password – Web hosting, Domain names, Dedicated servers Fri, 29 Jan 2016 11:05:52 +0000 en-US hourly 1 password – 32 32 What is Anonymous FTP? Mon, 19 Jul 2010 16:29:16 +0000 FTP icon

By default, FTP servers require the user to login in order to upload or download files. Many web hosts, however, additionally offer the ability to use anonymous FTP. It basically gives you the ability to allow users to login to the FTP server without providing a username or a password.

What it really does is give users access to a username called anonymous, which does not require a password. They can then perform whatever tasks that are allowed for that user. For example, the anonymous use may be allowed to download public files but probably will not be allowed to upload. Downloading with FTP takes load off of the web server and usually offers more connections so more users can access the files at once.

Despite its name, anonymous FTP is not completely anonymous. As a website owner, you can still track IP addresses and host name, in case someone attempts to compromise your system. If you do not offer public downloads of any sort, it is usually a good idea to disable anonymous FTP.

Troubleshooting Database Connections Mon, 12 Jul 2010 19:17:37 +0000 Drupal database connection error
When MySQL works correctly, it can be a thing of beauty, but when something goes wrong, it can drive you mad. Here are a few things you can do to troubleshoot connection problems:

1. Make sure your username and password are correct.
2. Double-check the hostname. Although “localhost” works on most servers, it may not on yours.
3. Test the connection string (if you wrote the code yourself). You may have a simple typo.
4. If you have your own server, check the mysql server to see if it is running and running without errors.
5. Does the database you are trying to connect to actually exist? Sometimes automatic database creation fails, and you are left wondering why you cannot connect to it.
6. If you can connect locally but cannot connect remotely, check your firewall settings to see if port 3306 (or whichever port you use for mysql) is open.
7. Finally, be sure your mysql user has the necessary privileges to perform whatever task you are trying to accomplish.

Photo Source: Flickr

How to Login as a Different User in Linux Mon, 21 Jun 2010 16:28:00 +0000 System usersSometimes when I am working on a project and come across a new powerful Linux command, I need to test it. With a live dedicated server, that can be a recipe for disaster. Rather than taking such a risk with your websites and possibly the websites of customers (if you also host sites), I recommend creating test accounts.

A test user will have a unique set of configuration settings, its own home folder, and its own username and password. The second dilemma I encountered, however, was that once the account was created, I did not want to always have to log out of SSH and then login as the other user. In fact, for security reasons, I did not want the test user to have SSH access all.

Normally, the “su” command is used to become root, but you can also use it to login as any other user, directly from your SSH command prompt. To execute the command, type:

su -- username

It will then ask you for the specified user’s password. Enter it, and you are ready to test.

Image Source: Oxygen icons

Creating Good Passwords Wed, 12 May 2010 21:32:05 +0000 Password Generator
Whether you have a single small website or a data center filled with servers, security should always be at the top of your agenda. One of the most basic security holes that attackers often exploit is the weak password. It is important for you and any users on your server to use secure passwords.

There are certain practices you can use to make your passwords more secure:

  • Use a mixture of letters and numbers
  • Mix lowercase and uppercase letters
  • Make the password at least 8 characters long
  • Change default passwords given to you
  • Do not use a real dictionary word in any language
  • Do not use acronyms that are easily deciphered
  • Never give your password to anyone, even someone claiming to be a web host or system administrator
  • Do not use the same password you use for other things
  • Do not use letters or numbers that relate to personal information (birthdays, names, etc.)
  • Change your password often.

If you need help creating a password, consider using a password generator. PC Tools has a free online password generator that will allow you to specify length, types of characters, and similarities. Best of all, it will allow you to create multiple passwords at once. Now you have no excuses left for having a password that is easy to guess.

How to create an SSH key Wed, 28 Apr 2010 15:09:44 +0000 SSH folder icon
An SSH key is a secure encrypted code that allows you to connect to a server without having to type the password in plain text. To setup a key, follow these instructions:

1. First you need to connect to an SSH host on each machine (this will create the .ssh directory in your home directory):


2. On the local machine, type:

ssh-keygen -t dsa

It will prompt you for the secret passphrase. After you enter the passphrase, it will create id_dsa and in the /home/user/.ssh directory.

3. Next copy the above-mentioned files to the remote server:

scp ~/.ssh/

4. Now tell your server which key to use:

ssh-agent sh -c 'ssh-add < /dev/null && bash'

It will ask your for your passphrase and create a new bash shell.

