8dio.com hacked

[antler]

33 minutes ago, PavlovsCat said:

If I look at Google's reporting, the majority of small developers -- whose sales are posted here -- have been hacked in the last two years and their databases have been compromised.

I'm guessing that's why some end up using third party services, e.g. FastSpring, GumRoad, etc, to do the commercial transactions.

[PavlovsCat]

@Starship Krupa I absolutely wasn't telling you what to do, it was quite the opposite. You quoted and critiqued my words and admonished me to think more like you. I was merely responding with the reasoning behind my philosophy -- which all sounds way too heavy for the deals forum. There was nothing unkind in my response -- explicitly stated or intended. I was just explaining my perspective -- why I think as I do and then I went back to watching Spongebob with my daughter (true story).  Now, if you truly are a glass half full person, read my posts that way.  FTR, in college, beyond music, of course, I LOVED philosophy, ideology and religion courses and loved discussing those topics (although almost none of my friends felt the same way!). So I am inclined to enjoy discussing those topics -- or at least I did until it became nearly impossible for most people to have civil conversations on those topics. Anyhow, peace. I wrote what I meant, but none of it was meant in any unkind manner.  

Edited January 16, 2022 by PavlovsCat

[sarine]

4 hours ago, PavlovsCat said:

@Starship Krupa [ ... ] I do see enormous irony in some of the people who promote hate in social media and like your post.

Is there a context for this?

 

4 hours ago, PavlovsCat said:

There is good in this world and there is bad.

I think we're all adults here.

[kitekrazy]

Gaming accounts probably have the most attempts.

[sarine]

58 minutes ago, PavlovsCat said:

And that's more than 1,000 separate attacks -- from different IPs. Granted, many could be from the same hacker using different VPNs.

Hackers may or may not use a VPN (or TOR), but that's only the first step on the way, and you'd likely never know, because the attack won't originate from their computer, but another hacked device such as the yesteryear computers found in abundance in "developing countries" running old Windows versions. Chances are they've gone through quite a few devices before they attack the actual target from that last node (or multiple if the attack is of that nature, such as DoS or bruteforce login attempts).

Bots are another thing as mentioned, and those could be used for various purposes (including automated growth of the botnet), and they all aren't interested in your data, and it may be impersonal (as also mentioned). If you truly have 1000 attacks (whatever that means) per month against a company/organization (I assume), you have it pretty good. My personal firewall easily logged similar monthly numbers of SSH bruteforce login attempts and many apparently trying to leverage some known exploits - and I'm a nobody. The vast majority of them traced to China, Russia, Central Asia and South-America. I think of it mostly as cyber pollution. That's not to say there is no malice and more goal-oriented individual actors targeting specific entities, but the number of connections doesn't say much about the good:evil ratio of the world, as the reality of this technology is such that the amount of power one individual can have and the damage they can do is so disproportional to the average person who doesn't dedicate most of their time to exploiting the technology.

[Starship Krupa]

Just now, PavlovsCat said:

@Starship Krupa I absolutely wasn't telling you what to do, it was quite the opposite. You quoted and critiqued my words and admonished me to think more like you. I was merely responding with the reasoning behind my philosophy -- which all sounds way too heavy for the deals forum.

Oh, sorry, heavens, I didn't mean to admonish you (I would not wish thinking like I do on anyone 😄). I was sort of playing to the semi-imaginary audience. I knee-jerk react when I see what I think is someone drawing a broad negative conclusion about humanity based on a small sample or anecdote and I thought I detected that: see, my brain is definitely wired to detect and react to "threats." 😆

In truth, the sunny-side up thing is me rebelling against my own internal misanthropy. 🤨

The only truly good advice I have is that anyone who has the Meldaproduction FreeFX bundle, upgraded or not, next time you're feeling blocked or just feeling curious, take a sound source and go through the 30 or so of them that are actually sound FX and browse some factory presets. If you've paid for the upgrade, hit the button to download new presets. Just check them out whether you think you have any use for them or not. I suggest this because it took me years to get around to doing it and when I did, I discovered some interesting tools I hadn't realized I owned. They're easy to forget about when you have 30-some other FX in the bundle. The comb filter, MComb, is, in particular, an amazing device. MPhaser is also great. MTuner is the best I've seen, even does pitch-to-MIDI conversion.

