Results 1 to 18 of 18
  1. #1
    Join Date
    Oct 2006
    Location
    Guanajuato
    Posts
    35

    A bad experience with Dreamhost

    I spent an afternoon completely away from computers, and when I got back, I received this email from the Dreamhost Security Bot:
    -----

    We have noticed your myacct user causing a large amount of load on the webserver. We also noticed that domains under this user are running outdated web software that may be hackable. Often times when domains get hacked the hackers will launch malicious processes that use a great deal of CPU time and thus increase the load on the machine caused by your user. This does not necessarily mean that your sites are hacked, but they could be. To ensure that your user is not compromised and contributing to server load unnecessarily (and, also not engaging in illegal activity typically associated with these types of hacks) we ask that you review the following and act accordingly.

    Comment: so far, so good

    Most commonly hacking exploits of this nature occur through known vulnerabilities in outdated copies of web software (blogs, galleries, carts, wikis, forums, CMS scripts, etc.) running under your domains. To secure your sites you should:

    1) Update all pre-packaged web software to the most recent versions available from the vendor. The following site can help you determine if you're running a vulnerable version:
    http://secunia.com/advisories/search/

    Joomla (v1.5.8) : /home/myacct/disabled site.net/ (OUTDATED!)

    I disabled this site six months ago.

    Joomla (v1.5.12) : /home/myacct/joomla1512site.com/ (OUTDATED!)

    There were three of these

    WordPress (v2.8.4) : /home/myacct/wp284site.org/ (OUTDATED!)

    There were six of these

    - WordPress installations need to be updated to the current release of 2.8.5.
    - Joomla installations need to be updated to the respective current secure release: 1.0.15 or 1.5.14.
    - Any old/outdated/archive installations that you do not intend to maintain need to be deleted from the server.

    The (OUTDATED!) domains above have been disabled by renaming the domain directory to end in "_DISABLED_FOR_POSSIBLE_EXPLOIT__CONTACT_DREAMHOST". Please do not reinstate them until you are ready to immediately upgrade them, or until you have already upgraded them.
    -----

    So, nine of my sites were disabled, for a period of four hours, with NO ADVANCE WARNING from Dreamhost.

    I send them a response, pointing out that:

    1. I run a tripwire program, integrit, on a daily basis. It showed no evidence that any of these sites had been hacked.

    2. My access logs showed no increase in activity on this date.

    They wrote, "We have noticed your myacct user causing a large amount of load on the webserver." Well, I certainly would like some details on this, but I haven't received any.

    Here's part of the response I got:
    -----

    In the case of some of the domains that were disabled your softwares were
    years out-of-date.
    ------

    Uh, no. Wordpress 2.8.4 was released August 12, 2009. Joomla 1.5.12 was released July 1, 2009. The only software that was "years" out of date was on two sites that had been disabled by me six months ago.

    It's clear that these people are making things up as they go along. All they really had to do was send me a note saying, "Hey, Bob, could you update these Wordpress and Joomla sites sometime in the next few days?"

  2. #2
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,196
    It's very strange that they've chosen to police your scripts and to force you to keep them up to date. 99.999% of the time this is the responsibility of the customer and even if it's not I would think they would simply inform you and give you time to update (and not automatically suspend).
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  3. #3
    Join Date
    Apr 2007
    Location
    United Kingdom
    Posts
    1,861
    Have they not told you exactly what was causing the load? Normal practice is to provide a snippet from the logs showing exactly what is consuming resources.

  4. #4
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    9,072
    Quote Originally Posted by MikeDVB View Post
    It's very strange that they've chosen to police your scripts and to force you to keep them up to date.
    Yeah, that's very strange that a provider doesn't want a single user causing a high load, possibly due to a compromised script... very strange indeed.

  5. #5
    Join Date
    Sep 2009
    Location
    Kuala Lumpur
    Posts
    86
    They should have provide a prove showing what account cause high load. As Dan_EZPZ said, normally they will provide with an evident to prove it that i come from you account.

