A dirty dull red fire hydrant surrounded by fallen leaves, brambles and with a carefully tended green bush to one side. On the main roadway to the Kreishaus in Osterholz-Scharmbeck.
Commentary

Dampening the Hacker’s Fire

14 March 2025 /

Ten to fifteen times a day, seven days a week, I receive a mail from my server – where this small blog is hosted – warning me that someone, somewhere, is trying to break into my system and take over what I have built during the last few years. I could, perhaps, feel a certain level of pride that my server, out of all the servers in the world, has been selected for this elite attention. I could also feel a certain level of sadness that there are still people in this world who cannot create for themselves, but seek to destroy and abuse. Here the astute reader might think I am going to veer off into US American politics, which is all about personal enrichment and destruction of others at the moment, but that I shall keep for another day.

There are, though, thousands of servers which have been hacked or, in many cases, were never properly protected against the hackers and spammers who wish to make use of something that is not their property, something they have not worked hard to attain and which, in many cases, is the mainstay of their owner’s livelihood. My mail shows me that servers in Russia, France, Germany, Indonesia, Mexico have all succumbed to the hacker’s bite, and are being used to direct break-ins, to send out spam, to abuse and embezzle. It also shows me how these people try to break in, using the WordPress interface and software which, when first installed, if the installer is not careful, automatically reverts to an unchangeable user name of admin. I do recall there was once a special software program made for WordPress which allowed the user to change this name, and I have used it myself, many years ago, but it surprises me Automattic hasn’t adopted this necessary possibility for all users, all WordPress versions.

Needless to say, I have not used the admin log-in name since I was a pimply youth still trying to figure out what to write, never mind how to get it on the internet. In fact, as an aside, little has changed other than that I am no longer a pimply youth, and have a certain level of experience in getting things on, and off, the internet. Names that have been used recently, aside from the classic admin, have included e-mail addresses – their own or a stolen one? – and such words as wp-user, wawdmines, 76+FranOn48%, and other weird concoctions which, cledarly, must hav e been used by someone else, somewhere, and have been compromised. The hacker, though, doesn’t seem to know where.

Fortunately there are other ways of securing a system than just changing admin to something else: a secure password. I saw it somewhere, and cannot be bothered to search to find it once more, but a certain level of password can take hundreds, thousands or tens of thousands of years to crack. A mixture of letters, numbers and symbols makes the mix even better, even harder. And that, I am also told, by just four or five characters – which is the level my bank insists on using. Many web sites and applications where a person is required to register require at least eight characters – mixed and including upper and lower case – and I am sure we have all seen the internet joke about the person who justified using:

ThorIronmanHulkScarletWitchVisionHawkeyeCaptainAmericaThanos

because the requirement was for eight characters; and, yes, there are many versions of this witty comment, including:

SnowWhiteandtheSevenDwarfs

and others – don’t @ me!

My own domains all have passwords with twenty-eight characters, well mixed with all the variables. It’s not that I am paranoid or overly careful, but I have lost a server once, many years ago, and it was a painful experience. And in the end it makes no real difference how many letters the password has – as long as it is more than five – and how they are mixed: if your server is set up to block each failed attempt, as is mine, the hacker will eventually run out of options. Someone enters admin or another wrong name? They are blocked for a minimum of two months. They don’t even get to the password stage. We all need a little bit of security in our lives, and the feeling that what we have created remains our property for our own use. So, in my own small way, I am glad to be dampening the attempts of a few hackers and wasting their time and resources, minor as that might be, and sad that others do not take the same, simple precautions, and run the risk of losing everything they have worked for.

Image © Urban Camera.

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Copyright Urban Camera.