So, I've been with DreamHost for about a year and need a new host. I searched the forums for help with what I needed, but I couldn't find anything and finally decided to create an account (after about two years of 'guesting' ).
Three of my sites on my DreamHostPS were recently brute force attacked via FTP and they were all defaced. I didn't have FTP disabled on the accounts because two of them were Joomla-based sites and I used the integrated FTP for addins and modules.
Now that I'm looking for a new host, I'm definitely going to need some security to stop this, and automated back-ups if possible. I'm looking at shared hosting as my sites have very low traffic and host local non-profit organization websites. I've been discrediting hosts lately because of the ability not to disable FTP or limit FTP access via CPanel, but I'd say that's probably unwarranted and it's just me being cautious about what has recently happened.
What are my options, and what hosts can you vouch for if you've had this same type of problem?
Are you 100% sure that the accounts were brute-forced and not that you perhaps had a trojan/virus that "phoned home" your FTP information (that most people store in their FTP programs)?
If it really was brute-forced then a change of provider will help but if it was a trojan/virus (these are very common these days) then you can change providers all you want and the attacks will follow.
According to the log files I checked and from what DreamHost advised of, it was a brute force via FTP. I check my machines regularly for viruses and trojans, so I doubt it was anything phoning home.
The problem with these viruses/trojans is that they are often 0-day exploits that affect browsers (even if you have the most up to date) and just visiting a site can infect you and many times these viruses/trojans aren't picked up by virus scanners for a few days (if you're lucky).
It's a cat and mouse game and it sucks to be honest but if the logs/dreamhost confirmed it was a brute-force then I would think that you would be fine at just about any other quality provider.
I'm not sure if HostGator has any sort of brute-force detection (so you might ask) but they were excellent while I was with them.
In the future also make sure that you use extremely complicated/complex passwords using upper case, lower case, numbers, and a few symbols - I don't know if you were already doing this so I'm not trying to insult your intelligence.