Day: 30 June 2019

Categories
Writing process

Security is a full-time business

Image of hacker with PC
When I looked at clip art for this week’s blog nearly all the hacking images were predominantly blue or green. They were also dominated by faceless hooded characters. I went for the hood but chose a little red to go with the mix.

One of the things I find surprising with running a website is how often people try to hack it. I mean, it’s not a big website, you can’t order anything on it, we don’t take money. So why do people bother?

But they do.

The security checker on our website reports how many times people try to log in, but can’t, and the number of times people look for a page that isn’t there.

You wouldn’t think that second one is problematic, but apparently there are known pages with security issues, and the hackers try to see if you have one of these pages on your site. If it’s there, they use it to hack into your system.

As for the log-in attempts. Yesterday, for example, we had eighteen attempts to log into our website. That’s right, eighteen.

This particular batch is multi-national. Some people (or bots, rather, because I expect it’s a program) are hacking in from London, some from the Netherlands, and quite a lot this time from Sydney, Australia. This is unusual, for hack locations seem to come in batches. For example, there’s a region in Ukraine where a lot of hacks come from, a couple in China, one in Argentina, one in Brazil, and one in the Netherlands. You’ll have days of, say, Ukraine-based hacks, then a break (because you’ve locked them out), then maybe days of attempts from Brazil, and so on.

My security program shows me who they are trying to log in as.

They try a lot of standard logins, like ‘admin’ and ‘test’. They also try ones associated with the username posted on the pages. For example, we get a lot of people trying ‘karen’, and ‘sherylyn’, and ‘skdunstall’.

Here’s a tip. Do not, ever, make your login name the same as the sign-off name you use on your posts. You’re handing hackers half the information they need to hack your system. Don’t make it easy for them. Likewise, don’t use ‘admin’. Or ‘test’.

Another thing we do to reduce hacking attempts is block the user on a single invalid login attempt. It’s a little inconvenient when I’m away from the home PC (which has the password stored) and I have to type in the password and get it wrong. There have been times where I’ve locked myself out of my own website for 24 hours. Even so, I wouldn’t change it.

If you don’t stop the hackers, they swarm, so right after this, I’m going to block eighteen IP addresses. My banned IP list is so long, it’s a wonder there’s anyone left to block.

Have a good week.