I just discovered that one of my clients websites has been hacked. Needless to say, I am most displeased. How did this happen? Pretty simple. The client had a pretty easy to guess user name and password. Do YOU change your passwords regularly? Are they a combination of letters and numbers? Do you use the same user name and password on lots of sites? I bet a lot of you do.
Luckily the damage was minimal. They tried to redirect paypal payments to a disposable email account. A pretty unsophisticated hack. I immediately changed the user name and password to something much harder to guess, then I password protected the admin page itself with a different password. I then changed the FTP password. Then I tracked down the little bastards I.P. range. He's somewhere in Brazil most likely so I can't just drive to his place and mess with him personally.
My clients are my friends. And I don't like people fucking with my friends.