As far as I can tell, my site did not have any of the spam links inserted into my web pages. This suggests I am part of the group who had their FTP password stolen, but nothing changed.
However, I am now extremely paranoid.
A list of what I have done so far:
- Changed all of my passwords on this site and dreamhost (that means dreamhost panel, ftp, wordpress, mysql, etc.). I may decided to generate completely random passwords that are all different for each component.
- Completely deleted every file on my web site (after a backup of course). I have downloaded a completely fresh copy of WordPress and just installed it.
- I have switched to the default WordPress theme for the time being, until I can comb through the code on my old theme to make sure it is safe.
- I will check all of my plugins, download the latest versions of them, and install the new versions.
Remember WordPress users (and I am sure other web site software suffers from the same problem), your mysql password is kept in the wp-config.php file. I highly recommend you change your MySQL password.
In fact, I highly recommend that ALL DreamHost customers change their passwords. I wonder if the initial count of 3,500 accounts compromised could be low.
What a mess. I hope DreamHost figures out how this happened.