Protect Your Money Sites!!!

[fthomas137]

Folks,

There's an old saying in the home alarm business.

"The buying customer is the customer who just got broken into"

Our bread and butter is our websites. If someone finds a way to hack, deface or forbid the thought, completely delete them, we need to make sure that they are protected!!

I've been victimized on two different occasions. The first was a simple redirect the page defacement. But it did occur over about 45 of my sites.

The second, required a restore of some of the site files across about 20 sites to get things working again.

With that in mind I have two very big hints for you all if you take Internet Marketing serious at all.

First - Complex Passwords

I do a far bit of contract work for others and their web presences and it absolutely scares the hell out of me how simple the passwords are a majority of the time!

If you are using a password that is extremely simple, then you are not taking your business seriously. If you guarded a bank, you wouldn't padlock it with a $3 lock, would you?

Sorry guys and gals that just plain stupid. A complex password is something that requires you to purchase a password remembering program. And every site should have different passwords.

I normally run greater than 25 digit randomly generated alphanumeric passwords. Especially for ftp accounts.

Second - Make Sure You Backup Your Sites

Don't trust anyone else with this task in the long run. But make sure you have at a minimum, weekly offline backups performed on your websites.

This is a primary reason I avocate using CPanel hosting. The CPanel platform has many programs that you can purchase and easily backup the whole thing to your local desktop.

In my case, it was backups that saved me hours of work. But how did they get in with complex passwords? Well, complex passwords keep the honest people honest. But a real theft will know how to compromise the code on your hosting agents servers. Therefore you need to know you have a backup!

So there you have it! If you need help, I can help, but you need to take your business seriously!

It make cost a couple of bucks to get it sorted out, like purchasing an alarm system for your home. But it's a whole lot better then dealing with the loss and emotional violation that comes with real vandalism.

Enjoy!

Frank

[Dan C. Rinnert]

The first rule of Password Club is not to tell other people how simple or complex your passwords are, nor their constitution.

[Adam Carn]

Quote:

Originally Posted by Dan C. Rinnert

The first rule of Password Club is not to tell other people how simple or complex your passwords are, nor their constitution.

Ahh that's why I didn't participate in the poll. Aren't I smart?

Adam

[SurviveUnemployment]

You forgot one: Keep your local machine clean. If you get a keylogger or packet sniffer, all your passwords are an open book.

[Dan C. Rinnert]

Quote:

Originally Posted by Adam Carn

Ahh that's why I didn't participate in the poll. Aren't I smart?

I didn't either.

[LB]

1. Don't run insecure scripts on your website. There are a ton of popular IM products that are literally open doors to hackers. Plenty of people outsource the development of these things without any consideration to whether or not their programmers can create secure products.

2. Local keyloggers and trojans are where most passwords are stolen. Get a good virus- scanner like NOD32 and user Roboform to avoid manually entering in complex passwords.

3. Have your host or a third-party tech harden your server. A basic firewall should lockout all IPs for 48 hours if the enter the wrong password more than a few times. This will prevent brute force attacks. I've seen hack attacks where the hackers were able to test hundreds of thousands of passwords before getting in with a bot....there is no excuse for this!

[HeySal]

Quote:

Originally Posted by Dan C. Rinnert

The first rule of Password Club is not to tell other people how simple or complex your passwords are, nor their constitution.

LOL - that was my very thought when I saw the poll - why does someone want to know who has whimpy passwords?

I'm so paranoid after having my main site trashed that I don't even keep passwords online. They are all written down at home in a location where I can safely say that even if my home were ransacked nobody would find them. After having a guest try to steal my fine silverware during a dinner party, I don't trust anyone with anything of value.

[fthomas137]

The poll was more out of curiosity.

BUt truly, who is going to know how you answered the poll? Unless someone is watching you....

Frank