Be aware... recently we have noticed a rise in FTP hacking, successful brute force security hacks. A number of sites, unfortunately the Nomis site as well as client sites and I imagine many others, were comprimised.
FTP hacking, brute force security hacking, is where a hacker manages to guess your password and then obtain access to the raw files of your website: it conjures up images of a person tapping in "12345", then "54321", then "23456" etc., like in the movies, in fact it is a lot more sophisticated and can lead to problems such as Google blocking your site and advising visitors that the site contains malicious content - not very good PR.
The examples of FTP hacking that we have seen in pages show a line(s) of script that has been added to the html code which forwards the user onto another site or downloads malicious programmes.
Ways to try and reduce the risk of FTP hacking:
- Make your password as hard as possible to guess
- Firstly check with your hosting company as to their password policy but where possible include the following:
- Vary the case of letters - use both uppercase and lowercase
- If you do not need your FTP service, turn it off
- Only have it turned on when you actually need it.