Since I am new to webhosting, I would like to know what do I need to do to protect my website from hackers and all these things I hear about.

I have a strong password, do I need to protect anything else, like a folder on my directory or anything else?
how about back ups, do I have to do a back up of my site or does BH do it automatically?
If I have to do it, how do I do it and where? remember I am a newbie and I don't know what all that Myphpadmin and Mysql databases are for :confused:

help appreciated :)

If you're not using php, MySQL, etc., but are just posting static web pages, you're pretty much insulated from hackers, as long as your account has a decent password on it. The hacking that occurs usually happens because of security holes in the coding that folks have on their websites - if you just have plain HTML pages, there isn't any active code being executed on the server.

I gather that BH does some sort of backups (someone else will correct me if I'm wrong!), but I wouldn't count on that. Again, if your website consists only of static HTML pages, just keep a copy of them on your own PC.

thanks for your reply Early Out, my site is plain html. the only php I might use is coppermine, but it will have a different password to my account here.

If you are going to have a coppermine gallery, I would suggest you keep an eye on their site and UPDATE whenever they publish one! I didn't and had some idiot hacked my gallery and put a phishing link to an e-bay scam. The hack came from Romania, so now most of Romania can't get to my site. To make a long story longer, :p I had to get the update and pretty much start from scratch:mad:

I was not a happy camper to say the least!

Happy Saturday,
Beti
http://vetstribute.com

If you are going to have a coppermine gallery, I would suggest you keep an eye on their site and UPDATE whenever they publish one!


thanks for the tip, I will upgrade to their latest version, 1.4.10

Beti, how much were you 'behind' with updating when CPG got hacked?
I run the newest version (1.4.10) and update when I see a new security patch, but I would be suprised if a site which was 1 or 2 updates behind got hacked right away.

We need to just kill these people. I mean bullets in the head, then you will be safe.:rolleyes:

I'm getting lots of returned mail, undeliverable, that i did not send. is there a way to stop anyone from sending thru my smtp, if that is indeed what they are doing?

zizany-
They're probably not sending through your SMTP.
The spammers are sending out junk, and have somehow picked your email address as the fictitious 'reply-to'.
So when stuff bounces out there, you get the bounce.

When you say "lots of returned mail"...how many bounces a day is "lots"?

The FROM address on spam is never legit. Some spammers make up addresses, and others use the real addresses of other people. Putting someone else's address in the FROM field of a message is no more difficult than putting someone else's return address on the upper left corner of an envelope.

The mail isn't actually passing through your SMTP server at all. I could send you a message that would appear to be coming from george.bush@whitehouse.gov - only an examination of the internal message headers would reveal that the message never went anywhere near the whitehouse.gov mail server.

There's nothing you can do to stop it. Happily, the spammers usually don't stick with the same bunch of addresses for long, to avoid having their messages filtered.

About 50% of the spam I get are bounce messages where the spam has been sent to someone whose mail server is misconfigured and my address has been used as the from address by the spammer. If people correctly configured their email so as to not bounce undeliverable messages then these spam messages would disappear. By misconfiguring their server these sites are helping to spread spam.

About another 20% of the spam messages that I get are automated requests to confirm that I exist by people who have asked me something via a form on my site or signed up for a newsletter and then forgotten to whitelist my address (as is specified on the page where they fill out the original request).

My spam blocker dumps all of these straight into the junk folder so it only takes me a second or so to check that nothing I wanted ended up there by mistake before I delete them all.

Of course if people configured their email setup correctly then 70% of the spam that I receive would disappear straight away and I would just be left with the spam that comes direct from the spammers (3/4 of which is correctly dumped straught in the junk folder).