- Random links to Russian sites have been popping up in certain browsers. This was traced to a mass March 6th edit of all PHP files.What else happened?
- I dunno. Sysadmin was not part of my job description.
- Seriously, though. I don't know. Passwords may have been compromised. The security of that is dependent on our forum software, which is years out of date.
- I'm still trying to see if they added any backdoors so that this can happen again.
- Security may have been compromised long ago, and March 6 was just the date they decided to do something about it. We weren't the only Dreamhost customer that was hit on that date: http://danhilltech.tumblr.com/post/1808586...press-dreamhostWhat we do?
- I've cleaned up the code that was doing it. There may have been more code added to specific files. I have no basis of comparison and would have to manually search through .php files for that.
- I'm emailing Dreamhost for more information.
- I'm going to have to change the passwords for the forum database.
- I must emphasize again that I'm basically just the cleverest chimp on a keyboard around here. I don't actually have any expertise about this.What you do?
- You should change your password (http://strongpasswordgenerator.com/
). You should NOT change your password to something you use elsewhere: we don't know how the breach happened or if it can happen again, or if it's still open.
- You should also change any password of anything you use with the same password.
- You should scan for viruses and other malware, especially if you were ever redirected to any other site while trying to go to LCN.
- Um, don't post private information on this site. And think about what private information you may have had here (e.g. private messages containing passwords or something). They may have downloaded anything and everything.
This was the code added to the top of every PHP file:http://pastebin.com/gXfHRTbn
That was base64 encoded PHP script, probably to prevent server searches from turning up the links. Here is the base64 decoded:http://pastebin.com/vXfaqbS4