The Latest in IT Security

DreamHost: hijacked websites redirect to Russian scam


Following the Dreamhost hack, that was revealed this week, many websites hosted by the company have been hijacked to redirect users to a Russian scam page.

I’ve identified hundreds of websites hosted by DreamHost that contained a PHP page redirecting to hxxp:// Here are a few examples:

  • promotes a common “get rich working from home” scam. On the left side, all links point to the same collection of fake testimonies from people purporting to have made plenty of money using the system.


The right side of the page, looks like Adsense ads from Google (same font, same colors, layout, etc.), but they are all links to This is a YouTube look-alike site, which contains a video shown promoting an online gambling site (

Fake Russian YouTube site copied the layout of the popular Russian site, The source code actually reveals that the page was created from, which has now been blocked by

The hijacked sites now redirect to other websites including,, etc. These domains were registered on 01/25/2012, but no websites are yet hosted at the domains.

I’m sure this is just the beginning of massive abuses on websites hosted by DreamHost.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments