01/12/2008 17:19
In late November / early December a number of clients experienced sites being defaced, in the majority of cases the sites were running old (in some cases exceptionally old) installs of popular scripts such as osCommerce and CMS/bloging software.
Users who fail to upgrade scripts place their own sites and the security of the server at risk and we urge all users with 3rd party scripts to ensure they are running the latest stable release in ine with our standard terms and conditions.
We also advise against allowing site visitors to upload files to your webspace or making files and folders globally writeable (CHMOD permissions 777) as this can pose a security risk and should be undertaken only where there is no other solution.
Breached FTP Passwords
We are also aware of incidents where FTP passwords have been guessed/known and index files downloaded, defaced and re-uploaded.
Clients who experience any defacing or hacking should ensure they remove all unknown files from the server and pay particular attention to removing any FrontPage files or directories (these will contain the name VTI) and ensure that all account passwords including FTP are changed ASAP.
We urge all users to adopt a secure password policy of changing passwords on a regular basis and to use complex passwords instead of simple, dictionary words.
Passwords containing dictionary phrases or words, even with the addition of one or two digits as a prefix or suffix, are highly insecure and can be discovered by malicious third parties with minimal effort.
To use one real world example, hedge32 would be a highly insecure password. A secure password is one which comprises a wholly random string of upper and lowercase letters, numbers and punctuation symbols.
To ensure the security of their sites and data, users who currently use weak passwords are advised to immediately update them.
Help on how to change your password can be found in the video tutorial of our support site:
Powered by WHMCompleteSolution
Quick Navigation
Search
