Most web hosting servers these
days are running a firewall and will deny IP's where a wrong password
is used more than 10 times. This is to prevent hackers obtaining
access. There wouldn't be a day goes by when at least one of our
machines has an attempted hack through a users account from some
foreign country (usually Asian, Africian or Russian). If unable
to connect after 2 or 3 attempts, it's a good idea to stop and find
out why, cause more than 10 attempts will cause your IP to be blocked.
If you think you have been blocked, you'll need to contact your
web hosting company (or clients company) and get them to 'edit the
IP address deny file' on the web hosting server.
While on the subject of IP addresses, these can be used to help
identify bogus online orders. If you are establishing an online
order form, or shopping cart, most order form and shopping cart
scripts will also submit the IP address of the person submitting
it, and it's a good idea to use an IP tracer to check for bogus
orders. We recommend: http://visualiptrace.visualware.com You can
signup free, and use this tool to trace upto 10 IP's each day. Check
the geographical location the order has originated from. Bogus orders
outside New Zealand can then be identified and can be common from
countries like USA, Nigeria, or some other Africian or Asian countries.
Often the details look fine. They will often submit a NZ address,
and c/card payment details can appear fine too. It's usually not
until several weeks later the c/card merchant processing bank will
notify the retailer that a previous card transaction was a stolen
c/card, by which time the goods have usually been dispatched, and
the merchant bank will then do a charge-back for the transaction,
leaving the retailer without payment.
It's probably not too difficult to find out a clients username,
or maybe hackers simply hope the username is the default, e.g. if
the domain name is say, nzkayaks.com it is likely to have a username
(8 characters) chances are the username is nzkayaks. Hackers use
available software that will try different passwords (usually dictionary
words), until eventually they can hack in. Once they get in (i.e.
the web hosting account is compromised), they usually like to change
the home page with their own (usually with a political message,
and tagged with something like 'this site has been hacked by ...).
Obviously, it's very important not to use weak passwords. Dictionary
words should never be used unless accompanied by other characters