Dreamhost dropping the ball after years of decent service

[Pinky]

I've been a Dreamhost user for many years (with the same account since at least September 2006). Back in December 2011/January this year they had some type of security breach. They forced resets on some or all of their customer's hosted accounts (especially FTP accounts(?)).

Within weeks of this I had my first ever malware hack, infecting all the PHP files for my 2 forums and 1 zencart site. I reset my passwords again, restored from a recent backup, verified the restore was pre-infection, then upgraded one of the forums, turned off the other, and upgraded zencart. Within a day everything was infected again. Reset passwords again, tried a recent restore and there were none available. This essentially meant my one forum and zencart installs were trashed, because both modified the main database (so restoring from older files than a couple days wouldn't work with the new modified database). I started sending more support requests. I am/was SOL.

I then sent a request for 3 months of hosting refunded, since I've had to abandon the forums and zencart installs. Thankfully none of my forums were high traffic or critical. But a lot of time and some semi-important data was lost. In reality, 3 months is nothing compared to the time and potential revenue lost. It was supposed to be a gift to them for what was generally a flawless experience for the years prior.

I started with a couple reasonable requests and responses, then when I realized she was being a corporate minion ******* I stopped being nice.


Dreamhost's first repsonse to my request (>):

Hello,

On Tue, 06 Mar 2012, you wrote:

> Originating with your compromised systems back in Dec or Jan 2011/2012, I've
> had nothing but issues with my hosted forums. After password resets, forum
> upgrades (which did not help at all), and file restores, I was still stuck
> with infected and compromised forum installs that could not be repaired.
> This meant loss of data and a huge suck of my personal time addressing issues
> I didn't cause. I've been forced to abandon the forums. They were small,
> mainly private forums, but one was a shopping site for photos I sell online
> (so a potential loss of revenue, since the time to rebuild it from scratch
> will exceed its usefulness).

I'm one of the technical support managers, and I'd be happy to address
your concerns.

Very sorry to hear about what happened to your sites and the
inconvenience it has caused. Please note however, that it was not the
result of the password breach that happened in January. Let me explain
why.

1. The time between the breach and the password changes being issued was
only a matter of hours, insufficient for anyone to decrypt any passwords
or take any actions against customer accounts if they did decrypt them,
because new password was already present. If it did happen, then there
would also be evidence of malicious logins via "last", which was not the
case on your account.

2. Your account was not compromised due to an FTP attack. Specifically,
the malware being used is commonly associated with attacks against web
site software, not FTP passwords. You had several outdated and vulnerable
software installs on your account, but no sign of FTP breach (as per
above).

> I think the LEAST you could offer is a refund of my services since your
> system compromise back in Dec/Jan. Prior to that I would have rated your
> hosting service as stellar, but since horrendous.

I can certainly take care of that for you. I placed a month service
credit on your account for the January password breach issue.

Let me know if there is anything else I can do for you.

Thanks!
Andrea

My reply to their first response:

While I realize there are vulnerabilities that crop up, it seems highly coincidental that your internal security issues would coincide so closely with my issues. PLUS, I did a restore (which effectively cleaned up the malware attack), updated the zencart and phpbb installs, and turned off the vbulletin forum, but a day later was back to square one. Then to add insult to injury there were no backups available to pull a restore from (?? huh?), so I was completely SOL especially since the databases had also been modified as part of the upgrade process, rendering the installs utterly useless and permanently defunct. I'd also be curious to know how a vulnerability for one piece of installed software can spread itself across independent folders on your servers without account authentication.

So to summarize:

* Performed restore correcting malware attack.
* Updated software to latest versions.
* Day later malware was back.
* No restore options leave my forum/cart installs useless since the database was modified and will only work with files particular to that version of the install (which were not available to be restored).

After years of zero issues to have the problems I had suddenly occur within weeks of security issues on your end seems highly coincidental. You hold all the logs, so regarding the integrity of my passwords you could be lying for all I know. It would seem reasonable that if my account wasn't compromised I wouldn't have been contacted to have all of my passwords reset. That's a lot of bad press and exposure of an issue that didn't exist. (?) Your story doesn't hold water.

IF ultimately the issue is with the one click installs, then you need to stop offering them!

Kevin

Their response to my reply:

Hello,

I can assure you that we don't lie to our customers, we pride ourselves
of being very transparent with the good and the bad. The reason we did
password resets is to stop the intrusion. As I explained, the resets
happened so quickly, that whoever may have gotten hold of the encrypted
passwords had no time or way to use them to actually access the accounts.

We offer the one-click installs as a convenience, along with auto
upgrades, if selected, but the maintenance and customization is up to our
customers. As for the state of your account, I can run another scan to
ensure there is nothing left that would put you in a vulnerable position
again. Let me know.

Thanks!
Andrea

My final response:

Well I guess your $#^& just don't stank. if your services were any good the issue would never have come up. My lack of problems for all those years was probably more luck than skill on your part(s). It's obvious you feel above being questioned. Statements like "We don't lie" isn't proof that you don't. I have a 12 inch schlong.

Good luck, I'll be moving on.

Kevin

My final contention (if I were to take their responses at face value) - even after upgrading/updating/disabling my software installs per their request, I still get infected, then there's something fundamentally wrong with the softweare packages they're offering, or something in their systems that is buried and keeps reinfecting my installations. Either way, it's not a problem I'm inviting upon myself and mysteriously started happening shortly after THEIR security issues. Walks, talks, and looks like a duck to me!

Conclusion - use dreamhost if you don't care about what you're hosting, otherwise spend your $10/month elsewhere.

 

[EarthDog]

Geez...

 

[Pinky]

Any other dreamhost users on this board encountering issues? There's A LOT of bad stuff on the web from issues in the past year (so much so I'd probably not use them if I was looking for a host now). Curious to hear from individuals here though since we'd be a little more tech savvy.