Results 1 to 18 of 18
Thread: A bad experience with Dreamhost
-
10-31-2009, 01:17 PM #1Junior Guru Wannabe
- Join Date
- Oct 2006
- Location
- Guanajuato
- Posts
- 35
A bad experience with Dreamhost
I spent an afternoon completely away from computers, and when I got back, I received this email from the Dreamhost Security Bot:
-----
We have noticed your myacct user causing a large amount of load on the webserver. We also noticed that domains under this user are running outdated web software that may be hackable. Often times when domains get hacked the hackers will launch malicious processes that use a great deal of CPU time and thus increase the load on the machine caused by your user. This does not necessarily mean that your sites are hacked, but they could be. To ensure that your user is not compromised and contributing to server load unnecessarily (and, also not engaging in illegal activity typically associated with these types of hacks) we ask that you review the following and act accordingly.
Comment: so far, so good
Most commonly hacking exploits of this nature occur through known vulnerabilities in outdated copies of web software (blogs, galleries, carts, wikis, forums, CMS scripts, etc.) running under your domains. To secure your sites you should:
1) Update all pre-packaged web software to the most recent versions available from the vendor. The following site can help you determine if you're running a vulnerable version:
http://secunia.com/advisories/search/
Joomla (v1.5.8) : /home/myacct/disabled site.net/ (OUTDATED!)
I disabled this site six months ago.
Joomla (v1.5.12) : /home/myacct/joomla1512site.com/ (OUTDATED!)
There were three of these
WordPress (v2.8.4) : /home/myacct/wp284site.org/ (OUTDATED!)
There were six of these
- WordPress installations need to be updated to the current release of 2.8.5.
- Joomla installations need to be updated to the respective current secure release: 1.0.15 or 1.5.14.
- Any old/outdated/archive installations that you do not intend to maintain need to be deleted from the server.
The (OUTDATED!) domains above have been disabled by renaming the domain directory to end in "_DISABLED_FOR_POSSIBLE_EXPLOIT__CONTACT_DREAMHOST". Please do not reinstate them until you are ready to immediately upgrade them, or until you have already upgraded them.
-----
So, nine of my sites were disabled, for a period of four hours, with NO ADVANCE WARNING from Dreamhost.
I send them a response, pointing out that:
1. I run a tripwire program, integrit, on a daily basis. It showed no evidence that any of these sites had been hacked.
2. My access logs showed no increase in activity on this date.
They wrote, "We have noticed your myacct user causing a large amount of load on the webserver." Well, I certainly would like some details on this, but I haven't received any.
Here's part of the response I got:
-----
In the case of some of the domains that were disabled your softwares were
years out-of-date.
------
Uh, no. Wordpress 2.8.4 was released August 12, 2009. Joomla 1.5.12 was released July 1, 2009. The only software that was "years" out of date was on two sites that had been disabled by me six months ago.
It's clear that these people are making things up as they go along. All they really had to do was send me a note saying, "Hey, Bob, could you update these Wordpress and Joomla sites sometime in the next few days?"
-
10-31-2009, 01:52 PM #2Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,196
It's very strange that they've chosen to police your scripts and to force you to keep them up to date. 99.999% of the time this is the responsibility of the customer and even if it's not I would think they would simply inform you and give you time to update (and not automatically suspend).
█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
10-31-2009, 02:10 PM #3Web Hosting Master
- Join Date
- Apr 2007
- Location
- United Kingdom
- Posts
- 1,861
Have they not told you exactly what was causing the load? Normal practice is to provide a snippet from the logs showing exactly what is consuming resources.
-
10-31-2009, 02:10 PM #4Web Hosting Master
- Join Date
- Mar 2003
- Location
- Canada
- Posts
- 9,072
-
10-31-2009, 02:21 PM #5Junior Guru Wannabe
- Join Date
- Sep 2009
- Location
- Kuala Lumpur
- Posts
- 86
They should have provide a prove showing what account cause high load. As Dan_EZPZ said, normally they will provide with an evident to prove it that i come from you account.
In this case, i'm not too sure what dreamhost are trying to pull.█• • Providing Quality Litespeed Web Hosting
█• Data Centre - USA - UK - Malaysia
█• 24/7 Fast Support / 99.9% Uptime Guarantee
█• 30 Day Money Back Guarantee
-
10-31-2009, 02:54 PM #6Retired Moderator
- Join Date
- Oct 2002
- Location
- EU - east side
- Posts
- 21,920
In this case, i'm not too sure what dreamhost are trying to pull.
Old software is a serious risk, and it is unfair in a way that hosts are expected to put up with the laziness of customers using a shared hosting environment.
-
10-31-2009, 03:02 PM #7Junior Guru Wannabe
- Join Date
- Oct 2006
- Location
- Guanajuato
- Posts
- 35
-
10-31-2009, 03:17 PM #8Web Hosting Master
- Join Date
- Feb 2006
- Location
- Buffalo, NY
- Posts
- 1,501
I tend to concur, but the issue is automated suspensions of accounts. For instance I run numerous software where I manually patch / backport the security fixes for certain reasons - this usually makes it so the version number is off / not updated. Granted I understand this that common - it's still something to think about.
The better route would to be simply notify the customer / auto submit a ticket on their behalf and give them at least some chance to reply / acknowledge it.█ Cody R.
