network security guy; I’m just a long-term user with a cryptography obsession.)

By: tom brandt

tom brandt — Thu, 07 Jun 2007 16:48:28 +0000

I heard a lot of complaints about Dreamhost when I went looking for a new hosting company and didn’t use them because of the complaints. I use OCS Solutions and am quite happy with them. It is a fairly small operation, which I think is a good thing.

By: todd.

todd. — Thu, 07 Jun 2007 16:35:31 +0000

I'm with Sean Carroll (here): "I conclude that it is impossible for the internet to work."

By: Aaron Swartz

Aaron Swartz — Thu, 07 Jun 2007 16:28:25 +0000

Caldwell: I’m happy to administer the box as well, if needed.

By: Myrna the Minx

Myrna the Minx — Thu, 07 Jun 2007 01:59:21 +0000

Yikes, I didn’t know about this until now and have a wp blog. I GUESS I wasn’t affected. Time to investigate.

By: 1, 2, 3 (catch up) at found_drama

1, 2, 3 (catch up) at found_drama — Thu, 07 Jun 2007 00:08:16 +0000

[...] Daring Fireball. My account did not appear to be effected, which is encouraging; bummer for those reporting otherwise. I don’t buy the argument that they were blowing it off because it was not [...]

By: Unofficial DreamHost Blog » Blog Archive » DreamHost FTP Accounts Hacked

Wed, 06 Jun 2007 22:31:22 +0000

[...] blogs like mezzoblue (PageRank 8), Crooked Timber (PageRank 7) and Caydel’s SEO Blog (PageRank 6) has been [...]

By: Nick Caldwell

Nick Caldwell — Wed, 06 Jun 2007 22:05:28 +0000

Ah, I hadn’t realised Crooked Timber was already on a dedicated server. Never mind me then.

By: Nick Caldwell

Nick Caldwell — Wed, 06 Jun 2007 20:56:02 +0000

Aaron, the Joyent containers are pretty awesome but the CTers would need a fair amount of technical know-how to administer an unmanaged Solaris box.

By: abb1

abb1 — Wed, 06 Jun 2007 17:40:31 +0000

How does one find “a way to obtain the password information associated with approximately 3,500 separate FTP accounts”? Weird.

By: Aaron Swartz

Aaron Swartz — Wed, 06 Jun 2007 16:32:43 +0000

Yes, please switch hosts. I mean, I’ll personally fund the hosting of the site someplace decent, like a rimuhosting or joyent VPS.

By: joel hanes

joel hanes — Wed, 06 Jun 2007 16:10:53 +0000

Time to get a new hosting company.
If they’ve compromised your site password, and haven’t the integrity to notify you, they don’t deserve your business, regardless of any other merits they may have.