This list is essentially useless. It is useless because no one would actually do the things on the list. Right? I joke of course, but these mistakes are ones you should definitely avoid. Some may seem like common knowledge, but they still happen far too often.
1. Using “password” as a password – For that matter, do not use “1234”, “bigdaddy”, or anything else easy to guess (and quite embarrassing).
2. Leaving root logins enabled – You are just asking for someone to attempt to login as root. Even if they do not succeed, you could avoid the attempt simply by disabling root logins.
3. World writable file permissions – When should you chmod something 777? Never. It should never be necessary, although there are some situations where it is unavoidable. Still, the more lenient you are with file permissions, the more likely you are to open up a huge security hole.
4. Running Telnet – Add to this list any number of antiquated unsecured protocols that make your server easy pickings for cyber criminals. Instead favor secure connections like SSH.
5. Going straight to production – If it is truly your first time, take a while to familiarize yourself with the OS and applications. Learn the best practices for security, and make sure you are fully prepared before you open up your server to the world.