突如其来的，一场祸事席卷了Dreamhost小镇上的多户人家。这是Plod描述他们家的被盗现场：

美国西部时间6月4日晚9点左右，相当于北京时间6月5日中午12点，Plod 首页顶部开始出现奇怪的空档，查看了服务器上的页面，发现在一个小时前页面被改动，出现了内嵌 iframe，src 为 IP 加密代码转换成十六进制的 IP 地址，由于手头在线解密转换的地址一时想不起来，于是去蓝色理想发帖询问破解，很快获得地址，查询为马来西亚的 IP。进一步查看发现，所有 index.html 和 index.php 文件都被篡改添加了 iframe 代码以及数十KB的纯粹为了 SEO 的垃圾链接代码( 竟然还知道用无序列表<ul> )，有些代码添加得还算“客气”，而有些 PHP 页面则明显被结构性破坏，基本可以肯定是自动脚本所为。

看到这个消息，我第一时间检查自己在dreamhost上的窝点，所幸未被殃及。但是这个事情让人高兴不起来——要是你天天走的路上，一夜之间被人掀了下水道井盖，而且是掀掉了高达3500个以上的井盖，你能高兴的起来么?

紧接着Dreamhost Status Blog上也发了一个简单的blog:

A very small subset of our user accounts have been compromised due to a security flaw in our web control panel software. We have already notified those of you affected directly via email, aside from dedicated server customers who are being notified right now. If you are not on a dedicated server and you have not gotten an email from us your account has not been compromised and is likely safe. It’s still a good idea to change your ftp and web control panel password as a precautionary measure.

The security flaw allowed the attackers to log into our customer web control panel with the access privileges of another user. From our web panel they were able to access individual user password information. The attackers also attempted to gain access to our central database and billing information but were ultimately thwarted in that attempt. No credit card information or customer personal information was obtained.

这说明是Dreamhost control panel本身的漏洞，让hacker有空子可钻，进而危害社会。hacker们能轻易拿到每个人的密码，想想都害怕。回想这一年来的Dreamhost服务，有时候服务器很慢，有时候直接停电，这些我都没怎么抱怨，毕竟它大多数时候还是称的上稳定的，这一点比国内大多数主机强了很多。但是它为什么会犯如此明显的错误？密码以明文保存在后台，cpanel有安全漏洞不及时升级，这如何称的上Dream~~~~~host?

我要搬家!!

作者: Volcano 发表于June 8, 2007 at 8:03 am

版权信息: 可以任意转载, 转载时请务必以超链接形式标明文章原始出处和作者信息及此声明

永久链接 - http://www.ooso.net/index.php/archives/319