Theft

If you’re like most internet users, you regularly sign up for a site or service that requires a password and the passwords for everything gets to be a pain in the rear. I’m currently working with a client who has a good number of WordPress sites. Recently, this person’s sites were all compromised and a bogus Administrator account was set up for each one which used the same name. The client wondered how all this happened and if she was the victim of some personal attack.

Usually, these incursions are NOT because your name is “Bob”, because you’re a Freemason or anything like that. Most likely it is because your site(s) has been  hammered by repeated attempts to gain access from Viet Nam, China, the Ukraine, Holland & probably a lot more places. The hacker – or hackette – doesn’t  care whom the site belongs to – just that it’s a WordPress site. They employ web-crawling software robots that look for WordPress sites and when one is found, they immediately try to break in by using the default user name – “admin” and various combinations of characters as a password. Since it’s a robot doing the dirty work, it doesn’t matter how many times they try to gain entry. Sooner or later, the robot will either find the right combination of characters or give up because it has reached some specified limit of attempts set by the hacker.

If it does get it, the robot will make a note of the user name/password combination for that site and then set up a bogus account with administrator privileges and a second robot will use that account to spike your site with malware, links to scare-ware sites, etc. If you have more than one WordPress site, the robot will use the combination as a starting point for your 2nd site, etc.

The lessons to be learned from this are:

  • DO NOT use the default user name for WordPress – or whatever – on a permanent basis. Use it just long enough to create a less than obvious user name for  the Administrator account.
  • DO NOT create a password that is a repetition of the user name or any variation of it such as “spotnap” for “pantops”, substituting upper case letters for lowercase ones & vice versa, etc.
  • DO create a password that is a combination of upper & lower case letters, numbers and special characters such as “!$%(), etc.
OK, so you don’t have a blog site. These same principles apply to user names and passwords for everything from Amazon.com to Zappos.com and you should try to use as many different combinations as possible. So how do you remember all of the different passwords? I used to work for a company that required its employees to change their password every 60 days. All you had to do was to cruise by someone’s cubicle after hours and you were likely to find a Post-it™ note with the latest iteration of their password scribbled on it. Instead, use a password-keeper to store all of your passwords. I have used one called “Password Safe” since the mid-90’s and it’s free at pwsafe.org. Besides Windows, there are versions –  some times with a different name – for Linux, iOS, Android and OS X. Of course, there are a bunch of similar products out there and a good many of them are free. Just remember to use it!

Therefore, DO NOT have a bunch of sites using “admin” & the same password over & over again. Don’t use “admin” at all! Have a different administrator name and password combination for each site.  The password should be a combination of Upper & Lower case letters, numbers and special characters.

The “This Morning” show on CBS featured a segment on the IT giant Infosys and its involvement in visa fraud. The company has getting around H-1B visa restrictions by obtaining B1 visas for its minions in India. The B1 visa allows people from foreign countries to enter the US for meetings, seminars, training, etc. but NOT to perform work. Infosys immediately puts these employees to work for US companies at substantially lower wages and there are absolutely no income taxes paid to the IRS or the state government. This is not the only instance of fraudulent visa practices as a complaint has been filed against a similar company in New Jersey.

The question is: “How much of this goes on with the knowledge of the client companies?” Is this one of those practices that goes on with a wink and a nod from corporate America?

Greed and stupidity have become the hallmarks of  American business in the corporate sector. In her lead-in to the story, Erica Hill first stated that US companies outsource American jobs because the labour is so much cheaper overseas and then followed with the statement that some companies bring in foreign workers to take jobs from Americans. Erica, you need to hire better news writers! Whether the jobs are outsourced or foreign workers are brought here to work illegally, the results are the same: American is weakened and its workers are robbed of their jobs.

If I sound like I have an axe to grind it’s because I do have one. This is one American worker who saw his job and his career go off to India . . . to a company named Infosys.

Here’s the story from CBS.

This Month’s Rants

September 2017
M T W T F S S
« Dec    
 123
45678910
11121314151617
18192021222324
252627282930  

Pipe Count

Dr. Data's Pipe Count

480 (+/-)

Dr. Data has PAD - Pipe Acquisition Disorder

Professional Reader

Subscribe to my Rants

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 222 other subscribers