TIP: Change your web site password!

[Steve]

Don't leave it "mgarage" for 13 years...

It is now 18 characters long, consisting of mixed upper/lower case letters, numerals, and symbols. According to a security site, my old password could be hacked in about 1/4 second, while the new one will take several trillion years. As long as I don't just give it away again... *

I got hacked, and the password was changed, so not only didn't my web sites work, but I couldn't get to them to change the password, because my Mac kept FTPing with the old password, which eventually caused my IP to be blocked.

Where I typically have around 9,000 files on my server (across several web sites), I was maxed out at 250,000 files. It took days, once I got in, to figure out what was good and what wasn't. I pretty much nuked everything, and copied in what I had locally. But much of the avon-weather.com site is server-side, so that was fun. Most of the extra stuff was scattered around in various directories on that site. HostDime, my provider, was excellent to work with.

A few days later it was clean, and my two very basic sites were back. A few days later, a basic avon-weather site was up, and today I rebuilt the Steel Series portion, much of which is server-side. Thanks Mark, for great instructions, and John for keeping the wiki updated.

The only thing non-functional now is my anemometer, which I will replace in the spring. It was a PITA getting up on the second roof line ten years ago. At 68, I'm gonna let my soon to be son-in-law do it for me.



* In hindsight, I think it was my own fault. After telling everyone I know never to click on a link in an email message, I then clicked on the "data space exceeded" link that was supposedly from my hosting company. I logged in and found there wasn't a problem after all. Except that I just handed my login credentials to whomever was really behind the fake email...  ::smacks forehead::

[Blicj11]

What an ordeal! I just checked out your weather site and it looks like you have it back to normal. I am sorry to read about your hacked woes, but glad you are back up and running for the most part. I'm glad someone found the Wiki helpful. You and Reinhard helped me solve the SteelSeries mysteries when I was new to WeatherCat. I got hacked a few years back and was sure grateful for both Mark and the Wiki then.

Don't blame you for waiting on the anemometer replacement. Are you going to spring for their new sonic version? I don't even know if it is compatible with our old ISS models.

I use 2FA on my weather site. It's a pain but not as painful as rebuilding.

Stay safe, and don't get addicted to clicking on links.

[Steve]

I think I'll just get a complete replacement anemometer. I know it works (well, reasonably well due to the ever-growing oak trees on the predominantly windward side), and if I replace just the sensor, or the wire, or whatever, something else will go bad. Might as well start the next ten years with a whole new anemometer.

I've replaced the separate transmitter batteries, and it still shows wind direction. Occasionall a random wind speed will show up; 33 MPH yesterday on a mostly calm day. But for the better part of two months, it has shown zero, Should have done something sooner. Years ago, I was going to get an RM Young anemometer as a replacement for the Davis unit, but the required interface hasn't been available for years, so that's out.

 https://www.youngusa.com/product-category/wind-sensors-accessories/

Plus, I'm not sold that an ultrasonic unit will work with our heavy wet snow or ice storms. The OEM one has worked flawlessly, until it didn't.

[Blicj11]

Sounds like a good plan. I have been casually contemplating what I will do when mine goes out, so i appreciate your thoughts.

I was not aware of the RM Young hardware, so thanks for sharing that.

[elagache]

Dear Steve, Blick, and WeatherCat amateur "sys-admins."

Don't leave it "mgarage" for 13 years...

It is always good advice to periodically review your passwords and make them stronger when possible.  The problem is that you probably have more passwords than you realize.  I just checked my password manager and it has 386 entries! 

It is now 18 characters long, consisting of mixed upper/lower case letters, numerals, and symbols. According to a security site, my old password could be hacked in about 1/4 second, while the new one will take several trillion years. As long as I don't just give it away again...

When I got a job at San Diego Supercomputer Center back in the late 1990s, I was "impressed" at the need to come up with strong passwords.  I came up with a mental trick of taking a word (preferably a name) and interspersing a number associated with the word.  Then I would toss in some strategic punctuation.  It was a lot easier if I could remember the word, that would trigger the association with the number, and I could then recall the password.

It wasn't long before I couldn't remember all those passwords and I got lazy and started to use passwords related to a single mnemonic.  I've been trying to root these out, but I'm sure I haven't eliminated them all.

One problem that still bugs me from time to time is services that don't make it easy to make good passwords.  There are still a few that won't accept punctuation.  Others have an unreasonably short length limit.  The worse of all are those that have these restrictions and don't even tell you what they are! 

* In hindsight, I think it was my own fault. After telling everyone I know never to click on a link in an email message, I then clicked on the "data space exceeded" link that was supposedly from my hosting company. I logged in and found there wasn't a problem after all. Except that I just handed my login credentials to whomever was really behind the fake email...  ::smacks forehead::

Thanks for sharing the observation.  I think we are all careful on this board, but everyone is pressed for time.  We need to be vigilant even for emails that appear to be 100% genuine.

Good lessons for everyone!

Cheers, Edouard 

[Steve]

It is always good advice to periodically review your passwords and make them stronger when possible.  The problem is that you probably have more passwords than you realize.  I just checked my password manager and it has 386 entries!

Yep! I used mgarage everywhere on my personal web site, including all email accounts. Those are all changed and different now. I used the license plate from my 1988 truck for many years for every password. I'm sure there are several still used, but not for anything critical.

Still, according to 1Password, I have a lot of work yet to do...

[dfw_pilot]

Keepass XC - I use and donate to KeePass

Bitwarden

LastPass

1Password