A couple of nights ago, I tried to login to my Amember Pro account (not the Amember Cpanel/dashboard- that’s separate), which is where I downloaded the script that I purchased from them, and where I can send and read Support tickets. After several attempts to login and getting the message that my email address was not found in the database, I emailed their Support from outside of my account. I then went to sleep, not thinking too much about it. I just thought maybe their website was acting up.
To my surprise, I woke up to an email stating that the domain with which I have my Amember Pro account set up with had been linked to a new domain name, and a new email user. This had all taken place on June 7, 2013!
My first reaction was to panic as I immediately knew that I had been hacked. I was aware that all my support tickets and discussions that have occurred with Amember support staff related to installation and set up, would have been viewable by the hacker. Some of these discussions included my own sensitive information such as my logins, FTP information, etc. The other thing that ran through my mind was, “Oh my gosh! What about my Amember Cpanel?” That is where all my products are located. I immediately checked that, and I still had control of that. Fortunately, I had used a different username and password for my Amember Cpanel. Phew!
All I’ve been told is that the hacker was able to get into my Amember Pro account (but not my Amember Cpanel), change the username and password, and then he requested that support change the domain that was linked to the account . Unfortunately, this request was not caught by tech staff, and they have recognized this. I have since gotten my Amember account restored to my name, and created new a new username and password. I also spent several hours changing login information to many of my sites, etc (just in case). I normally do this on a regular basis, but this was a good reminder to do it again.
Over the years, I know that I am not the only online business to be threatened by hackers, and to have something like this happen. So, the reason I’m telling you all of this, is because I want you to take YOUR website and online account security seriously. This not only applies to your online business, but also to your personal online (ex. banking) life. I thought I had been doing a pretty good job of things, but obviously there’s always room for improvement.
So here are some tips to save you the frustration and scare of what just happened to me:
- Recognize that it can happen to you!
This is the obvious first step. Don’t bury your head in the sand, and hope that it cannot happen to you. You must put as many security measures into place to make it very difficult for hackers so that they don’t see your site or account as an easy target.
- Do NOT use the same username and passwords for all your different accounts, not even for accounts that are related.
Many people still make the mistake of using the same username and password for all accounts. For example, you don’t want to use the same password for your paypal account, banking account, gmail, Amember, etc. All it takes is for a hacker to get access to one account, and then all of your accounts become vulnerable.
When I mention not using the same password for related accounts, I’m talking about accounts such as your hosting company (or Amember), for example. Let me explain. With Hostgator, you have an account to login to your Cpanel. Then you have a separate account for your billing. You may also have a separate Hostgator affiliate account. This is where having different usernames and passwords for all accounts is an important security measure.
- Exercise caution when choosing whom you give access to your accounts
If you ever have to give someone a username and/or password to access one of your sites or accounts, be very careful about this. You only want to do this when it is absolutely necessary (such as when you need technical assistance), and to someone you can trust. You will want to change your username and password immediately after that person is done doing what had to be done.
In the case of allowing access to your hosting accounts, you can limit access to particular folders by creating a FTP account from your Cpanel. Once that person is finished doing the work in your account, delete that FTP account immediately. If you are not sure how to do this, you can contact your hosting provider to get directions.
- Change your usernames and passwords often
Related to giving people access to your accounts, you want to change your usernames and passwords often. This is where I find a password manager such as Roboform to be very helpful. It can help you generate new passwords, as well as save the changes.
- Use difficult usernames and passwords
You never want to use your pet’s name, your birthday, or any other information that a potential hacker can glean access to just by reading about you somewhere online. Not only that, but there are “hacking scripts” (I’m not sure if that’s the right term, but you get the idea), that hackers use that include words from the dictionary. This is why you are encouraged to use a combination of letters (uppercase and lowercase), numbers, and special characters. Again, this is why I like using Roboform. It generates a string of unrelated letters, numbers, special characters, and you can edit the number of characters (the more the better).
I hope that gives you a few online security tips that you can immediately put into action. I have only covered the tip of the iceberg in this post, as there are many more specific things you can be doing to improve your security. Watch for more posts related to improving your online security!
A hacked site is a nightmare Kim. I’m glad you found out quickly enough to prevent it from being worse.
It’s a good reminder for all of us to take our account and website security seriously. Hackers aren’t going away anytime soon, unfortunately.