This information may prove more important than you will ever know!!!

Passwords

Eventually many of you will progress to paying for your own domain name and a decent hosted web site other than a "free" web site. While passwords are used for accessing even free web sites, once you become a webmaster of a truly independent web site security issues become even more of a responsibility.

When creating / changing passwords for what ever reasons dealing with web sites - ie FTP access (uploading files), server controlled password access to private directories, CGI program administrative forms, even your PC e-mail client for accessing your e-mail - there are some very simple rules you should FORCE your self to adhere to.

A) Do NOT use real words
B) use a mix of alphanumeric letters (0-9,a-z)
C) use a mixture of upper and lower case alpha characters (a-z,A-Z)
D) use at least 8 characters

Hackers and other mischief makers (lowlifes) mostly gain access to a web site by chance. That is,
1) they have access to thousands of common words that humans seem to use often.
2) they have ready access to PC programs which in a very short space of time will test thousands of character combinations with above common words.
3) web sites alone often provide clues to some words and combinations they can try - ie your families names, any repeated use of phrases or pet slogans and slang, pet (real) names, family birth dates, pet names of family and possessions like cars etc, words used in email addresses, and so forth.

Much of that mentioned in 3 can often unwittingly be found easily in texts on ones web site!

There are web sites created by high level hackers turned good guys? who make considerable money hired to intentionally attempt a site/server break in, mainly for the corporate world. Their lessons are applicable to all. They often list some extremely stupid passwords used by even so called well trained IT specialists, and most surprising to the layman (sorry, layperson) are some chance overheard clues obtained in bars and clubs which lead them (the hacker) to a path of investigation. Even explicitly described passwords on paper in wallets or handbags have brought a few corporate sites down.

So, the rule is simple, follow the above rules when creating passwords that YOU HAVE TO notarise AND keep secure, NOT ones that are simply easy to remember (and when noting them do not include "such and such password = ????" identifying what for where, at least leave that up to your own memory).

Other Info
There are some more dangerous situations where hackers **play with various forms from a web site or SSI web pages (page names with special extensions where a string of info can be passed to a server side CGI program by the URL) which may indicate a "hole" or weakness in a server side CGI program in the cgi-bin leading to the access of data files and other problems.

Other hackers write simple "robot" programs which can search, index, and copy every available file on your site!! If any of those found files include passwords or client details or client CCard numbers or any other sensitive info then guess whose integrity and trust go out the window (Search engines are sophisticated "robot" programs BUT with mostly GOOD manners).

The last comments are alone good reason why if obtaining your own domain/real hosted website you should go for the more secure yet cheaper, most popular (over 50% of all), Unix type hosted site. Setup/management of server protected password blocked directories are very efficient (so long as decent passwords are used!) and can block robots too.

A site like dtp-aus.com often attracts such attention and signs of above show in various logs I have access to or create by my own programs. But just because you only have a simple family site to start with don't think you are immune.

Primary concern of hackers is to gain access to / do damage to servers. Your site content may not be of interest but just may be a simple conduit for more sinister purposes.

As a webmaster, especially but not only with a proper hosted domain site on someone elses networked computers, you have responsibilities. You could become a weak link in the network.