5. Finally, type ssh (It should now connect without asking you for a password).

Photo Source: Wikimedia Commons

How to prevent users from reusing old passwords in Linux Thu, 14 Jan 2010 18:03:49 +0000 Change password window
In a previous blog post, we learned how to force users to change their passwords on a regular basis. This prevents them from keeping the same password forever, but it does not prevent them from alternating between the same two passwords or between a handful of them. Fortunately, PAM, Linux‘s password management system, allows you to prevent users from reusing the same old passwords.

To limit password reuse, you will need to edit the /etc/pam.d/system-auth file.

Find the line that begins with “password” and add “remember=10” to the end of it:

password sufficient use_authtok md5 shadow remember=10

Save the file and close it. Now users will not be able to reuse any of their last 10 passwords because Linux will always remember the last ten. You may select a higher or lower number depending on how stubborn your users are. Enjoy!

Source: nixCraft
Photo: Flickr

How to configure password aging in Linux Fri, 08 Jan 2010 17:03:53 +0000 Password Change
If you have ever worked for a corporation or used IT services at a university, you have undoubtedly been prompted at one time to change your password. It is annoying and seems like a waste of time, but it is important. Running a web server that gives all or some users shell access means you are open to more vulnerabilities than if you were flying solo.

Password aging is one way to make sure users changing their passwords often to lessen the likelihood that would-be attackers can figure them out and exploit them. The “chage” command in Linux allows you to change the number of days between password changes. To set the minimum days (i.e. the number of days before a user must change his/her password) enter:

# chage -m

So, if you want the user called “bob” to change his password in 90 days, you would enter:

# chage -m 90 bob

After 90 days, bob will be prompted for a password change. You can also set expiration dates for accounts and inactive passwords. If you have particularly stubborn users who refuse to use secure passwords, this is a way to prompt them often until they run out of uncreative password ideas. Please use this tool only for good.

How to manually grant privileges in MySQL Mon, 28 Dec 2009 23:27:02 +0000 MySQL Database
There are plenty of reasons why you might want to grant various privileges to a user in MySQL manually rather than with a control panel or phpMyAdmin. But regardless of the reason, the process is quick and easy, once you learn how to do it. For this you will need SSH access, which you will have with your own server or with special permission from your web hosting provider.

In this example, you will grant a user the “SELECT” privilege.

1. First login to your server via SSH and enter the following:

mysql -uadmin -p`cat /etc/psa/.psa.shadow`

(you will be prompted for your password)

2. At the “mysql>” prompt, enter:

GRANT SELECT ON database.* TO username@'localhost' IDENTIFIED BY 'password';

After you have assigned privileges, enter:


You will need to replace “database”, “username”, and “password” with the appropriate information. That is all it takes to enter a basic privilege. For more extensive examples, see

Photo Source: Flickr

How to create a MySQL database in cPanel Mon, 21 Dec 2009 21:07:18 +0000 cPanel database creation
Question: How can I use cPanel to create a MySQL database?

Answer: cPanel uses its own web-based frontend to make database creation very easy. Just follow these simple steps:

1. Login to cPanel
2. Under the Databases section, click “MySQL Databases”
3. Where it says “Create New Database” enter a short name for your database.
4. Click “Create Database”.

Next, you will need to have a user for the database. If you do not have any users, you will need to create one. If you do, skip to step 4.

1. Scroll down to the bottom until you see “Add New User”.
2. Enter a name and password.
3. Click “Create User”
4. Under “Add User To Database” find your user in the dropdown menu and then find the database you created in the second dropdown menu.
5. Click “Add”.

You have now created a database that will give permissions to the user you created. When you install scripts or applications, they will access the database using the username and password you specified. Therefore, make sure you remember it, but also make sure it is secure.

SSH security tips part 3: Root logins and empty passwords Wed, 09 Dec 2009 23:46:28 +0000 OpenSSH Puffy Sheriff
Only one user should have the root password to a server, but since virtual private servers (VPS) can exist within a server, those users also have root passwords. Generally speaking, it is a bad practice to login to the server directly as root (administrator). Although SSH connections are encrypted, it is still a dangerous practice from a security perspective. Even administrative users should have lesser accounts that do not have superuser permissions.

To disable root login, edit your sshd_config file and add the following line (if it is not already present):

PermitRootLogin no

If you or another user with root access needs to become root, they can rely on “su” or “sudo” once they have logged in as a regular user with basic permissions.

The next important thing to secure is passwords, and a big no-no is using an empty password. In some circumstances, you cannot control what passwords (or lack thereof) other users choose, but with SSH, you can prevent users from choosing blank passwords. Enter the following line in sshd_config:

PermitEmptyPasswords no

Photo: Flickr