What do you do when your sites have been hacked? In general, recovering from an exploit requires consideration of:
- locating the source
- closing the security hole
- removing backdoors
- cleaning up damage
This guide covers the process of clearing up any exploits on your account.
Who is responsible?
In short, you are. DreamHost may assist in some situations, but is not obligated to do so. The Terms of Service, to which all customers must agree, states the following:
DreamHost Web Hosting is an information provider connected to the Internet. DreamHost Web Hosting offers storage and transfer services over the Internet through access to its Web Server.
Basically, this means that DreamHost sells the use of its servers. Whilst DreamHost does manage the OS and utilities on the servers themselves, they do not provide any management of customer software on those servers. The liability for the software housed in a user's account is clearly stated.
DreamHost sells the use of servers and manages the OS and utilities on the server themselves, but DreamHost does not provide management of customer software which the customer chooses to put on the server. The liability for software housed in a user’s account is stated in the 'Material products' section below:
- Customer will provide DreamHost Web Hosting with material and data in a condition that is “server-ready”, which is in a form requiring no additional manipulation on the part of DreamHost Web Hosting. DreamHost Web Hosting shall make no effort to validate this information for content, correctness, or usability.
- Use of DreamHost Web Hosting’s service requires a certain level of knowledge in the use of Internet languages, protocols, and software. This level of knowledge varies depending on the anticipated use and desired content of Customer’s Webspace by the Customer.
- The following examples are offered:
- Web Publishing: requires a knowledge of HTML, properly locating and linking documents, FTPing Webspace contents, graphics, text, sound, imagemapping, and so on.
- CGI-Scripts: requires a knowledge of the UNIX environment, TAR & GUNZIP commands, Perl, CShell scripts, permissions, and so on.
- The Customer agrees that he or she has the necessary knowledge to create Customer’s Webspace. Customer agrees that it is not the responsibility of DreamHost Web Hosting to provide this knowledge or Customer Support outside of the defined service of DreamHost Web Hosting.