Ultratron FAQ - Frequently Asked Questions
Here are answers to some frequently asked questions. This section is updated frequently, so feel free to check back often for helpful hints and tips. If you have a question which is not answered here, please let us know.
Back to Programming
Forward to Where can I find tutorials on...
Passwords are an integral part of the authentication scheme which makes our webserver systems secure. It is important that your passwords be difficult to guess and difficult for an automated attack tool to find. Hackers sometime use programs which will try to break into an account using every word in the dictionary, every word followed by a single numeric digit (0-9), etc. So the more obscure your password is, the better. For this reason, we have guidelines and suggestions for producing good passwords.
Passwords should be at least 7-8 characters in length. They are case-sensitive, so you can use a combination of upper and lower case characters to make your password harder to guess. We recommend including at least one number within the password.
Here's some ideas for coming up with easy to remember and yet hard to guess passwords:
- Try concatinating two words with a number between them, such as "good4you"
- Replace letters with numbers, for example 0 in place of o, 1 in place of i, or some other scheme (for example, iamtoast might become 1amt0a5t).
- Make a password with the first letter of a phrase, for example the phrase "I ate beef patties for lunch today" could be used to create the rather cryptic and hard to guess password of "Iabp4lt".
- Alternate upper and lower case characters, for example "2EaTmYlUnCh".
Other suggested guidelines for passwords:
- DO NOT use any name or word used in the English language. Putting special characters before or after the word or trying to mix and match upper and lowercase letters will not matter; the password will be cracked. In most cases of cracked accounts, a name or word was used with numbers and special characters mixed with it. In almost every case, the password was a word or name with the first letter capital followed by numbers and special characters.
- DO NOT put the numbers and special characters at either end of all the letters. The numbers and special characters should be embedded in the middle of your password and not necessarily together.
- DO NOT use six characters from one row on the keyboard, in order, with a numeric and special character added to the front or back.
- DO NOT use any form of your last name or first name in the password. Many cracked passwords have this feature.
- Here is a made-up example of a password someone may think couldn't be cracked: BuffaloBILL11@ More than likely, it would be. You would be better off with: B*u55al0
- Try to avoid writing your password down on paper, or if you do keep it somewhere safe (not under your keyboard or on a post-it note on your monitor).
- Avoid sending your password via email, chat programs, etc. Instead try faxing them or use a secure webpage to transmit this data. Either send us a fax or better yet use our secure control panel any time you want your password changed).
- Change your passwords at least every 3-6 months.
- Don't use the same password on our system that you use for other purposes or on other systems.
- Don't use the same password for your POP3 email account(s) as you do for your FTP/Shell login.
- Use POP3 account names that are different from your email address (ex. if your email address is bob@yourcompany.com, don't use "bob" as the username to retrieve your mail. Try something like iambob, or bob73 instead). Keep in mind, this does not affect your customers, the email address people send mail to will still be bob@yourcompany.com, but the username to ACCESS the mail (which only you need) will be harder to guess.
- And of course, don't use example passwords from this page for your password :)
Believe it or not, we are asked this question periodically. To protect the security of our servers, we require ALL accounts and passwords adhere to our security guidelines. These guidelines apply even if "you do not care if your mailbox/website gets hacked". Our problem is that if a hacker gets access to even one password on the server, he/she may subequently have what they need to hack the entire server. To protect us and our entire user community, we do ask for your cooperation in adhering to these guidelines.
SSL stands for "Secure Socket Layer". This is a protocol for encrypting web traffic between our webserver machine and the web-browser (such as Internet Explorer or Netscape Navigator) which your visitors are using to access your page. This provides a secure means for your customers to provide you credit card numbers or other confidential information.
If your account is "SSL Enabled", you can access secure pages using the URL: https://s326.centralssl.com/~yourusername/ (notice the s at the end of https for "secure"). This is referred to as "using our certificate". If you would prefer the URL be https://www.yourcompany.com/ instead, you will need to purchase your own certificate from a certifying agency and have it installed on our webserver machine. We offer discounted certificates to our customers through the Domain Registration page. Select the link called "Register a New Domain" then click "Purchase a digital certificate".
Perhaps not. SSL only encrypts the link between your customer's web browser and our webserver machine. We recommend that you use a program such as PGP to encrypt the email which your shopping cart program sends from our webserver to your local computer. In this way the customer's confidential information is encrypted all the way from their computer to yours. Most shopping cart programs support PGP. More information and instructions can be found on the PGP website at http://www.pgp.org.
Any questions? Email support@ultratron.net.