My web hoster is not particularly responsive, and so I'm having to learn more of this than I probably should given my expertise. Any help will be greatly appreciated. I had someone break into my cpanel administrative account over the weekend, set up the forwarder to forward copies of my email to him, and then use this as a method to attempt to steal my domain name. Foruntately I was able to stop this.
I've figured out how he did it, and I want to stop it from happening again. The cpanel login has a 'feature' that does not require a login name, i.e. if I enter just my password I get in. Plus, there is no 'brute force' protection on the password. I had a bad password (6 letters) and the guy was able to brute-force his way to a login, set my forwarder and then go about stealing my domain.
Is there a way to both fix the no login name feature, and prevent further brute force attacks from being successful? I've changed the password to something much more complicated, but I'm worried that's not enough and I'm pretty certain this bugger will be back later.
Any ideas?
Thanks.
I've figured out how he did it, and I want to stop it from happening again. The cpanel login has a 'feature' that does not require a login name, i.e. if I enter just my password I get in. Plus, there is no 'brute force' protection on the password. I had a bad password (6 letters) and the guy was able to brute-force his way to a login, set my forwarder and then go about stealing my domain.
Is there a way to both fix the no login name feature, and prevent further brute force attacks from being successful? I've changed the password to something much more complicated, but I'm worried that's not enough and I'm pretty certain this bugger will be back later.
Any ideas?
Thanks.