freakshells servers shells vhosts order shells shells prices freakshells aup shells contact
- HELP: Security

This page will point out several very important issues with security. You will also learn how to use several useful features to increase the security of your shell.

We never give away passwords. We never sold passwords.
We have never been hacked.
Noone has root on our servers.

Often abusers hack into shells by guessing the passwords or faking a supporter and asking for passwords.
To prevent this, please read this guide and act accordingly. Help us to increase security and to protect your shells.



Parts:
General tipps & information
What are good passwords?
IP Access Control
Top reasons why shells get hacked



General information

Freakshells is always trying to be one of the most secure providers on the net. We are constantly working on our systems to improve security and add more features.
However, if YOU don't help us, it won't do. It's important that you choose a good password and use the features we offer.

SSH/FTP Logins
After a number of failed ssh or ftp logins, account access is blocked for 15 minutes. This feature helps to prevent against brute-force password cracking (against scripts which automatically try passwords).

IRC, Mails
Be sure who you speak to. On IRC, check the hostnames of admins and supporters. Join #freakshells and check the status: supporters are voice (+), admins are opped (@)!
We send mails always from @freakshells.com - if you are unsure if a mail or an IRC msg is from freakshells, check the mail headers.
Remember: we NEVER ask for passwords! If someone asks you for a password, it's a fake. Don't ever tell your password to a supporter, admin or anyone else.



Passwords

Freakshells NEVER gives away passwords. You can change the passwords yourself on the member area (http://members.freakshells.com).

Member Area
Be sure to remember your member area password! If you lost it, you can still recover it, if you have access to your email account. If you lost the access to your email account, we can not help you! We don't reset passwords, we don't change email address!
Also, choose a good password for the member area, as this is important. If someone gets into your member area account, he can change all passwords.

Good passwords
Be sure to choose a GOOD password for your member area and your shell accounts!

  • include upper- and lower-case letters,
  • include numbers,
  • make the password at least 6 characters long,
  • don't use passwords which include your name or your login,
  • don't use a password which you used elsewhere (like, with some other shell provider)

    a GOOD password is, for example: jdB39zlo
    a BAD password is: andrea6, ch4nge, myp4ss, l0gin, etc.

    Be sure to NEVER give away your passwords! Don't use passwords in emails. Don't give your password to friends, brothers, or anyone else. If you give your password away, YOU are responsible for it.
    It's a good idea to change your password every now and then. I recommend to change them every 3 - 4 months.

    You are welcome to use our password generator!



    IP Access Control

    Freakshells added a great new security feature: ip access control.
    Now you can decide which IPs / Hostnames are allowed to log into your shell.
    For example, your IP at home is: 194.55.191.24; You want only this ip to access your shell? Go to the member area - shells - edit password. Enable IP check and write the IP into the allowed ips box.
    Now only 194.55.191.24 is allowed to log into your shell. Even if someone knows your password, he can't login.

    This also works with the member area. Log in, go to My Account. There you can set which IPs may log into the member area.

    BE CAREFUL! If you make mistakes with this feature, you may lock yourself out.



    Top reasons for hacked shells

    Here's a list of the most common reasons why a shell gets compromised (= hacked, intruded).
    Read it, think about it.

  • You give your password to a friend or brother, who gives it away or abuses it.
  • You choose a stupid password which can be guessed. For example, your login is dumbo and your password is dumbo6. This is so stupid, everyone can hack it.
  • You use the same password for several places. This means, one password for different shell providers, forums, etc. This is stupid, because if just one of these places gets hacked, they have your password and can now try it with freakshells.
  • Your PC, where you stored your shell password, gets hacked, so the intruders gain access to your login and password. Always use a virus scanner and be careful with files you get from IRC, BitTorrent or e-mail.
  • You use a bot with an insecure script, so other users of the bot/botnet can intrude the shell and execute commands on the shell.
    		•    

     
    © 2006 Freak Internet Services Ltd.