Blog Posts Process Analysis Process Modeling

Hacked!

Blog: Process-Modeling.com - Rick Geneva

Recently the few hours I have available to write on this blog have been consumed by upgrading my security. I admit, when I started this site I didn’t worry much about security and used mostly default settings. So I guess you can say that I deserved it. I’m just trying to do my part in making the world a more efficient place through better process modeling. I suppose that makes me naive to the fact that hackers will try anything just for the kick of doing it. There doesn’t seem to be any logic (that I can understand) on why you would hijack a website. It seems like a lot of effort just to get a few page views of some political propaganda that I don’t understand (or care to).

I hope I didn’t lose any of my readers by moving the site to the new URL. This was necessary because I have to separate my personal site from my processmodeling.info site. www.process-modeling.com will redirect to processmodeling.info. So this is the official new home. Soon I’ll be back to writing again.

To others who blog, here’s what I’ve learned:

  1. PHP is terribly insecure. If you use it, make sure it’s up to date. Many popular packages today are written in PHP. When a vulnerability is found, you need to update your software as soon as possible.
  2. One password isn’t enough. Don’t rely on any sort of default security. Instead make it a complex maze of mixed types of security so that access to one area will not get far in the rest of the site. Yes, this is hard to manage, but so is rebuilding your precious website after some jerk (with obviously more time on his hands than you have) hacks you.
  3. Learn every Apache server trick you can, and use it. I’m not going to give any specifics here (for security reasons). But just remember that your hosting company doesn’t provide anything but hosting. Security is your responsibility. If you get a good hosting company (I’m fortunate to have one) they can give you good, sound advice.
  4. Host only what you need, and nothing extra. Anonymous directories will be eventually be found , and exploited. Get another account (it’s cheap) for anything not directly related to the site theme. Put extra passwords on things that you don’t think are very important. This is where the hackers look.
  5. Everyone knows not to use their kids’ names or their pet names as a password (hopefully). I thought my passwords were pretty good. But then after some research I found out how easy it is to crack a typical password. But there’s hope. On an keyboard there are over 100 possible characters. Use a combination of the full range, and at least 10 characters. Again, a terrible pain to remember, but it’s your choice. Either protect it, or you’ll end up inadvertently helping to spread global terrorism, violence, or some quite offensive non-family oriented material.

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="https://www.businessprocessincubator.com/content/hacked-2/?feed=html" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples

BPMN.org

XPDL.org

×