I'm a nice guy. Maybe I'm too nice. I host websites and user accounts and DNS and e-mail and stuff on my server for a very very low (read: practically idiotic, as it doesn't even begin to recover my operating cost) fee. In exchange, I ask that you do something very simple: don't ignore the system's warnings about password strength when you set your passwords. Today I had a user account that was cracked, as near as I can tell, by simply bruteforcing the password. Once they logged in the cracker busily tried to compromise the system with nifty little scripts and tricks. Luckily I caught them early in their efforts. Even more luckily, they didn't actually do any damage to the box or compromise the system's integrity.
Because of this I've run John the Ripper and the results proved very surprising and unpleasant. These findings, in conjunction with this event, have forced me to make the following decree: Henceforth, if you set your password to be your username, but think you are OH-SO-CLEVER by typing it in reverse (which is ridiculously simple to crack) your account will be revoked and I will consider it a default on your one-year hosting fee. Furthermore, for every crackable password of this nature that I find, I shall kill you.
