Caydel’s SEO Blog

**** Update: After all this Dreamhost mess, I’ve decided to abandon ship and go to Lighthouse Technologies for hosting, since I know the owner, and can vouch that he is solid. His best plan is $16 / mo, but bound to be more reliable and secure. If you want to get hosting with Lighthouse, please consider using my affiliate link! ****

I just recieved this email from Dreamhost. It seems that they’ve leaked 3500 FTP account passwords somehow.

That explains a lot - about 2 weeks ago, someone used my password to upload tons of spam links to my sites. At the time, I contacted Dreamhost indicating the problem, and they assured me that their servers were secure, and it *must* be my problem. Looks like it wan’t me.

From: DreamHost Security Team
Subject: URGENT: FTP Account Security Concerns…

Hello -

This email is regarding a potential security concern related to your
‘XXXX’ FTP account.

We have detected what appears to be the exploit of a number of
accounts belonging to DreamHost customers, and it appears that your
account was one of those affected.

We’re still working to determine how this occurred, but it appears
that a 3rd party found a way to obtain the password information
associated with approximately 3,500 separate FTP accounts and has
used that information to append data to the index files of customer
sites using automated scripts (primarily for search engine
optimization purposes).

Our records indicate that only roughly 20% of the accounts accessed -
less than 0.15% of the total accounts that we host - actually had
any changes made to them. Most accounts were untouched.

We ask that you do the following as soon as possible:

1. Immediately change your FTP password, as well as that of any other
accounts that may share the same password. We recommend the use of
passwords containing 8 or more random letters and numbers. You may
change your FTP password from the web panel (”Users” section, “Manage
Users” sub-section).

2. Review your hosted accounts/sites and ensure that nothing has been
uploaded or changed that you did not do yourself. Many of the
unauthorized logins did not result in changes at all (the intruder
logged in, obtained a directory listing and quickly logged back out)
but to be sure you should carefully review the full contents of your
account.

Again, only about 20% of the exploited accounts showed any
modifications, and of those the only known changes have been to site
index documents (ie. ‘index.php’, ‘index.html’, etc - though we
recommend looking for other changes as well).

It appears that the same intruder also attempted to gain direct
access to our internal customer information database, but this was
thwarted by protections we have in place to prevent such access.
Similarly, we have seen no indication that the intruder accessed
other customer account services such as email or MySQL databases.

In the last 24 hours we have made numerous significant behind-the-
scenes changes to improve internal security, including the discovery
and patching to prevent a handful of possible exploits.

We will, of course, continue to investigate the source of this
particular security breach and keep customers apprised of what we
find. Once we learn more, we will be sure to post updates as they
become available to our status weblog:

http://www.dreamhoststatus.com/

Thank you for your patience. If you have any questions or concerns,
please let us know.

Share This

So I was thinking about Akismet yesterday - I wonder if it could be abused to silence other people.

Lets think about this a bit - what do we know about Akismet? From everything I have read at the Akismet Website, we know that it weighs a variety of factors in the incoming message to determine whether it is spam or not. Note that this is not blacklist activity; rather the recognition sounds like it is run through a neural net of some sort for heuristic analysis. What factors would they be? Most likely they would include the user name, email address, as well as words and links in the subject and body of the comment.

So, how can this be abused?

Let’s say there is somebody you want to silence on the internet. The first thing you would need is his/her login credentials, such as their typical user name and the email address used. This can easily be retrieved by enticing a user to comment on your own blog.

Now that we have his name, and the email address used to post comments. Consider this scenario:

Lets say we were to start posting comments to other blogs using his credentials. Let’s link to a bunch of prescription drug sites, porn sites, and adultfriendfinder while we’re at it. After posting a certain number of comments like this, would Akismet begin auto-filtering this username and email address as spam?

What if we were to somehow spoof his IP address - what then? Would this be the final nail in his coffin? And how long would you need to keep it up for the identity to get to the point where it is automatically associated with spam? How many legitimate comments would need to be marked ‘not spam’ before this person gets his identity back on the whitelist? If this is a possibility, it presents huge possibilities for abuse.

I would like to hear something from the Akismet team over this - this seems a little too simple, yet I have not seen any evidence that indicates that this is not possible. How about it? Can this be done? Or are the check in place at Akismet good enough to ensure that this won’t happen?

Share This

Now, before I go any further, let me make a few things clear:

• Spiceworks is an ad-supported program. By removing the ads, you are depriving the development team of their funding. In essence you are stealing the software from them.
• Spiceworks is not open source software. This means that you are not allowed to modify the code for your own uses.
• Removing the ads is probably illegal.

So, why am I posting this? Well, for a few reasons:

• I was having issues with the ads loading - they were timing out, making each page take 30+ seconds to load, and making the software somewhat unuseable.
• Many tech people have adblocker software that is blocking the ads already.
• This is to illustrate a point that I plan to make in an upcoming post.

That said - here is a quick way to remove the ads in Spiceworks. What tools do you need? Nothing. You need notepad, and the Windows Explorer.

An immediate observation I made when first looking at Spiceworks is that it is written in Ruby on Rails. All other things inside, that immediately indicated that somewhere, there was an .rhtml file which contained the layout code to include the ad block.

So, immediately, I performed a serach of the program directory, and found all the .rhtml files.

The two which you need to edit are:

• C:\Program Files\Spiceworks\ruby\lib\ruby\gems\1.8\gems\spiceworks-0.8.3616\app\views\layouts\common\_ads.rhtml
• C:\Program Files\Spiceworks\ruby\lib\ruby\gems\1.8\gems\spiceworks-0.8.3616\app\views\layouts\common\_sidebar.rhtml

To remove the ads, simply open both the above files in notepad. Remove all the contents from _ads.rhtml, leaving it completely empty. Remove everything within the “adbox” div tag.

If you would rather place your own ads in the sidebar, or the other content of your choice, perhaps links, or other content, you can also edit

C:\Program Files\Spiceworks\ruby\lib\ruby\gems\1.8\gems\spiceworks-0.8.3616\app\views\ads\adiframe.rhtml

replacing the contents within the tage with whatever you want to appear there. You could even place your own ads into the spiceworks install if you wanted.

Share This

From a Digg post:

“SEO Black Hats have found a major loophole in the comment preview of the Moveable Type blogging platform. This exploit let’s them insert active links into any post, avoiding the “nofollow” penalty usually associated. This allows them to artificially inflate the importance of spam websites, leading to less accurate search engine results!”

This is really too bad, seeing as their are hundreds, if not thousands, of high-ranking blogs out there based on the Moveable Type platform…

read more | digg story

Share This