█ Hawk Host Inc. Proudly Serving websites since 2004.
█ Official Let's Encrypt Sponsor
-
10-31-2009, 08:47 PM #9Web Hosting Master
- Join Date
- Aug 2004
- Location
- Earth
- Posts
- 8,154
Uh, no. Wordpress 2.8.4 was released August 12, 2009. Joomla 1.5.12 was released July 1, 2009. The only software that was "years" out of date was on two sites that had been disabled by me six months ago.
In my opinion, a 12/24 hour notice would've been nice but if you think about doing this for millions of web sites and waiting for a response then disabling the scripts, you would understand why they did what they did.
In regards to the high cpu usage, it seems like you have plenty of scripts hosted on the account which could certainly cause high cpu/memory consumption.
-
10-31-2009, 09:04 PM #10Junior Guru Wannabe
- Join Date
- Oct 2006
- Location
- Guanajuato
- Posts
- 35
No, they renamed the directory.
In my opinion, a 12/24 hour notice would've been nice but if you think about doing this for millions of web sites and waiting for a response then disabling the scripts, you would understand why they did what they did.
In regards to the high cpu usage, it seems like you have plenty of scripts hosted on the account which could certainly cause high cpu/memory consumption.
-
10-31-2009, 10:57 PM #11Web Hosting Master
- Join Date
- Aug 2004
- Location
- Earth
- Posts
- 8,154
Well, yes. That's the way database-driven sites work. What do you think would happen if a web hosting company told potential cutomers, "We'll give you hosting for $100 a year, but you can't run Wordpress, Joomla, or Drupal?"
Unfortunately if your website is potentially harmful to other customers on the server, they have to think about the entire server and what's good for everyone on it not just you alone.
-
11-01-2009, 08:41 AM #12Aspiring Evangelist
- Join Date
- Sep 2009
- Posts
- 375
Well, sorry to hear about your bad experience with them. You might want to consider moving and look around for another one.
FreePRchecker.com hosted by In2net Linux VPS
-
11-01-2009, 05:53 PM #13Retired Moderator
- Join Date
- Feb 2005
- Location
- Australia
- Posts
- 5,849
Judging by your own earlier thread your Wordpress and Joomla sites were hacked repeatedly between July and September this year. If DH says they've been hacked again I don't see why you'd doubt their word. Perhaps you missed a backdoor left by the hackers last time.
And let your unfortunate neighbours on the shared server suffer for a few days while you get around to sorting it out? No. DH did the right thing. Any other responsible host would do the same.Chris
"Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter
-
11-01-2009, 07:55 PM #14Web Hosting Master
- Join Date
- Aug 2005
- Posts
- 3,587
I don't see anything wrong with this. The hoster is not responsible for updating your scripts, you are. And if you left disabled sites' files in place on the server, you're creating a big security risk for all other clients on the server.
If you don't mind about that, you should get a dedicated server and not share your hosting space with other paying customers.
Dreamhost gave you a warning, and if your sites got hacked before, they are probably just extra careful.
-
11-01-2009, 11:07 PM #15Junior Guru Wannabe
- Join Date
- Oct 2006
- Location
- Guanajuato
- Posts
- 35
If you read the initial posting in this thread,
1. DH DID NOT say that any of my sites were hacked again.
2. I said that I had checked my sites with a tripwire program, and saw no evidence of any hacking.
3. "Perhaps you missed a backdoor..." and perhaps not. If DH knew that such an thing had happened, I would have appreciated some details.
I the absence of any hard information from DH (and yes, I asked them for it), I would have every reason to doubt their word, if they had actually said that my sites had been hacked.
-
11-01-2009, 11:09 PM #16Junior Guru Wannabe
- Join Date
- Oct 2006
- Location
- Guanajuato
- Posts
- 35
-
11-02-2009, 11:03 AM #17Cloud & Web Hosting Specialist
- Join Date
- Oct 2007
- Posts
- 4,332
[ James Lee - Cloud & Web Hosting Specialist • 10+ Years WHT Veteran]
[ Magento Performance Consultation by Magento Master ]
-
11-02-2009, 12:54 PM #18WHT Addict
- Join Date
- Mar 2006
- Posts
- 115
I skimmed the post, forgive me. However, I can understand why DreamHost is doing this. You're using a lot of resources, so they checked up on you. They thought it might be a exploit on one of your older installations which may have caused the high usage. I know you can use older installations, because I have. I won't say this is a negative thing about DreamHost, but I won't say it's a positive thing either. There's a lot of "shoulds" and what not, but that's just how they are..?
Similar Threads
-
My Experience with Dreamhost Shared, PS & a request!
By subbu in forum VPS HostingReplies: 15Last Post: 08-17-2008, 11:15 PM -
A Bad DreamHost Experience
By lindec in forum Web HostingReplies: 23Last Post: 03-24-2008, 11:32 PM -
My amazing experience with DreamHost
By Twigglish in forum VPS HostingReplies: 4Last Post: 11-14-2007, 07:51 PM -
Experience with DreamHost
By enkoopa in forum Web HostingReplies: 10Last Post: 10-22-2007, 11:32 AM -
Dreamhost Rocks - Here's my experience
By HostRush-1 in forum Web HostingReplies: 22Last Post: 06-24-2007, 09:46 PM