Abhishek (an Indian name) is an exceptionally talented systems engineer. At White Tiger, he is responsible for various maintenance tasks related to the server infrastructure.
One day, I set up a new Linux server and Abhishek began the configuration process, which included installing a web management platform.
Not long after, it turned out the server had been compromised by ransomware.
When I investigated how it happened, it emerged that during the configuration process he had used the default password: 1234567
The open internet is a wild and brutal place, crawling with countless bots that relentlessly attack every reachable server without pause. One of them hit the server's IP address and broke in with ease.
I rebuilt the server from scratch, and he had to start the configuration process all over again.
Using default passwords is far more common than most people realize — especially on sensitive entry points, such as router admin passwords and PBX management interfaces.
Not long ago, while connected to a certain corporate network, I ran a scan of the devices on the network, located the telephone exchange, entered the default username and password, and found myself inside — one button press away from taking down the entire phone system. I could also have changed the management interface password, making the fix a very lengthy ordeal.
Never use default passwords. Anywhere.
It could cost you dearly.