DreamHost, in a letter to over 3,500 shared hosting customers:
We’re still working to determine how this occurred, but it appears
that a 3rd party found a way to obtain the password information
associated with approximately 3,500 separate FTP accounts and has
used that information to append data to the index files of
customer sites using automated scripts (primarily for search
engine optimization purposes).
Sites that were hacked got a bunch of spammy links inserted into their index.php and index.html pages, in an HTML block that started with
<u style display: none>. Dave Shea got hacked, as did a bunch of the readers who contributed to his comments. Shea wrote to DreamHost and their tech support blamed him. Crooked Timber got hacked four days ago.
This is just awful, especially since they still have no explanation regarding exactly how they were compromised.
(Daring Fireball is hosted on a Joyent Accelerator; I’ve also been a happy customer at Pair for many years.)
★ Wednesday, 6 June 2007