Now that we have moved to a WordPress platform for posting stories and managing RV Daily Report’s website, I have come to realize exactly how prolific and persistent spammers really are.
We made the switch the weekend of Oct. 26. In the past seven days, our spam control system has rejected 4,689 spam comments. That’s about 28 an hour from various robots and people in third world countries trying to get links for drugs, boots, jewelry and just about everything else posted to stories on our website.
What is even more disturbing and eye opening is the number of intrusions that have been blocked by hackers looking to access our website to get user information. We have blocked more than 20 IP addresses in the past week alone.
These muscleheads are trying to access the site using just about every name it can find on our site as well as the well hidden and well protected admin passwords. My guess is that these hackers are looking to access a list of our registered users.
Although we don’t allow people to register and create accounts on RV Daily Report at this time, hackers are looking to break into other websites all the time. Once in, they can export the site’s entire list of user names and passwords. Why in heaven’s name would they want a list of user names and passwords from a news site? It’s simple. People are generally lazy and use the same user name and password combinations to access everything from bank accounts, credit card accounts, investment accounts and shopping sites like Amazon where credit card information is stored and purchases can be sent to third parties as “gifts.”
I explain all this as a reminder to be diligent online in using different user names and passwords for different websites. Once the hackers gain access to a website’s list of registered users, they will use special tools to see if the same user name and password is in use on other websites — and then exploit that weakness for their own gain.
We have taken the extraordinary step of blocking access from IP addresses trying to hack into RV Daily Report for an entire year. Any company with a website would do their customers a huge favor by ensuring that administrative access to the site is tightly controlled by significant passwords.
I am staying with a friend this month who works for a major cellular phone company as a computer network specialist. He showed me data last weekend that was mind boggling as to how quickly hackers can break eight character passwords. It’s a matter of seconds, perhaps a few minutes, when using certain tools on certain websites without intrusion detection software installed. He recommends creating passwords by stringing together simple words that have meaning for the user to create a very long password.
Simply creating a 40-character password using the things like the name of your favorite food, the place of your first vacation, the street name you lived on in elementary school, the name of your first boss, etc., would take about 690 septillion years to break. that 690,000,000,000,000, 000, 000, 000 years. Even if super computer speeds double, triple or quadruple in the next 20 years, that should provide great protection against hacking.
Just food for thought from someone on the front line of the battle over spam and online security.