    In this case, i'm not too sure what dreamhost are trying to pull.
    █• • Providing Quality Litespeed Web Hosting
    • Data Centre - USA - UK - Malaysia
    █• 24/7 Fast Support / 99.9% Uptime Guarantee
    • 30 Day Money Back Guarantee

  6. #6
    Join Date
    Oct 2002
    Location
    EU - east side
    Posts
    21,920
    In this case, i'm not too sure what dreamhost are trying to pull.
    Well, it may be that in some cases the simple upgrade from very old software versions led to decreased resources usage, hence this strong suggestion to do so for customer who have reached the limits of DH's shared hosting.

    Old software is a serious risk, and it is unfair in a way that hosts are expected to put up with the laziness of customers using a shared hosting environment.

  7. #7
    Join Date
    Oct 2006
    Location
    Guanajuato
    Posts
    35
    Quote Originally Posted by Dan_EZPZ View Post
    Have they not told you exactly what was causing the load?
    No, and that's one of the things I'm not happy about. It's also evidence that they are just guessing.

  8. #8
    Join Date
    Feb 2006
    Location
    Buffalo, NY
    Posts
    1,501
    Quote Originally Posted by ldcdc View Post
    Well, it may be that in some cases the simple upgrade from very old software versions led to decreased resources usage, hence this strong suggestion to do so for customer who have reached the limits of DH's shared hosting.

    Old software is a serious risk, and it is unfair in a way that hosts are expected to put up with the laziness of customers using a shared hosting environment.
    I tend to concur, but the issue is automated suspensions of accounts. For instance I run numerous software where I manually patch / backport the security fixes for certain reasons - this usually makes it so the version number is off / not updated. Granted I understand this that common - it's still something to think about.

    The better route would to be simply notify the customer / auto submit a ticket on their behalf and give them at least some chance to reply / acknowledge it.
    Cody R.
    Hawk Host Inc. Proudly Serving websites since 2004.
    Official Let's Encrypt Sponsor

  9. #9
    Join Date
    Aug 2004
    Location
    Earth
    Posts
    8,154
    Uh, no. Wordpress 2.8.4 was released August 12, 2009. Joomla 1.5.12 was released July 1, 2009. The only software that was "years" out of date was on two sites that had been disabled by me six months ago.
    By disabling the sites, did you delete the scripts/files from the server? If the files were still hosted on the account, that still presents a vulnerability.

    In my opinion, a 12/24 hour notice would've been nice but if you think about doing this for millions of web sites and waiting for a response then disabling the scripts, you would understand why they did what they did.

    In regards to the high cpu usage, it seems like you have plenty of scripts hosted on the account which could certainly cause high cpu/memory consumption.

  10. #10
    Join Date
    Oct 2006
    Location
    Guanajuato
    Posts
    35
    Quote Originally Posted by WN-Ali View Post
    By disabling the sites, did you delete the scripts/files from the server? If the files were still hosted on the account, that still presents a vulnerability.
    No, they renamed the directory.

    In my opinion, a 12/24 hour notice would've been nice but if you think about doing this for millions of web sites and waiting for a response then disabling the scripts, you would understand why they did what they did.
    No, what they did was totally inappropriate. They shut down my sites without any evidence (that I've seen) that there was actually a problem,

    In regards to the high cpu usage, it seems like you have plenty of scripts hosted on the account which could certainly cause high cpu/memory consumption.
    Well, yes. That's the way database-driven sites work. What do you think would happen if a web hosting company told potential cutomers, "We'll give you hosting for $100 a year, but you can't run Wordpress, Joomla, or Drupal?"

