1-Click install on Dreamhost

Permalink
I'm no longer seeing Concrete5 as a 1-click install option in Dreamhost. Anyone got any info on this? Waiting to here back from dreamhost tech support. It was there about a month ago.

FluxxMarketing
View Replies:
wagdi replied on at Permalink Reply
wagdi
Apparently DH have been having several problems with attacks. (Thread here: http://www.concrete5.org/community/forums/customizing_c5/visitor-fo... and here-http://www.concrete5.org/community/forums/customizing_c5/hackedinfe... ) This isn't through a fault in Concrete5.; It's most likely at the DH end.

From what I've heard, they've had to disable the 1-click install for now. All other C5 hosting companies are fine. The issue seems to only be with DH.

The best thing to do is open a support ticket with DH for more info.
FluxxMarketing replied on at Permalink Reply
FluxxMarketing
Well. Boo. Thanks for the quick response! That helps me a lot.
wagdi replied on at Permalink Reply
wagdi
You're welcome.

Here are the instructions if you wanted to install it manually- http://www.concrete5.org/documentation/installation/installing_conc...
FluxxMarketing replied on at Permalink Reply
FluxxMarketing
Thanks!

FYI, here's the response I got from DreamHost tech support...

Hello Joseph,

Thanks for contacting DreamHost!

I do apologize for not having Concrete5 available for use from our One
Click Install section of the panel. We pulled it down when our security
team found a flaw in the source of Concrete5. We are talking with the
developer of Concrete5 and waiting for a fix from them before making it
available in our panel again. Again, I apologize for the inconvenience,
but we did this to protect our customers. If there is anything else you
need help with, please let me know! Thanks! Have a great day!

Anthony S
TomVdP replied on at Permalink Reply
Hm... I am on DH with a C5 site. Is this serious ? Can the supposed developer they are talking with shed some more light on this issue ?
Thanks!
Ekko replied on at Permalink Reply
Ekko
Thats kind of funny considering my hosts techs athttp://www.liquidweb.com/vps/ just said they think c5 is extremely secure, and found no flaws when I asked them to check it over.

I am not trying to call that DH support staff out for bad info, but as a past client of DH, I can say that I left for a reason, and the crew at liquid has been nothing but a dream come true. Site loads in under .7 seconds is what its averaging on c5 installs without cache enabled or compression. All of the above makes me believe that DH is passing the buck. Along with all of that, the people here have always been forthcoming with any information on problems users should be aware of, and have shown real integrity time, and time again. Its also not occurring to anyone else but DH, so that also says something.
frz replied on at Permalink Reply
frz
We've been working with dreamhost.
The "flaw" is that we historically have left the /files directory at 777. Not really a flaw, just a permissive view on how webserver security should work. Since they got hacked through their custom 1-click installer, they're basically in super agro defensive mode now, which is fair - as a manager I'd be yelling at everything I could too.

Regardless, we've made some changes so they can run /files in 755 or more restrictive even, and now that 5.5.2 is out you should see concrete5 at the top of their list again.

The fact that their support guys all seem to have their own way of saying this has bothered me as well and we've worked with dreamhost to tie that down to something closer to reality now. Generally they've been pretty good to us. It's all working out.