I received an email from 1and1 that my website has been hacked. This is strange. They were able to access my FTP account. The FTP account password has not been changed in many years and was a very simple one.
I have long since started including Upper Case, numbers and punctuation in the password. Some accounts won’t take the punctuation, but a mixture of lower, upper, numbers and punctuation is very hard to crack and most hack attempts will fail with these.
I have deleted all the existing FTP accounts and reestablished them with new passwords.
My sites were down for a few hours this morning. Since I am writing this email, I assume that they are all back up.
My financial accounts have hard passwords, but I am going to change them today, anyway.
It is interesting that they did not do anything bad. They hacked a package that does statistics, which is strange. They changed only one file that might have been damaging to anyone. I will tighten up some of the controls that I have and I hope that they don’t get back in.