Posted by Robert G Laurin on October 23, 2005 at 11:11:00:
In Reply to: FTP access to signature.net STOPPED posted by Jim Guerber on October 23, 2005 at 10:15:43:
As an administrator myself, I found that not having an "administrator" account was the best protection against casual attacks or organized brute force attacks.
I usually leave the administrator account active, but with a hard-to-crack password and limitted powers as far as web services are concerned. Using a non-std administrative account name is in my belief a must.
Just a reminder for all of you administrators out there, never create accounts called 'test' or any account with a password equal to 'password'. Unfortunately it is the most common security holes out there. Last week I had a phone consultant install an IVR (Voice recognition) on our phone system, his first action was to set the master password to 'password'... And we tought this was a reputable company.