Cheap Hosting and Identity Theft
I was in the process of closing a hosting account where I had several sites hosted. At one time, I had my main account hosted on that site.
The host provided decent service at decent rates. I was just consolidating things a bit. They were a small company that didn’t speak English well. All support was chat, ticket or email.
I migrated the remaining sites to my current host and deleted the account for each site as I went along. I could not delete the final domain, the one I used to create the hosting account. I had to go through and manually delete the files.
What did hit me though was that most hosting companies have complete access to all of your files if you are on a shared hosting plan. Most small businesses and individuals are on just such a plan.
Here is the problem. All of your emails are stored in what is basically a text file. That can be easily copied and searched. Emails are a large part of your identity with all kinds of sites: Banking, hosting, domains, auction sites, stores etc. Someone getting your user ID and password can wreak havoc.
Now, your passwords are usually encrypted. BUT, there are plenty of places where you may be getting passwords emailed to you as in the case of password resets.
So, an unscrupulous host or individual employee can get access to all kinds of sensitive information from the email file alone. In addition, some web design apps such as frontpage store form data in a plain text or html format.
What can you do about it??
- Make sure that your personal and business site is hosted on a reputable host. Deciding who is reputable is the problem. Generally, you are probably better off with the larger hosting companies.
- Be eternally vigilant for any sign of tampering with your identity.
- Try to minimize the amount of sensitive information going back and forth in emails. Try to keep your passwords organized so you are not constantly requesting your id and password. Do not use the same password for all of your sites.
- If you are using pop3 email, try to remove the messages from the server as soon as possible.
- Use different passwords for each site you visit and change those passwords periodically.
While the odds of a dishonest host stealing your personal or corporate identity is low, it is not out of the realm of possibility.
- GoDaddy hacked. Sites offline
- Changing hosting for an FTP based Blogger Blog
- Outlook XP (2002) and Vista Home Premium won’t play nicely
- More on Poor Man’s Exchange
- Resetting a lost Frontpage 2002 id and pw on an extended server
- Poor man’s email option for a Verizon Phone
- Windows Password Recovery by Pogostick
- how to add additional admin users in oscommerce with htpasswd