Remember that weird spam we were recurrently getting in our index.php file? I spent several days looking for the source of it, to no avail. Turns out that our host, DreamHost, had been hacked and several thousand account passwords obtained. These were used — in our case I guess more than once, but details are still extremely hard to find — to access the index files of many sites. DreamHost have apparently sent out a letter to affected customers, but we were affected and haven’t heard a word, and as yet there’s nothing on their website, either. Here’s another person who was affected. All very frustrating. We’ve changed our shell passwords and all that, so I suppose we’ll just wait for some details and an explanation from DreamHost.
Yikes.