DreamHost’s Unhappy January Continues: First, A Database Breach, Now An Outage

DreamHost has been having a rough couple weeks. The low-cost hosting provider and domain name registrar found some unauthorized activity in its databases back on January 20th, which they later admitted were a series of attacks that may have led to the theft of some of their customers’ FTP passwords. The company required mandatory password resets for all their Shell/FTP accounts — you can read our coverage here.

DreamHost’s bad dream continued today, as they’ve been reporting outage problems, as Web, SSH, and FTP services were down for many of the company’s virtual private servers, shared, and dedicated machines. The outage was first reported at 4am PST on Sunday, and has continued throughout the course of the day, with the company offering updates on its blog.

In the company’s initial blog post, the team said that “the apache (web), SSH, and FTP services on a subset of our VPS and dedicated servers are currently down. FTP services on some shared servers are also experiencing downtime. Our system administration and data center operation teams are currently on the case and we are attempting to restore services as soon as possible.”

Furthermore, the post said that the outage only affected web VPS/dedicated and shared web server FTP services, while other services or servers, i.e. mail were unaffected. They also, unfortunately, did not specify which “subset” was affected in particular. Yeesh. And, judging from the parade of comments and subsequent updates, users were apparently experiencing problems with MySQL and webmail services as well. The majority of the large problems seem to have been addressed as of DreamHost’s last posting at 6:30 pm on Sunday, although there’s been no final word.

DreamHost plays host to thousands of small websites and personal blogs across the Web, and for many of them, it was a surprise to find their sites offline for most of the day. By now, most of the sites are back up, but from what these site owners have learned from DreamHost, the VPS server was damaged by new software they were installing this morning, leading to a sizable outage with ripple effects across their services. Even though the outage lasted nearly 24 hours for some, many could not even access files to move to another host.

Unsurprisingly, the outage caused a flurry of DreamHost users to flock to Twitter to express their chagrin, with some saying that it might cause others to consider moving to other services. Veteran tech journalist Dan Frommer and his SplatF were among them:

Props to @swein for his reaction. Clearly, other hosting providers may be seeing some new clients in the near future. Though as of now, it remains unclear whether the software installation this morning had anything to do with the database breach on January 20th. As far as I can tell, they were unrelated.

More here from DreamHost.

Will update should we hear any updates.