[General] Insecure POP account passwords


Saturday, October 20th, 2007 - General

We sent out notices yesterday to accounts that we found to be using weak and insecure mail passwords. Actually the subject of that message was incorrect, but this was not noticed until the message had already been sent out. I apologize for that, but I didn’t think it was worth the effort to resend the notice with an updated subject line.

Not every account received one of these notices, but its probably a good idea if all accounts take a look at their mail accounts and insure that they are using strong and secure passwords.

I suspect that a lot of accounts have mail accounts that are no longer being used. If you aren’t using a mail account for anything, it just makes better sense to remove it. It takes away a point where a hacker or malicious user can gain access to your account.

Lately we have been having a lot of problems with spammers gaining access to mail accounts on the servers and then using those accounts to send out spam. This causes our servers to get blacklisted. The best preventive measure that can be taken is to insure that all access points, points that require a login username and password, are using secure passwords. This includes your main FTP/cPanel password and all of the passwords for your mail accounts.

To help prevent further spamming problems on the servers, we are encouraging all of our users to check their mail account passwords and all of their passwords and insure that they are strong and secure. We have written a guide that details how to update passwords for mail accounts using the cPanel interface or the webmail interface.

The more accounts that are using strong and secure passwords the more difficult it will be for hackers and malicious users to gain access to those accounts and the less likely that our servers will become blacklisted due to this concern.

Scott