Wow. SSH into your DreamHost account and type “last [your_username]”. Do you see page after page of unfamiliar sessions lasting 0:00? That’s what mine looked like when my account was hacked and someone had dumped search engine spam on every page of every one of my websites. I found out a few days after it happened, while trying to figure out why the index file that builds my RSS feed was acting so jittery.
Now just type “last”. Press control+c when you feel as though you’ve seen enough. Notice all those users with repeated sessions lasting only 0:00? Chances are they’ve all been hacked as well. They really should change their passwords. Someone should really tell them to do that.
