In Soviet Russia, Automated Worm Hacks You!
Hey everyone, time for another update! Unfortunately the only thing robotic about this one is that it is about an automated intrusion system that managed to get into my (and other peoples) hosting account on Dreamhost over the weekend and start inserting dodgy javascript into all of the files! Argh! 
More info about the attack:
- I have reverted all of the changed files and changed all of the passwords
- It happened on Saturday @ 18:47
- The worm is somehow related to the "Russian Business Network" (a botnet perhaps?)
- It was a probably a fully automated attack that uses a simple parser to add an encoded script tag to the body tag of any pages it finds.
- It failed to properly parse the Ausrobotics pages so only changed one of them. That’s why the front page was busted. (It changed a lot more of my Wordpress sites)
- It (probably) would have tried to download spyware to your computer if you were running IE without an antivirus setup. When I went to another one of my sites it set my AV off because of the JS.
- It doesn’t look like it touched the DBs at all but I would recommend changing your AR member password anyway
- Dreamhost are a bunch of idiots
So, sorry about the downtime there. I had managed to somehow not check AR on any of my systems until about 21:30 last night so hadn’t noticed. I am waiting on a response from Dreamhost to see how many others were affected. According to some blog posts I found, this type of intrusion has happened in the past to other Dreamhost customers. Someone managed to nick a bunch of FTP passwords but I wasn’t notified at the time. Great.
I will update you guys as soon as I get more info… Also I will be tearing down this site and reinstalling everything as soon as I get a plan together.
Just what you need when you are trying to build a scale model of the largest particle accelerator in human history…!
Have you ever considered self-hosting? If you’ve got a reliable computer that you can leave running Linux 24/7 then it probably wouldn’t cost you any more than you are having to pay now for your internet connection and hosting.
You only need one or more permanent IP addresses, and highly recommended, a robust home made dual conversion un-interruptible power supply. I built mine using a 600 watt pure sine inverter and a 40 amp 13.9 volt bench supply from Jaycar. Just using the cheapest car battery I could find it will run the server comfortably for more than two hours without power.
The internet connection is a Telstra business symmetric DSL and even at 3.9 kilometres from the exchange, it can sustain more than 100 kilobytes per second both ways. My choices for internet access are fairly limited here in Tasmania but I dare say you could find a suitable service very easily.
It sure beats having to rely on a bunch of idiots who don’t care about your website(s).