The day started fine until I logged into my cpanel and found that some settings had been changed. I figured it was nothing to worry about. Some privileges on one of my mySQL users had been upgraded to full from create/update/insert. This is the second time it has happened and I figured it was nothing. However, this coupled with an anomoly a couple days ago - the addition by *somebody* of an extra access host - was enough to make me fill out a support ticket just to verify that it was nothing to worry about.
The tech support at my hosting company said it was very suspicious and they recommended I immediately change my cpanel password. So I also changed my webhost manager password, being as it and the cpanel pw were one in the same. For whatever reason something got screwed up and when I changed the WHM password it didn't work right and I was unable to log in. So I emailed them and they sent me a new one.
Fine, right? Everything is as it should be.
Well, now I have all but lost the desire to work on my websites or any new ideas. How did I get hacked? As far as I know I did nothing to allow my account to be compromised. I have long usernames and passwords consisting of upper & lower case letters and numbers.
My main site provides a service that, if it were to go down for a day, could really piss off my users. And what if all their data gets deleted by a malicious hacker? I had intentions to develop a lot of content and build up a lot larger user base than I have, but now I'm very apathetic about it all because I'm certain one day it will all just be gone.
I run an updated version of Norton AV, but for all I know I have a key logger hiding somewhere. I don't understand security as well as I should, and it seems no matter how much I learn there's always a loophole for some hacker to get in. And if they have access to my email, which they would with a key logger, then they also know my new cpanel password which was emailed to me.
So my first thought was to switch over to linux so I won't have to worry about key loggers or other spyware. I've tried several times to do this but with no luck getting past slackware or debian's installation process. They ask too many questions for which I simply don't know the answers. And after all is said and done, hours spent on each try, it just doesn't work right.
Walmart & Staples both have Linspire preinstalled on a desktop or two, and I'm considering getting one of them. But then I read that Linspire runs in root, that Linspire is a bad distro, etc. So I look at Mandrake, hearing it's easy to learn. I type "mandrake sucks" into google and up pop even more matches than it did for Linspire. Not to mention I can't find it preinstalled on a desktop anywhere.
Then almost jokingly I went to apple's website and wondered at the possibility of getting one of those new cheapie mini macs. But I don't know anything about them, nor do I know what/if/how to switch, or if it's even a security upgrade from what I have. $500 is a lot of money to me, and I'd like to be certain it's everything I hope before I bankrupt myself.
And in the end who knows if I even was hacked. All I know is that every day I go to bed I'll have this anxious feeling that something could go wrong, and one day it probably will. I suppose I could be as proactive as possible, backing up files every day, etc.. but still.
Am I just too paranoid, should I just get on with things and hope nothing is wrong?
Any suggestions as to what I should do to beef up my security? Switch to a linux distro - if so, what do you recommend for a newbie looking to learn FAST? I used to criticize Macs mostly out of ignorance, but from what I hear the security is quite tight. Is this a better option for somebody needing to make a quick switch?
And I'm on dial-up, as if things already weren't bad enough already.