When I looked at clip art for this week’s blog nearly all the hacking images were predominantly blue or green. They were also dominated by faceless hooded characters. I went for the hood but chose a little red to go with the mix.

One of the things I find surprising with running a website
is how often people try to hack it. I mean, it’s not a big website, you can’t
order anything on it, we don’t take money. So why do people bother?

But they do.

The security checker on our website reports how many times
people try to log in, but can’t, and the number of times people look for a page
that isn’t there.

You wouldn’t think that second one is problematic, but
apparently there are known pages with security issues, and the hackers try to
see if you have one of these pages on your site. If it’s there, they use it to hack
into your system.

As for the log-in attempts. Yesterday, for example, we had
eighteen attempts to log into our website. That’s right, eighteen.

This particular batch is multi-national. Some people (or
bots, rather, because I expect it’s a program) are hacking in from London, some
from the Netherlands, and quite a lot this time from Sydney, Australia. This is
unusual, for hack locations seem to come in batches. For example, there’s a
region in Ukraine where a lot of hacks come from, a couple in China, one in
Argentina, one in Brazil, and one in the Netherlands. You’ll have days of, say,
Ukraine-based hacks, then a break (because you’ve locked them out), then maybe
days of attempts from Brazil, and so on.

My security program shows me who they are trying to log in
as.

They try a lot of standard logins, like ‘admin’ and ‘test’. They
also try ones associated with the username posted on the pages. For example, we
get a lot of people trying ‘karen’, and ‘sherylyn’, and ‘skdunstall’.

Here’s a tip. Do not, ever, make your login name the same as
the sign-off name you use on your posts. You’re handing hackers half the information
they need to hack your system. Don’t make it easy for them. Likewise, don’t use
‘admin’. Or ‘test’.

Another thing we do to reduce hacking attempts is block the
user on a single invalid login attempt. It’s a little inconvenient when I’m away
from the home PC (which has the password stored) and I have to type in the password
and get it wrong. There have been times where I’ve locked myself out of my own
website for 24 hours. Even so, I wouldn’t change it.

If you don’t stop the hackers, they swarm, so right after
this, I’m going to block eighteen IP addresses. My banned IP list is so long,
it’s a wonder there’s anyone left to block.

Have a good week.