Dreamhost

[axilant]

Alright... this is a weird thing about them...

Last night i was sent an im that had a AIM virus to send others a link to download something.

Well, i found out that dreamhost.com hosts them.

Then,

I get this reply:

We cannot find files.php on this users account

http://www.************.com/files.php (domain is not included to protect namepros safety)

Well when i click this link, the file comes up. And wants to download a ms-dos batch file (only when i use IE, not firefox)

The great thing about this, this tells me they are "too" scared to actually click the link, and see for themselves. Well, they looked at the users directory, didnt see the file.

What does this tell you? They use mod_rewrite. Am i right or wrong?

I see this file plain as day!

Imo,

Stay away from dreamhost!

They probably cant even tell you what dos or ssh actually is or the difference lmfao

Cody Selzer

 

[lilgee]

I tihnk your right on that, not for sure.

 

[axilant]

lmfao, there now telling me that the file DOES NOT EXIST, and they dont have rewrite rules. Well for there information, when i click on this link, i get a download request.

I told them to check it out more closely... i did a whois result on the domain name, and they host it for a fact. What im starting to think... is maybe i should bring the police in the matter? Maybe they are responsable for this. They should explain to me how i can click the download!!!

I downloaded it on my linux box, and its commands to send people im's with the link to download for AIM

What i dont get is, how stupid this host is being. I know for a fact that dreamhost hosts them, i used traceroute pings the whole works And the ip this site uses is owned by dreamhost.

What should i do?

 

[slantednet]

DreamHost has, in the past, and IMHO, been one of the better hosting companies. I'm wondering if there isn't just a breakdown in communication between you and them... i.e. you're saying something that is not being interpreted correctly by them.

Tell them to specifically go to this domains account and view the .htaccess file, tell them specifically that their servers are being used to host trojans, and they will find the file on their server if they do this.

Speak in small phrases, no uncertain terms, and maybe then the signals will jump the synapses... Or, just post your email history with them here, so we can see for ourselves if they're losers or not.

Take care,
Mike

 

[axilant]

message 1:

Hello,

http://www.**********.com/files.php

This is a ms-dos virus for AIM.


whois.sc/********.com shows that you are the webhost

<<


There is no "files.php" file on this URL. Thank you for contacting
Dreamhost.


Thanks,

trey

Message 2:

Hello,


As trey said, this file does not exist on the server at all and there are
no mod_rewrite rules.



Thanks,

Jordan

Message 3:

Hello,


Well the bottom line is this file does not exist on our servers, what so
ever. When i go to that link i get a no input file specified because that
file _does not_ exist. You might want to look into your browser as it is
most likely the problem. This ticket has been closed





Thanks,

Jordan

Sadly,
When i click on the link with IE it requires a download (the virus), although i did manage to get a way to download it with linux. When i use FF it says the no fileinput error.

I will go and install windows xp pro on a pc downstairs fresh install... and try it. This will clear up my problems with my webbrowser, at least it should if it were.

They dont understand that this can be hidden many ways. I requested them to call me, lets see if they do.

 

[slantednet]

Ouch. Well maybe I stand corrected (on them being a good host... )

 

[axilant]

Not my browser. Just installed a clean install of windows XP on an older machine, and still happens. So its nothing to do with my browser.

I dont understand why they are trying to hide something like this... maybe they are the trojan maker?

 

[Albino]

wierd

I dont get why they seem to be blatently ignoreing you and overlooking the problem!

Well, i wont be using this host, so infact by this, they are loosing potential customers

 

[jmweb]

Just because their hosting the DNS does not mean they actually host the site. They may host parts of the site but not all of it.

 

[axilant]

Just because their hosting the DNS does not mean they actually host the site. They may host parts of the site but not all of it.

All DNS servers are there. And i know how to check a name server's ips and look for the ip owner. All directed to dreamhost.

 

[zhoujianfu]

http://www.cruelbeauty.com/files.php

Is the url.. it really gives a 404 error, man.

It does look like this customer's account has been hacked though, so maybe it did work before, but I promise you that DreamHost isn't in cahoots with any virus guys and isn't trying to hide or deny anything either!

:tri:

 

[axilant]

Is the url.. it really gives a 404 error, man.

It does look like this customer's account has been hacked though, so maybe it did work before, but I promise you that DreamHost isn't in cahoots with any virus guys and isn't trying to hide or deny anything either!

:tri:

Maybe you should have told me that? Cause i have like 300 people on my AIM buddy list. And probably 40-60 have this problem, and it all comes from that url.

Plus, you shouldnt give a url like that out.... I dont get the problem cause i use Trillian but still... my gf's friend uses... and i told her id take care of the problem.

