Here is an opportunity for my loss to be your gain. As part of my effort to make it hard for something like this to happen again I’ve been implementing security solutions to my server and habits. The kinds of things you would hope would be implemented by default by a hosting company but rarely are.
Turn Off FTP And Use SFTP InsteadFTP is old and ugly. It should have gone away a long time ago. FTP sends usernames and passwords as clear text. That means someone can sniff your web connection and get your connection info. No decryption or special techniques needed to read them. They are just plain text.
SFTP is entirely different. It uses SSH (with encryption) to transfer the files. Not only do you get encryption but with SFTP you can compress what’s being transferred for faster transfers. A double win.
Crazy Passwords and KeysWe were hacked by a brute force attack that guessed a simple and common password. I've seen this type of attack happen numerous times. The simplest way around this is to have a password with no dictionary words, upper and lowercase letters, numbers, and symbols in them. It's a pain to remember these so I recommending using something like 1password to save them.
If you need help creating the terribly long and hard to crack passwords there’s the GRC Password generator.
Because I can’t remember these terribly long passwords I’ve setup SSH keys to access the server. That means when I connect, via ssh, I don’t have to enter a password. My computer uses a key instead.
Firewall RulesBack when I used to manage my own servers I had a firewall rule that seemed like a no brainer. If someone failed to enter the password correctly 3 times in a row they were blocked from connecting to the server for 5 minutes. This wouldn't stop someone whose legitimate or anyone really interested in trying to crack the system. But, it would deter (or at least make it difficult) for your standard hacker or bot.
There’s a simple explanation and tutorial over at http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/ if you’d like to learn more.
These aren’t an all inclusive measure or a guarantee to stop a hacker. But, these things will sure make it harder for them.