|
I have had that problem with IBill as well as CCBill. The problem is simply that CCBill has to operate a script that is on another server in an uncontrollable environment. Now add this fact to the mostly security ignorant webmaster and you will get hacked accounts. There are simple steps to prevent most hacker attempts.
1. change your passwords regularly and make them complicated. Stop using your girl friends name already.
2. creat a subdir in your cgi-bin dir called e.g cgi-bin/1jez63hhdnh4rj/ and place the renamed script into it. Change this info in the ccbill database and you will most likely never be bothered by hacked accounts.
3. the password file should be below the webaccessable path so noone can get it over the web.
4. place the original ccbill script into cgi-bin and point it to a password file in your web accessable dir. This of course is fake but might distract a hacker long enough to go to a different easier target.
Security starts with yourself on your machine. Don't blame others if you haven't the least to prevent stuff like this.
|