Taking no precautions...

I know many people might yell at me for this so to speak, but I don't exactly take any special security precautions on my websites. I'll have a password for my cPanel at /cpanel, an unmodified install of a forum script, no special directory changes, etc. It's all just the way it is.

My GoDaddy account was hacked once but that has little to do with me (maybe my poor password), but that's all. Is there anyone else that just leaves everything as-is?

 

There are a variety of security precautions that I take when dealing with a website or forum of mine:

• Weekly Passwords: On a weekly basis, I change the passwords linked to my individual hosting accounts (this does not include the root access credentials to my server - this remains the same), databases, e-mail accounts, and GoDaddy account. It's a bit of an OCD thing, but it's also fantastic when it comes to security. Better safe than sorry.
• Directory Names: I tend to change the names of certain directories every now and then to ensure that unwarranted access is not a problem. I rarely password-protect directories, but I have in the past... I don't really see the point in doing this.

I'm also quite hesitant when it comes to sharing account information with a partner (or partners). In order for me to do so, I must have a great deal of trust in this person - I've only worked with a select few, and they've all (luckily) maintained that "trust" quality.

 

My passwords are LONG, 20+ letters sometimes less =\ Protecting my stuff from hacking and stuff. I never reveal my name online either, protecting myself.

 

I had my godaddy account hacked two months ago. They stole my domains and tried to get me to pay them $2500 to get them back. Luckily, I had other domains and just moved the site to one of them while I worked with godaddy and the new registrar (he moved my domains to another registrar) to get them back in my name. That took three weeks. It was a PITA. I have since gone through all my passwords for all my sites and changed them to weird combos of numbers/letters and use 1Password on my Mac to remember them. He tried to get the root passwords to my servers also but my host was able to tell it wasn't me (the great thing about smaller hosts is they get to 'know' you) and refused to send them out to him.

 

I don't really take any precautions I changes the admin folder and the mod folder since I want better name for it but thats not for security purposes even if its good for it.

 

I'm the same, Chris. See, we're not as crazy as we think we are. You ought to .htaccess protect your modified ACP and MCP directories.

 

Excellent suggestion, Boss. Thanks for that.

 

All Star Gaming Pro was hacked recently. But the password was way easy; it was adminsaccessthis123 - .

However, the passwords for Setsou and Bird is the Word are so hard to figure out, way hard!

 

That is similar to what happened to me. I have no idea why this happened. Maybe the hacker saw one of my websites linked to that GoDaddy account first and wanted to hack me because of the site. Or maybe they were just hacking random GoDaddy accounts and figured out both my username and password.

I have never seen 1Password. I went on the site and watched the video - I'm going to install that right after this and switch every single password I use to the hardest possible 1Password setting. Thanks for bringing it up.

 

You're welcome, and don't forget. Email your .htaccess passwords to your staff, never use the forum or the PM system.

 

Exactly. Some people are silly enough to even share sensitive data like this in the administrator section on their forum.