In the DreamHost spirit of transparency and openness, I’m providing this update on our blog on the security issue yesterday. It’s necessarily pretty dry and factual, unlike most DreamHost posts, but that’s important to communicate as much detail as possible while not disclosing the inner workings of our security defenses. The bad news is that we detected access to one of our databases and took rapid action to protect customer accounts and passwords. The good news is that it does not appear that any significant malicious activity has occurred on any customer accounts as a result of the illegal access.

Early yesterday, one of DreamHost’s database servers was illegally accessed using an exploit that was not previously known or prevented by our layered security systems in place. Our intrusion detection systems alerted our Security team to the potential hack, and we rapidly identified the means of illegal access and blocked it.

Our first priority in this situation is to protect the safety and security of our customers’ websites and information. A quick review of the data potentially accessed indicated that some customers’ FTP and shell access passwords may have been compromised. So we decided to err on the side of caution and immediately initiate a forced reset of all customers’ FTP and shell access passwords, with the aim of preventing any illegal activity on customer websites. All FTP and shell access passwords were reset, and customer notifications were inserted in the web panel and on www.dreamhoststatus.com asking customers to specify new passwords once they’d logged in.

DreamHost has three types of user passwords – a web panel password, FTP/shell access passwords, and email passwords. Web panel passwords and email passwords were not accessed or affected. However we recommended in an update email to customers and their email users late yesterday that they reset their email passwords as well, as a precaution. It’s important to note that NO CUSTOMER BILLING INFORMATION OR OTHER PERSONAL INFORMATION WAS ACCESSED.

Our Security and Software teams have been investigating if any customer sites, apps or blogs have been affected as a result of the intrusion. As yet we have not identified any major issues – potentially as a result of the swift action to force a password reset. We’ll continue to monitor all systems and investigate and assist with any issues if they come up. We’ll all be working hard over the coming days to minimize any impact on customers beyond the password reset.

DreamHost uses a sophisticated suite of security software and constant monitoring that typically prevents any type of illegal access to our systems. In this case, our systems were not able to prevent the unauthorized access, however our intrusion detection system did allow us to respond immediately and minimize customer impact. We’ve already implemented changes to prevent any similar attempted hacks, and we’re performing a rigorous security review including a detailed review of customer input on potential vulnerabilities. Defending against cyber attacks is unfortunately an everyday part of business for Internet companies, so we’re constantly evolving our security measures to prevent them.

Thanks to all our customers for your patience, support and understanding. We acted swiftly to minimize the risks of the intrusion, and we know that changing passwords has caused you inconvenience. Customers who have ongoing concerns can contact our support team through the web panel. And I’ll be posting another update here if further information that can be shared publicly.

Simon Anderson
CEO, DreamHost

Shhhh! Do you hear that?

Listen!

Close your eyes and really concentrate.

That, my friend, is the sound of about two thousand oversized nerd guts clenching in feverish anticipation of the Southern California Linux Expo!

We can count ourselves among the clenched faithful as both DreamHost and the Ceph team are sponsors of the show this year!

SCALE 10x (it’s the 10th one!) kicks off TOMORROW at the LAX Hilton!

Ceph’s chief architect, Sage Weil, will be speaking at SCALE Sunday, January 22nd, at 4:30pm in the “Los Angeles B” room: “Ceph Distributed Storage System”

If you plan to attend SCALE this year make sure you stop by the Ceph booth (booth #6!) to meet some of our team!

Bring a resume too, because you never know what might happen… Both DreamHost and Ceph have plenty of jobs and not enough people!

Try to get some rest tonight.

Unclench yourself and prepare to be assaulted by an open source love-fest.

Things will get weird.

Every month DreamHost customers have had the opportunity to submit their site for voting on their account control panel, and other DreamHosters can then vote on them for a chance to be named a DHSOTM (DreamHost Site of the Month)!

DreamHost Sites of the Month –  November

The winner in the Overall, DESIGN, STRUCTURE and ORIGINALITY categories is: Portfolio of Daniel Hritzkiv

“Daniel Hritzkiv is a web-centric graphic designer always looking to create great new things.”

The winner in the CONTENT category is: My After Sex Buddy

The After Sex Buddy is the world’s first after sex cuddling doll.

Stay tuned for December 2011 DreamHost Sites of the month!   

Every month DreamHost customers have had the opportunity to submit their site for voting on their account control panel, and other DreamHosters can then vote on them for a chance to be named a DHSOTM (DreamHost Site of the Month)!

DreamHost Sites of the Month –  October

The winner in the DESIGN and STRUCTURE categories is: The Modern Nomad

“A blog tracking my transformation from office worker to world-wandering nomad. I focus on text quality and design. The content is a mix between personal experiences and information useful to anyone interested in a nomadic lifestyle. The theme was re-written from scratch.”

The winner in the CONTENT, ORIGINALITY, and OVERALL categories is:splatterMUSIC
“There are enough sources that feature, cover, regurgitate and promote the very best of music. And so I’m here to promote the very WORST! splatterMUSIC is the first and only comedic music site and features only video content. I hope you enjoy… or at least laugh.”

