Results 1 to 13 of 13
  1. #1
    ABW Ambassador
    Join Date
    January 4th, 2006
    Location
    USA
    Posts
    2,477
    It's about time to change your password
    I went throught a very scary afternoon when I found out that one of my sites was completely dissapeared from the web .

    The first thing I did was go to my hosting control panel to check my files, my god, the entire directory was gone. So I contacted my hosting support and got a hold of a tech support person. He checked into it and restored my files from their backup immediately. Five minutes later, my site was up and running again.

    But, what scared me the most is this question: who deleted my files?

    I didn't do it, my hosting company didn't do it.

    The tech support said it could be somebody access my files via FTP and hack them. He suggested me to do all kinds of scans and he said I should change my account password from time to time!

    Here I go, after three years using the same password form my hosting and FTP client , I changed my password.

    You should do it too.

  2. #2
    Affiliate Manager BlogBonnieBlog's Avatar
    Join Date
    July 28th, 2009
    Location
    Surprise
    Posts
    526
    good advice! i had my sites hacked this past summer by some idiot from Turkey. Having multiple domains on one site and making the mistake of having the same password for all of them, they went thru the whole list. I'd recommend having a different password for every domain. Then if they get into one, they don't get into all of them. And make sure you do regular backups. I lost 48 hours of work. Glad your host was able to get you back up so fast. It's times like that when you find out if you really have good hosting or not.

  3. #3
    ABW Ambassador
    Join Date
    January 4th, 2006
    Location
    USA
    Posts
    2,477
    Quote Originally Posted by BlogBonnieBlog
    I'd recommend having a different password for every domain.
    Good luck with that to those who have dozens of domains

    I only have a hand full of it so I might think about getting different passwords for each domains...still a lot to handle tho. Why those bad guys just can't leave us alone?

  4. #4
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    FTP is a very insecure protocol as the password is sent in plain text.

    However, a lot of FTP attacks happen because there is malware installed on the webmaster's PC, rather than there being a problem with the server itself. You need to scan, scan and scan again your PC!
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  5. #5
    ABW Ambassador meadowmufn's Avatar
    Join Date
    January 18th, 2005
    Location
    Seattle
    Posts
    2,587
    Do NOT save your password in your FTP program. There was a thread on here not too long ago about a trojan that would steal your ftp passwords and hack your site files. Use SFTP whenever possible and either memorize passwords or write them down and keep them secure, but accessible.
    -Don't criticize anyone til you've walked a mile in their shoes. Then when you do criticize them, you'll be a mile away and have their shoes.
    - Silence is golden. Duct Tape is silver.

  6. #6
    Member eSilverBullet's Avatar
    Join Date
    October 29th, 2009
    Location
    Utah
    Posts
    112
    This reminds me of the time I was doing some work in my server room late on a Friday night. I had a VNC server running on my desktop computer so that I wouldn't have to bounce back and forth from my server room and office. When I got back to my desk, I saw my curser moving around my screen on its own, trying to connect to my servers. I chased the person away and saw the IP address originated from Russia. I have no idea how the person knew my password to connect to my desktop. I'm just glad I saw it and stopped it. Otherwise they probably would have been able to hack into my servers. It was really freaky.

  7. #7
    ABW Ambassador
    Join Date
    January 4th, 2006
    Location
    USA
    Posts
    2,477
    Quote Originally Posted by Dynamoo
    You need to scan, scan and scan again your PC!
    That's what I did all afternoon and all night yesterday . My hosting support recommended a list of free online trojan/malware scan tools, one of them is http://www.windowsecurity.com/trojanscan/trojanscan.asp. It caught 55 objects, two of them look really suspecious(forgot what they were, deleted right away). Hopwfully my couputer is clean now.

    Quote Originally Posted by meadowmufn
    Do NOT save your password in your FTP program. There was a thread on here not too long ago about a trojan that would steal your ftp passwords and hack your site files. Use SFTP whenever possible and either memorize passwords or write them down and keep them secure, but accessible.
    Yeah, I think that's the mistake I made to save password in FileZilla. I've had hard time to remember so many passwords. Guess I've paid my lesson. Now that I've changed my password, I feel a lot safer already.

    BTW, what's SFTP(edit: I googled it)? How do I use SFTP on FileZilla?
    Last edited by mayfly; November 13th, 2009 at 12:02 PM.

  8. #8
    Moderator BurgerBoy's Avatar
    Join Date
    January 18th, 2005
    Location
    jacked by sylon www.sylonddos.weebly.com
    Posts
    9,618
    Another very good scanner is here. http://www.eset.com/onlinescan/

    I run their software on my computer and I never get anything bad.

    Vietnam Veteran 1966-1970 USASA
    ABW Forum Rules - Advertise At ABW

  9. #9
    ABW Ambassador
    Join Date
    January 4th, 2006
    Location
    USA
    Posts
    2,477
    Quote Originally Posted by BurgerBoy
    Another very good scanner is here. http://www.eset.com/onlinescan/

    I run their software on my computer and I never get anything bad.
    Hmmm, I think I will do one more scan just to make sure...I hate virus.

  10. #10
    Affiliate Manager BlogBonnieBlog's Avatar
    Join Date
    July 28th, 2009
    Location
    Surprise
    Posts
    526
    My hosting company and I identified that the guys that hacked my sites had gotten into one site thru a known security issue in joomla. I hadn't gotten around to updating joomla and once they announce those things my host says they often see rashes of attacks on sites hoping to hit those who haven't upgraded yet.

  11. #11
    Outsourced Program Manager AdZaz's Avatar
    Join Date
    November 9th, 2009
    Location
    Stamford,CT
    Posts
    122
    Yep Bonnie, I had a similar attack on a CMS Made Simple site, they injected css and hidden lists of links to Viagra/pill sites into the main template so it appeared in the source on the bottom of every pages html but was not visible to site visitors.

    Always keeping your apps up to date can be a big help, I also use different passwords for different sites, kind of a pain to track but much more secure...

  12. #12
    Member gibson's Avatar
    Join Date
    September 26th, 2009
    Posts
    193
    consider using a different login/password for ftp than you do for your webhosting control panel. ( if your webhost allows more than one ftp account )

  13. #13
    Newbie mlittle's Avatar
    Join Date
    November 4th, 2009
    Posts
    17
    this kind of hacks can be avoided just by frequently changing password. And never let the password 'remembered' or 'saved' on the login page.

  14. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. How can i change gmail password
    By jeffrisk in forum Search Engine Optimization
    Replies: 2
    Last Post: June 11th, 2009, 05:23 PM
  2. How to Change password in LinkShare??
    By kse in forum Rakuten LinkShare - LS
    Replies: 2
    Last Post: October 28th, 2007, 08:40 PM
  3. How to change CJ password?
    By Gingerbread in forum Commission Junction - CJ
    Replies: 2
    Last Post: July 15th, 2006, 10:46 PM
  4. Can't Run Reports...Change password?
    By bethany in forum Rakuten LinkShare - LS
    Replies: 36
    Last Post: April 12th, 2006, 07:12 PM
  5. CJ Password - Where do I change it ?
    By newaff in forum Commission Junction - CJ
    Replies: 2
    Last Post: December 23rd, 2005, 12:26 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •