[clug] re: Dreamhost
justin at agileware.net
Tue Sep 12 04:16:31 GMT 2006
I signed up to Dreamhost a few months ago. A couple of weeks into using them I found out that their security policies were non-existant .
Specifically, any user with SSH access ( ie . everyone) on the same host can access and read your files. All files world readable. All directories world executable. With 300+ users on a server this is a problem.
I raised it with the data centre folks and demonstrated how it was easy to extract data from another users account. They were not too concerned as "everything on the hosted servers is public information anyway". Yes this was their actual response.
I have not used Dreamhost ever since as I do not want administrator login /passwords to hosted LAMP applications in the public domain.
Best of luck with them. Just do not put anything on their server you do not want to share with the world.
More information about the linux