[UCIMC-Tech] [urbnde 100895564] URGENT: Account Exploit...
arthousefarm at gmail.com
arthousefarm at gmail.com
Mon Mar 2 07:38:59 EST 2015
And more ....
> On Mar 1, 2015, at 6:40 PM, DreamHost Customer Support Team <support at dreamhost.com> wrote:
>
> ------------------------------------------------------------------------
> - After reading this response, please consider visiting
> - the survey below to comment on its quality. Thanks!
> - http://www.dreamhost.com/survey.cgi?n=100895564&m=4222204
> -
> - If the service you received from us was exceptional, please consider
> - tweeting your love for @dreamhost. It'll warm our hearts, soothe
> - our souls, and get you good karma at some point down the road.
> ------------------------------------------------------------------------
>
> Hello,
>
> We have discovered copious amounts of spam found to be originating from
> malicious files on your 'imctech' user on the lunenburg shared server.
> These processes originated from the following locations:
>
> lunenburg:/home/imctech/drupal7.ucimc.org/dru7/modules/dashboard/session.php
> lunenburg:/home/imctech/drupal7.ucimc.org/dru7/modules/user/user.api.php
> lunenburg:/home/imctech/drupal7.ucimc.org/drupal-7.20/modules/user/user.api.php
> lunenburg:/home/imctech/drupal7.ucimc.org/dru7/sites/all/libraries/ckeditor/_source/plugins/pagebreak/images/include.php
>
> It is likely that malicious files were inserted into your site by a
> third-party who exploited an insecure script on your account.
>
> We have disabled the 'help.ucimc.org' domain by renaming it's directory.
> Please do not re-enable it until you have cleaned and secured your
> account. Here are some suggestions on how to go about doing that:
>
> - Immediately update any third party scripts hosted under your account,
> ensuring that they are running current, secure software versions. The
> biggest source of exploits, we have found, are old/insecure scripts.
>
> - Look through your account and remove any files you cannot account for
> or did not upload yourself. If someone was able to access your account
> via a 3rd party script exploit they may have left additional tools and
> backdoors.
>
> - Change your FTP/SSH passwords. We recommend a password of at least 8
> characters in length made up of random letters and numbers (use of
> dictionary words in any language is not recommended, as they are very
> easy to crack).
>
> We have also initiated a summary security scan on the account files to
> assist you in identifying other potential issues on the account. Once
> that's complete, we'll follow up with you with the results and some more
> tailored advice on how to proceed from there.
>
> If you have any questions in the meantime, please feel free to let us
> know.
>
> Brandon E
>
> ---- DreamHost Abuse/Security Team
> - Terms of Service: http://www.dreamhost.com/legal/terms-of-service/
> - Acceptable Use Policy:
> http://www.dreamhost.com/legal/acceptable-use-policy/
> - Anti-Spam Policy: https://www.dreamhost.com/legal/anti-spam-policy/
> - Abuse Center: http://abuse.dreamhost.com/
>
>
>
>
More information about the IMC-Tech
mailing list