Well i have to go. School bus almost here.

 

[axilant]

Im fed up with there BULLSHIT!

THIS IS THE XXXXX 3rd different domain name that is HOSTED AT THERE SITE. AND THEY WONT DO ANYTHING ABOUT IT.

I KNOW someone that HAS This VIRUS and DREAMHOST WILL NOT DO SHIT ABOUT IT! WHy wont they investigate this matter? This is an illegal offese.

Im taking this to my local police station with full documentation, SCREENSHOTS of this actually doing something.

I have all the proof....

Heres a screenshot.

I WANT AN EXPLANATION.

Who else should i notify about this matter, if you can tell im not in a good mood at all.

This is a screenshot of the file actually wanting to download, and the whois information of the domain name.

http://mysandbox.org/fun.php is the url of this virus. And yes, i know PLEASE DO NOT CLICK THIS! I want DREAMHOST to realize they need to fix this problem and not just be in the hosting for the money, but safety of online users.

http://mikebrooke.com/index.php was one too. (Not there anymore)

EDIT:
4 now!!!
OOOO Heres a new one!! Minutes within editing this!!! WOW!

 

[slantednet]

I have to commend your desire to do right on this...

My suggestion, Dreamhost doesn't own their own datacenter (IIRC), so do some digging and find their datacenter, then email them.

You can probably find this information going off their IP address, find out who the IP is leased to, that's usually the datacenter.

Good luck with this, keep us posted.

 

[axilant]

I have to commend your desire to do right on this...

My suggestion, Dreamhost doesn't own their own datacenter (IIRC), so do some digging and find their datacenter, then email them.

You can probably find this information going off their IP address, find out who the IP is leased to, that's usually the datacenter.

Good luck with this, keep us posted.

They use a co-location in Down Town Los Angelos.

They wont tell me where, nor i know how to find out. All there ip range is registered to them. They have staff of dreamhost, that work there i guess... so i dont understand how thats co-location, wouldnt that be there own DC? heh... maybe not... just have people working there that wanted to start there own hosting....

Now get this. I have managed to get the source code of this virus (lol), and it GRABS from the IP version of there hosting at a different webhost that i cant even type the url, nor visit cause its a weird language from a php file that is protected with a password ect... to keep unwanted people out. Well it has two varibles:

Message=%url% some text explaining the url
Url=http://somedomain.com/file.ect

Sad isnt it?

This person needs to be stopped, i understand its something minor.... but theres cababilities to UPGRADE the virus remotely in this code. He could be planning attack.... ehehe... this is crazy crap :P

Any suggestions on who i should contact?

 

[slantednet]

hmm.. well, mikebrooke_com is hosting illegal mp3's on their site (just go there and fish around, especially in the powerman 5000 area...) you could try that route with dreamhost...

Seems like cruelbeauty_com is down now.. and mysandbox.org is not resolving...

Maybe they did something about it?

 

[axilant]

More urls to the list.

http://mypic01.dynu.com/info.php?file=img001.jpg
http://fun001.dynu.net/info.php?file=img021.jpg

This is getting pathetic, there running out of domain names, so there making subdomains lol

 

[axilant]

New url:

http://funy.game-host.org/info.php?file=img021.jpg

 

[jmweb]

I am not sure why you continue to bash this host here. If you really want resolution to this matter you should contact them.

 

[axilant]

I am not sure why you continue to bash this host here. If you really want resolution to this matter you should contact them.

Im not just bashing it here. I have full documentation on this matter, and this host will NOT do anything about it. I have showed them why they dont see the code, i have given them the source code of the virus, this host has refused to do anything about it. So what else is there to do about it? I have no clue who to contact to reguards on the law... cause if this host wont do anything about it, what will the government do... they wont listen to a 17 year old kid O.o

And this isnt just posted here, all the sites with dreamhost as a host for review, i have given them a bad mark.

 

[jmweb]

Im not just bashing it here. I have full documentation on this matter, and this host will NOT do anything about it. I have showed them why they dont see the code, i have given them the source code of the virus, this host has refused to do anything about it. So what else is there to do about it? I have no clue who to contact to reguards on the law... cause if this host wont do anything about it, what will the government do... they wont listen to a 17 year old kid O.o

And this isnt just posted here, all the sites with dreamhost as a host for review, i have given them a bad mark.

You should contact your parents if you feel what they are doing is against the law.

 

[axilant]

You should contact your parents if you feel what they are doing is against the law.

My parents? O.o That dont make sense... what will my parents do? My parents are working 24/7 why do you think im always on the pc? And if there not working there out of town.

 

[Albino]

i think he meant because dreamhost might listen to them, as they are adults