Never use the same password twice. If any password is found, the culprit will try to use it to access other areas of your site. Do not use the same password for your cPanel and for any config. php file, for example.If a culprit finds a way to read such a file, they can try those certain passwords to access your entire account. The best passwords look like this:xU76TgK7
Stay up to date! Keep an eye on your PHP scripts
Make sure your applications are always upgraded to the newest versions. Guestbooks, blogs, shopping carts, calendars, basically any PHP-based scipt will usually have at least one exploit in its lifetime! Keep this in mind and sign up for security alerts if the programmer provides them. The websites for most applications have forums and blogs to help keep the communities updated so that everyone upgrades as soonas patches or new versions are released. If you are unsure if the program you use has security issues, do a search at Secunia.com.
Use captcha (graphic verification) for all your contact us / feedback forms
Its very important to use graphic verification for all your email forms to prevent spam and email abuse. Readymade script is available here.
Not using it? Remove it!
Old installations are crime invitaons! If you test out the lastest and greatest tool for your site and decide to not use it, plsease uninstall it. It can be tempting to leave everythinge there and forget about it, but it's not a good idea in the long run. :) The latest will soon turn into the exploited.
What if your site becomes a crime scene?
If something has happened and spam has been sent out form your site, or if files were uploaded that are not yours, the first thing you should do is change all of your passwords. Next, look over your site for old installations and check the versions of all of your applications. Upgrade as necessary. Then check Error Log in cPanel for any suspicious requests. Finally, ask our Abuse Division for help. They can check what Ips have been accessing your space and retrieve final clues.
The truth is, it can happen to anyone - even if you think you have been extra careful. It normally takes one small break-in to truly learn just how desperately scammers search the web for holes. Any site is at risk, please remember that! The key things to remember will always be the importance of different passwords and the upkeep of any PHP applications you choose to install. Scammers are easily outsmarted so let's keep them out!