I wonder what you all think of my entry to the Rag Tag Daily Challenge, the word is ROCK.
I’m going to post some pictures, but I just want to tell you about what happened on Friday for me. And this is a warning to everyone who is reading, I mean everyone.
Don’t ever be complacent about your website security. I have created several websites the last few weeks and they are all wrapped up strong and secure. On my travels I have discovered several sites that have been hacked, whilst this is not pleasant it has given me some in-site on how I should be securing my own sites and my clients sites. I am currently in the business of promoting businesses and organisations amongst other things. As a result I have been involved in web site building and recently hosting, with a special interest in website security.
On Friday morning I did my usual round of checking all of my sites, nothing unusual to report except for one site in particular. The site in question already had some tough security on it, which is probably what saved it to that point. I noticed that during the night there had been repeated failed sign ins on the admin page of that site. I decided to watch closely and ran a check on it to make sure no one had got in. As the morning wore on the log in attempts were coming in thick and fast. I changed all the passwords and still the activity pages were pinging like crazy. Bots had latched into my site and were trying multiple user names and passwords, the user names were popping up on my screen. They were trying names like Admin, Admin2, SignIn, thankfully the user name on that site is nothing generic so they weren’t going to guess it fast. They tracked through the site and were even trying pet names from the site. As time went on I contacted the security guys behind my hosting service and they were doing the things at their end too, they escalated the issue to the highest level. All the while the BOT was trying and trying and trying to get in. Every attempt ended in failure.
In the end I changed the URL of my sign in screen and Instantly the BOT was gone! Just like that, as fast as it all had started the attack’s had ceased.
The message behind this story …. please please don’t use ‘admin’ or ‘admin2’ or even your name as a sign in name. If you wish, I can privately show you the log of attempted sign ins the bot used. DO NOT use your pet’s name or the name of your child, or any place you have visited or whatever might fall into this category. I can tell you that the BOT or human operating the bot had trawled my site and was using my pets names to try get in. You would be amazed at how many people use their dog’s name as a password. Change your sign in screen URL (most are yoursite.com/admin, or yoursite.com/login, the bots know this). If you don’t know how to change this screen then ask me, there’s a contact form on my site. Create a captcha, two stage, log in screen for your site too. Don’t make it easy for yourself to be hacked.
So onto my rock photos. A Little Rock, I LOVE this one.
Another rock, my daughter’s toy is sitting on it.