Who hacks websites?
In most cases your website is hacked by your acquaintances, friends, classmates etc.
Why are websites hacked?
Websites are usually hacked for fun because as a rule your websites do not contain any valuable information which a hacker could use for personal gain.
Whose fault is it?
This is only YOUR fault because you do not fulfill the elementary security requirements.
How to protect a website from hacking?
- Do not log in to your Control Panel from somebody else’s computer, from an internet café, institute, school etc.
- If you still entered Control Panel from a shared computer, never save your password in a browser and always click "Log out" before you close a browser.
- Don't give your passwords to anyone.
- Use different passwords for everything (e-mail, Control Panel, administrator account etc.).
- Don't use easy passwords (123456, 123qwe, qwerty, password, mypass etc.). Your passwords must look like this: jDk9eu8kd (i.е. a random set of characters).
- Do not allow ordinary users to add news, blog entries and so on everywhere where they are allowed to use HTML. Remember that it is only YOU who need this website. If you have friends who want to help you with your site, move them to another group (e.g. "Checked") and allow this group to add information to the site.
- Do not assign people who you don't know well as administrators and moderators.
When creating uCoz, we focused on the system safety. There has not been a single case yet when a violator has got access to a website not through the fault of the site owner or the moderators. That's why we advise you to follow the recommendations above.
One can log in to Control Panel only if he knows the password, and no XSS will help find it out. The passwords are not stored in cookies, but only on the server in the encrypted form. So if a violator got to your Control Panel, then you let your password be stolen (i.е. didn't observe the security rules). P.S.
We strongly recommend NOT
to reply to such e-mails:
The mail service/administration of your host *@your_mail/host is cleaning up the accounts. If you don't want your account to be removed reply to this e-mail and provide your username and password in the "Subject" field in the following format: username; password.
I'm not active on the forum anymore. Please contact other forum staff.