Ok, as you may have heard recently Dreamhost was hit quite severely by hackers, who apparently chose to compromise in mass client’s at Dreamhost whose blogs were outdated. To date I’ve found no evidence that Dreamhost servers were compromised. It seems Dreamhost’s main failing was not scrubbing that big red target symbol off the side of their Network Operations Center where the servers are housed.
We apologize for the delay in getting back to you regarding your hacked site. We are currently testing an improved scanning and file cleaning tool. This tool will be checking for malicious content as well as for bad permissions that cause repeated issues with successful hacking attempts. Due to the extra checks and fixes, the scan is going to take longer than usual. Due to the recent stream of WordPress-based hacks, we also have an unusually large number of customers waiting. We appreciate your patience.
In the meantime, please take a look at the wiki article that may help you take care of some of the issues you ran into: http://wiki.dreamhost. com/My_Wordpress_site_was_hacked .
Ok, better late than never I guess. Honestly, I agree it’s probably best to not make light of the situation since being hacked can be quite the wake-up call for any business. Quite sad really that Dreahost just didn’t see it coming, choosing to react instead of being proactive, unlike TVCNet who goes out of their way to run daily malware scanning for all of their customers.
That said, because I was called in to fix quite a few of the hacked Dreamhost blogs myself, many of my clients have since asked, “how can I prevent this form happening again…”
Well, for most the situation could have been quite easily prevented had the client in question simply clicked the update button within their WordPress dashboard at any point in the past three months. I believe it was B.J. himself who said, “An ounce of prevention is worth…” Well, I’ll try to coin a more direct term for the Internet blog Age:
Now a lot of folks routinely update their WordPress blogs (Kudos!), but many still have lingering concerns regarding new plugins or that old theme installed back in 2005… If you are one of those folks, “we have a plugin for that”; well, sort of…
The downside of WordPress security plugins is that virtually all require some level of HTML knowledge. If you don’t read HTML like “The Matrix,” then I recommend taking these so named malware checking plugins with a grain of salt. Luckily I do read HTML like that screen in the Matrix movie so I’ll try to give you my humble opinion on the worthiness of these malware monitoring plugins, and may even ask your o-pin-ion. Alrighty then, here we go:
Threat Scan WordPress Plugin
A very simplistic plugin which outputs what the author considers potentially malicious code. What I like about this plugin is that it doesn’t have the overly alarming bright red and greens colors of some other plugins. Minimalistic and direct, if you have some HTML skills you’ll feel right at home with this one. Grade: B-
AntiVirus WordPress Plugin
Timthumb Vulnerability Scanner WordPress Plugin
Perfect! Does what it does with a little spice on the side. I love this dish, and if you’ve been served up a helping of timthumb.php exploit scripting pie in the past you should run, not walk, to install this tasty side order of love. Grade: A-
Exploit Scanner WordPress Plugin
This one’s a toss up. My experience has been mixed with Exploit Scanner. First of all, it simple won’t install properly or run on many client WordPress blogs I’ve tried. I don’t generally recommend the Exploit Scanner without first trying the install myself, though it does have a really cool name; which I imagine gets it more installs than others of it’s ilk. To the authors credit, you’ll find a rightly accurate disclaimer at bottom of page, “Unfortunately it’s impossible to catch every hack and it’s all too easy to catch false positives, yada yada…” Technically best of the bunch albeit quiet squirmy. Score: B+ (when it works)
Still adding to this list. If you have comment or recommendations please email me jim a@t hackrepair.com