I am happy to report that DreamHost, my hosting provider, has kindly responded to my request that my accounts be restored from pre-hacked backups, before all the index.* files were modified to contain spammy stuff by a hacker who gained access to my account and others via getting my password in clear text somehow from DreamHost.
Lesson learned: Always request that your password not be stored in cleartext at any time unless they are stored safely and securely. Hasing passwords with a salt is a much safer way to prevent this kind of problem from reoccurring.
My hosting provider, DreamHost, was storing my password(s) and those of thousands of others in plain text somewhere on their side. Suffice to say this was compromised and all of my websites have been hacked. If DreamHost does not restore all my accounts from backups, I will be forced to restore them manually, a task that will take a few weeks to a few months. Suffice to say I’m a little pissed that I’ll be now spending the next few weeks to months having to fix a problem that was their fault, not mine.
I emailed MediaTemple asking if they store passwords as plain text, but because they are a Tier 4 Certified, they say they can’t say one way or another.
Does anyone know if a Tier 4 Certified hosting provider is allowed to store customers’ passwords in plain text?
So I’m sitting here outside my apartment building, shy of two hours from going to work, freezing, the sound of sirens, loud noises, disgruntled neihbors, and other mishaps around me. I hope I can get my extra five minutes of sleep this morning. Good grief.