Every so often when I do a password reset the site will send me my password in plain text. This lets you know that they are storing the password in plain text in their database. They are practically asking to be hacked. IMHO any site that does not use some sort of salt with their passwords probably does not have the best security. Read more Are you asking to get hacked?
The importance of locking down your boxes
I was prompted to write this article because of a customers system that was being used as part of a DDOS attack. In this case a clients system was part of a DNS reflection attack (https://deepthought.isc.org/article/AA-00897/0/What-is-a-DNS-Amplification-Attack.html). The client had a cluster of servers setup with bind installed with the configuration which accepts and responds to all requests that it gets. The boxes were hosted on AWS. As soon as AWS contacted our client they came to us and it was fairly easy to show where their engineer messed up. Port 53 should have only allowed established traffic.