  11. #11
    Join Date
    Aug 2004
    Location
    Earth
    Posts
    8,154
    Well, yes. That's the way database-driven sites work. What do you think would happen if a web hosting company told potential cutomers, "We'll give you hosting for $100 a year, but you can't run Wordpress, Joomla, or Drupal?"
    Not all Wordpress, Joomla or Drupal web sites consume high cpu/memory. You have more then the usual amounts of scripts installed, thus the high cpu/memory consumption. It also depends on how you optimize your scripts, and the number of unique visitors to your web site. Perhaps you can share with us the daily/monthly unique visitors to all your web sites that would be helpful in determining how/why your cpu/memory consumption is high according to DreamHost.

    Unfortunately if your website is potentially harmful to other customers on the server, they have to think about the entire server and what's good for everyone on it not just you alone.

  12. #12
    Join Date
    Sep 2009
    Posts
    375
    Well, sorry to hear about your bad experience with them. You might want to consider moving and look around for another one.

  13. #13
    Join Date
    Feb 2005
    Location
    Australia
    Posts
    5,849
    Judging by your own earlier thread your Wordpress and Joomla sites were hacked repeatedly between July and September this year. If DH says they've been hacked again I don't see why you'd doubt their word. Perhaps you missed a backdoor left by the hackers last time.

    Quote Originally Posted by roberb7 View Post
    It's clear that these people are making things up as they go along. All they really had to do was send me a note saying, "Hey, Bob, could you update these Wordpress and Joomla sites sometime in the next few days?"
    And let your unfortunate neighbours on the shared server suffer for a few days while you get around to sorting it out? No. DH did the right thing. Any other responsible host would do the same.
    Chris

    "Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter

  14. #14
    Join Date
    Aug 2005
    Posts
    3,587
    I don't see anything wrong with this. The hoster is not responsible for updating your scripts, you are. And if you left disabled sites' files in place on the server, you're creating a big security risk for all other clients on the server.

    If you don't mind about that, you should get a dedicated server and not share your hosting space with other paying customers.

    Dreamhost gave you a warning, and if your sites got hacked before, they are probably just extra careful.

  15. #15
    Join Date
    Oct 2006
    Location
    Guanajuato
    Posts
    35
    Quote Originally Posted by foobic View Post
    Judging by your own earlier thread your Wordpress and Joomla sites were hacked repeatedly between July and September this year. If DH says they've been hacked again I don't see why you'd doubt their word. Perhaps you missed a backdoor left by the hackers last time.
    If you read the initial posting in this thread,

    1. DH DID NOT say that any of my sites were hacked again.

    2. I said that I had checked my sites with a tripwire program, and saw no evidence of any hacking.

    3. "Perhaps you missed a backdoor..." and perhaps not. If DH knew that such an thing had happened, I would have appreciated some details.

    I the absence of any hard information from DH (and yes, I asked them for it), I would have every reason to doubt their word, if they had actually said that my sites had been hacked.

  16. #16
    Join Date
    Oct 2006
    Location
    Guanajuato
    Posts
    35
    Quote Originally Posted by Jay August View Post
    I don't see anything wrong with this. The hoster is not responsible for updating your scripts, you are. And if you left disabled sites' files in place on the server, you're creating a big security risk for all other clients on the server.
    Why do you say that Joomla 1.5.12 and Wordpress 2.8.4 are "big" security risks?

  17. #17
    Join Date
    Oct 2007
    Posts
    4,332
    Quote Originally Posted by roberb7 View Post
    Why do you say that Joomla 1.5.12 and Wordpress 2.8.4 are "big" security risks?
    Because they are older versions of scripts where vulnerabilities have been found to exist. If you do not keep your version updated, you are only awaiting for your website to be hacked.
    [ James Lee - Cloud & Web Hosting Specialist 10+ Years WHT Veteran]

    [ Magento Performance Consultation by Magento Master ]

  18. #18
    Join Date
    Mar 2006
    Posts
    115
    Quote Originally Posted by roberb7 View Post
    I spent an afternoon completely away from computers, and when I got back, I received this email from the Dreamhost Security Bot:
    -----

    We have noticed your myacct user causing a large amount of load on the webserver. We also noticed that domains under this user are running outdated web software that may be hackable. Often times when domains get hacked the hackers will launch malicious processes that use a great deal of CPU time and thus increase the load on the machine caused by your user. This does not necessarily mean that your sites are hacked, but they could be. To ensure that your user is not compromised and contributing to server load unnecessarily (and, also not engaging in illegal activity typically associated with these types of hacks) we ask that you review the following and act accordingly.

