GracefulCart~Server for GracefulHosting Services

First off, sorry for my lack of presence around the blog. Quite often my absence is due to a lack of what to write about, which is the case this time.

The other day, yesterday to be exact, I was reading a forum that I quite often vist when I stumbled up on a post about someone whose  hosting account was hacked. She said that somehow the hackers managed to get her password and replace her index page (home page) with a page that would collect credit card numbers. She gave some very good advice: “change your hosting password often !”

I built upon the advice she gave with this:

“Nothing can completely replace changing your password often but there are things that can be done on the Web Host’s end to help prevent accounts being compromised.

Chances are, your hosting account was hacked by someone who managed to get your password from someone/somewhere OR the hacker used a brute force attack ( http://en.wikipedia.org/wiki/Brute_force_attack .) Brute force attacks typically take a while to work. The attacker is literally trying hundreds & thousands of passwords. Our server uses a firewall that quickly detects and blocks these type of attacks as well as several others attacks that are used by hackers. All web hosts should utilize some sort of software that secures data on their server.

A web host also has to make sure that their passwords are secure. So many times security issues are blamed on other people when in all actuality it was the hosting company’sfault (not saying that this was the case with GoDaddy but issues have come up recently where a security breach was blamed on a software developer when poor password management was the true issue.)

Another suggestion, make sure you keep whatever software you use up to date… (eg. ZenCart, osCommerce, Magento, CubeCart, X-Cart) These people release updates often to help take care of security holes that are found. So many times things go bad simply because someone wasn’t keeping up with updates (and this includes your Anti-Virus software…. these updates contain information regarding new viruses that the anti-virus software needs to help keep you protected.) Don’t assume that since your software is secure just because you don’t see any ways for people to access anything they shouldn’t be. These people sit around for hours and days at a time analyzing code and environment variables to find these flaws. Also, an SSL certificate does NOT mean everything is secure. It simply means that things sent from your browser to the website’s server are secure. It doesn’t mean that the software itself has no flaws or exploits that can be used to access things you’d normally want kept private.

Anyhow, to add to your statement about changing your password for your hosting account often.. You should change ALL passwords often. Also, do not use the same password for everything. If someone gets your password for XXXXX then they are going to try and use it a YYYYY. Never write down your passwords. All it takes is someone locating this common source of passwords and you are in for one crazy ride. Last but not least, get rid of information that tells exactly what websites you use, especially the ones that give your username and/or password. If someone managed to get access to your email then they are probably going to read it. Don’t leave behind a little trail of all the sites you use. Yeah, they may know you use TTTTTT email provider but that doesn’t mean you have to let them know that you use eBay, PayPal, Facebook, MySpace, forums, blogs, etc.”

I just thought that this would be good advice to pass along to anyone that reads my blog (if there are such people :-)…I wouldn’t know because I only receive comments from spammers… hint hint!)

Anyhow, I hope this information helps you keep your personal information secure and, furthermore, your clients’ personal information secure. 

Thanks for reading!
Adam

PS. Thanks “jennifer” from Craftserver.com for bringing up the topic!