I just remembered a harsh lesson I learned about server security.  It was in the form of a note (HEY-PETE-READ-THIS.TXT) that I found once IN MY SERVERS ROOT DIRECTORY:

Pete,

You might want to change sometings about your server.

1) I found your username/password ‘*******/********’ from the phpMyAdmin
panel on *******.********.***. You might want to A) encrypt the the
passwords in the database, and B) Password protect the phpMyAdmin
panel. I found the phpMyAdmin page through a search engine nonetheless.

2) Since you use the same password for almost everything (this server,
mysql, your ebay account!, etc) you should change them. Also, I just took a
guess that you would have ssh available on your server. You should
change ssh to use a non-standard port.

ps. You’re luck I’m an honest (enough) person and didn’t do anything
malicious. I only poked around to see what I could find. I didn’t
install any backdoors, or trojans, or deface any web sites, or
otherwise compromise your system.

Congrats on the engagement!

March 14/2005

Freaky!  Thanks to Mr. Anonymous for providing me with a harsh lesson about server security.  No, I don’t know who this person is.  If you are him, leave me a comment!