I'm wondering how secure this method is...I want to host my website but it has to remain behind a secure password system, only certain users can have access. I know its obviously not the most secure method but is it good enough that I can rely on it to keep those random chinese IPs out? last time i had it running for more than a day or two I got hits from some random IP addresses and they were attempting to use the default login admin/admin, tomcat/tomcat and others as well. scared me a bit. thanks for any help!