We have three servers at the moment for the websites we host, both our sites and client sites. Two in the UK and one in the USA.
So... yesterday we found out that our main UK root server had been attacked. The hackers had installed a port scanner which was sniffing out the internet in an attempt to find some open ports on peoples PCs so it could then attack them.
We had no idea how they had managed to do this, and priding ourselves in our understanding of security concepts and principles, we were a bit shocked they had got through. In many years of running web servers, this was a first.
The mistake we made was a simple one, and its one most people will have made. One of our staff had set up a test site on the server to try something out, as we often do. An innocuous little site sitting unconnected to the internet. He chose the password "test123" and there was the mistake - the password was just weak.
We now know that it was guessed by a brute force attack from some automated bot that searches the net. Once that password was guessed the hacker could get into the system. (Note to any hosting clients, this would not have effected your site).
The problem is solved and we have learned our lesson, but it does go to show how you always have to be on your guard and how you really should use strong passwords.
Add some salt to your passwords
Incidentally one way to really strengthen your passwords against such attacks is to use what cryptographers call a "salt". In its simplest sense this is an "unusual" phrase that you can prefix of suffix to your passwords to increase their strength without making them impossible to remember.
EG
password="paris67"
salt="tenred45!"
Actual password=tenred45!pasris67
So you might have ten passwords that are strengthened by one salt.
by the way if you do have lots of passwords check out our free and portable Yadabyte Passwords. It allows you to store an unlimited number of passwords on a USB key, ipod, PC and even your Pocket PC. Its very very secure using AES encryption and its very easy to use.
Download Yadabyte Passwords for free from Yadabyte.com