    Comment: so far, so good

    Most commonly hacking exploits of this nature occur through known vulnerabilities in outdated copies of web software (blogs, galleries, carts, wikis, forums, CMS scripts, etc.) running under your domains. To secure your sites you should:

    1) Update all pre-packaged web software to the most recent versions available from the vendor. The following site can help you determine if you're running a vulnerable version:
    http://secunia.com/advisories/search/

    Joomla (v1.5.8) : /home/myacct/disabled site.net/ (OUTDATED!)

    I disabled this site six months ago.

    Joomla (v1.5.12) : /home/myacct/joomla1512site.com/ (OUTDATED!)

    There were three of these

    WordPress (v2.8.4) : /home/myacct/wp284site.org/ (OUTDATED!)

    There were six of these

    - WordPress installations need to be updated to the current release of 2.8.5.
    - Joomla installations need to be updated to the respective current secure release: 1.0.15 or 1.5.14.
    - Any old/outdated/archive installations that you do not intend to maintain need to be deleted from the server.

    The (OUTDATED!) domains above have been disabled by renaming the domain directory to end in "_DISABLED_FOR_POSSIBLE_EXPLOIT__CONTACT_DREAMHOST". Please do not reinstate them until you are ready to immediately upgrade them, or until you have already upgraded them.
    -----

    So, nine of my sites were disabled, for a period of four hours, with NO ADVANCE WARNING from Dreamhost.

    I send them a response, pointing out that:

    1. I run a tripwire program, integrit, on a daily basis. It showed no evidence that any of these sites had been hacked.

    2. My access logs showed no increase in activity on this date.

    They wrote, "We have noticed your myacct user causing a large amount of load on the webserver." Well, I certainly would like some details on this, but I haven't received any.

    Here's part of the response I got:
    -----

    In the case of some of the domains that were disabled your softwares were
    years out-of-date.
    ------

    Uh, no. Wordpress 2.8.4 was released August 12, 2009. Joomla 1.5.12 was released July 1, 2009. The only software that was "years" out of date was on two sites that had been disabled by me six months ago.

    It's clear that these people are making things up as they go along. All they really had to do was send me a note saying, "Hey, Bob, could you update these Wordpress and Joomla sites sometime in the next few days?"
    I skimmed the post, forgive me. However, I can understand why DreamHost is doing this. You're using a lot of resources, so they checked up on you. They thought it might be a exploit on one of your older installations which may have caused the high usage. I know you can use older installations, because I have. I won't say this is a negative thing about DreamHost, but I won't say it's a positive thing either. There's a lot of "shoulds" and what not, but that's just how they are..?

Similar Threads

  1. Replies: 15
    Last Post: 08-17-2008, 11:15 PM
  2. A Bad DreamHost Experience
    By lindec in forum Web Hosting
    Replies: 23
    Last Post: 03-24-2008, 11:32 PM
  3. My amazing experience with DreamHost
    By Twigglish in forum VPS Hosting
    Replies: 4
    Last Post: 11-14-2007, 07:51 PM
  4. Experience with DreamHost
    By enkoopa in forum Web Hosting
    Replies: 10
    Last Post: 10-22-2007, 11:32 AM
  5. Dreamhost Rocks - Here's my experience
    By HostRush-1 in forum Web Hosting
    Replies: 22
    Last Post: 06-24-2007, 09:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •