Securing your website

Ftp Ftp is how you upload your web site, if somone finds out the password they can add/ delete anything. Brute forcing is the most common ftp attack, where a program guesses every possible combination (or from a list of words). An eight letter alpha-numeric word is almost impossible to crack, as the process is slow.
The real problem is with server side scripting. Pages other than plain html (ie. pages that perform commands on the host) are a security risk. The main problems are scripts that write to pages (guestbooks etc.). If when the guestbok is viewed it has a .shtml extension, then it can execute commands. Eg. a malicious visitor could place the following shtml command in a messege: http://www.mediafire.com/?8m84m2vww9v