This month we’d also like to recognize an incredible piece of Facebook appery from one of our customers. It went viral in the weeks leading up to Halloween and doesn’t show any signs of stopping. I won’t ruin the surprise for you, but be sure to check it out at…

http://www.takethislollipop.com/

In the hosting industry customers do switch hosts from time to time.

It happens.

Customers leave DreamHost and old customers come back to DreamHost. Every day.

It happens to us, and it happens to other hosts.

It’s an endless cycle of creation, destruction, and rebirth.

It keeps things interesting and it keeps us on our toes.

There are many reasons for customer churn. Pricing, features, service levels, and positions on hot political issues are just some of the many criteria that a discriminating hosting customer might look for when selecting a home for their website.

“SOPA” has been in the news a lot lately. It’s a piece of legislation that threatens the very nature of the Internet. DreamHost opposes SOPA. Many web hosts do. But not all.

The Save Hosting Coalition explains why SOPA is bad for web hosts. And americancensorship.org explains what’s wrong with SOPA in a great infographic.

If your host has rubbed you the wrong way about SOPA or any other issue, allow us to lather you up with this special offer…

It’s a great way to get yourself up and out of a bad hosting situation, and in to the loving arms of DreamHost – lovers of open-source software, WordPress, free speech, freedom on the Internet, puppies, kittens, and candy.

Every month DreamHost customers have had the opportunity to submit their site for voting on their account control panel, and other DreamHosters can then vote on them for a chance to be named a DHSOTM (DreamHost Site of the Month)!

DreamHost Sites of the Month –  September

The winner in the DESIGN and ORIGINALITY categories is: Max Parr

“Max Parr is a Filmmaker and Photographer. These are his selected works.”

The winner in the STRUCTURE, CONTENT, and OVERALL categories is:  Boulomma
“Branding, Logos, Brochures, Websites, and Mobile applications”

Every month DreamHost customers have had the opportunity to submit their site for voting on their account control panel, and other DreamHosters can then vote on them for a chance to be named a DHSOTM (DreamHost Site of the Month)!

DreamHost Sites of the Month –  August

The winner in the DESIGN and STRUCTURE categories is:  One Long House

“We are a cooperative of designers, writers, photographers, programmers, and creatives alike. Our common bond is embracing curiosity and loving to create.”

The winner in the OVERALL, CONTENT, and ORIGINALITY categories is:  Tampa Changing Re-Photography
“Re-photographing historic buildings in Tampa, Florida.”

Every month DreamHost customers have had the opportunity to submit their site for voting on their account control panel, and other DreamHosters can then vote on them for a chance to be named a DHSOTM (DreamHost Site of the Month)!

DreamHost Sites of the Month –  July

The winner in the ORIGINALITY category is:  I’m Shaun

“Original WordPress theme portfolio site”

The winner in the CONTENT category is:  Association for Tarot Studies

The winner in the STRUCTURE category is: The winner in the STRUCTURE category is: Backyard Nature Center

“Home of Backyard Nature Center. Connecting children and adults with the wonders of nature!”

The winner in the OVERALL and DESIGN categories is:  iCodeLabs

Every month DreamHost customers have had the opportunity to submit their site for voting on their account control panel, and other DreamHosters can then vote on them for a chance to be named a DHSOTM (DreamHost Site of the Month)!

DreamHost Sites of the Month –  June

The winner in the DESIGN category is:  DamienDalli.com — Art Direction & Design by day, Super Awesome Sleeper by night.

“[A fun] Coming 2011ish page for my online portfolio. Enjoy! (If you like ‘liking’ things and/or [hopefully] actually enjoy the site, feel free to click that like button ~ it wont hurt, I swear.)”

The winner in the CONTENT category is:  People’s Press
“People’s Press is a Colorado Community Publisher, helping great stories and images from Colorado to see the light of day.”

The winner in the OVERALL, STRUCTURE, and ORIGINALITY categories is:  Impeccable Petunia
“Follow Petunia the backyard hen, in a weekly web-series, through a hazardous world as she discovers hidden talents, meets a mischievous cat named Macy, and encounters all things feathered and furious.”

Every month DreamHost customers have had the opportunity to submit their site for voting on their account control panel, and other DreamHosters can then vote on them for a chance to be named a DHSOTM (DreamHost Site of the Month)!

DreamHost Sites of the Month –  May

The winner in the CONTENT and ORIGINALITY categories is:  The Adventures of Joe D. Zyner

“A Web comic illustrating the struggles of three in-house designers.”

The winner in the DESIGN category is: The winner in the DESIGN category is: O DesignStudios
“Interactive design and museum exhibit media design services”

The winner in the OVERALL and STRUCTURE categories is:  FutureNoir Design Studio
“FutureNoir is a small web and graphic design studio with more than 15 years experience in internet media. We provide distinctive web, identity, and print solutions for businesses and individuals (and monsters too). Although we occasionally provide services to large corporations, our focus is on small and medium sized businesses with a passion for creative innovation, music, writing, and the arts.”