[PavlovsCat]

1 hour ago, sarine said:

Hackers may or may not use a VPN (or TOR), but that's only the first step on the way, and you'd likely never know, because the attack won't originate from their computer, but another hacked device such as the yesteryear computers found in abundance in "developing countries" running old Windows versions. Chances are they've gone through quite a few devices before they attack the actual target from that last node (or multiple if the attack is of that nature, such as DoS or bruteforce login attempts).

Bots are another thing as mentioned, and those could be used for various purposes (including automated growth of the botnet), and they all aren't interested in your data, and it may be impersonal (as also mentioned). If you truly have 1000 attacks (whatever that means) per month against a company/organization (I assume), you have it pretty good. My personal firewall easily logged similar monthly numbers of SSH bruteforce login attempts and many apparently trying to leverage some known exploits - and I'm a nobody. The vast majority of them traced to China, Russia, Central Asia and South-America. I think of it mostly as cyber pollution. That's not to say there is no malice and more goal-oriented individual actors targeting specific entities, but the number of connections doesn't say much about the good:evil ratio of the world, as the reality of this technology is such that the amount of power one individual can have and the damage they can do is so disproportional to the average person who doesn't dedicate most of their time to exploiting the technology.

FTR, I am a entrepreneur and longtime business/strategy/marketing/digital marketing/branding professional, not an IT professional --so, no doubt, if you're an IT pro, you're going to understand these things far beyond me (I used to lead digital marketing at major brands, including responsibility for corporate and ecommerce websites -so I have experience with this stuff, but not at the level you would if you're an IT pro).  My point is just that it is commonplace and has been for a long time. 

As far as your earlier question on my reply to Starship Krupa, I edited my post down to my basic point so that others don't read something unintended into it. I was making an observation that people often lack self-awareness to realize the contradiction when calling themselves positive, "glass half full" and categorizing others. I wasn't making a reference to Starship Krupa when I later wrote about people liking a post, but meant that people can lack self-awareness and see themselves very differently than they actually are.  But I realized that the way I wrote it was pretty clumsy and easily misinterpreted and edited my earlier post down. FTR, I've only ever seen friendly posts from @Starship Krupa and I was responding on a philosophical level, which is, of course, maybe kinda ridiculous in the deals forum! 

Edited January 16, 2022 by PavlovsCat

[slartabartfast]

23 hours ago, PavlovsCat said:

NEVER EVER store your credit card info at a small developer's site

Not just a small developer site. Over the years I have lost credit cards stored on some of the major sites for e-commerce. Some of them (can you spell Amazon) make it hella difficult to liberate your credit card info once you have given it to them. Most of the time, I use PayPal except for sites that refuse to accept it (A-m-a-z-o-n)--not because I believe they are un-hackable, but just to narrow down where the credit card was stolen from. If your credit card lets you use a one-time alias for the real number (virtual credit card) as a payment, it is probably wise to use that. 

The problem of hacking in general has gotten worse as methods have been found to automate the location and access to sites. The days when simple attacks required  armies of bored teenagers or unemployed Africans or Eastern Europeans lured into manual scamming are pretty much over.

[jude77]

4 hours ago, sarine said:

 If you truly have 1000 attacks (whatever that means) per month against a company/organization (I assume), you have it pretty good. My personal firewall easily logged similar monthly numbers of SSH bruteforce login attempts and many apparently trying to leverage some known exploits - and I'm a nobody.

HOLY MOLY!  That's it's.  I'm going dark.  I'm off the grid.  No more internet for me.  Except for the deals forum, of course.

[Tim Smith]

Probably reiterating some of what was already said. I had a website. I am glad I stopped it. It's a full time job to maintain security. I hope 8dio can get things cleared up completely. For every attempt though, there may only be a few real threats. Some attacks can be to hack someone's info for dishonest gain. Some attacks can be more political. One site I frequent allows anyone to join, however it has a strong percentage of people from a certain persuasion ( that's what they are there for). One of the few sites on the web for this group that is well maintained and monitored.

MOST of the time only people with good intent join, but sometimes there are the trouble makers who pretended to be something they really weren't. They get in and are dealt with by the mods. Either booted completely or warned a few times first. I have to hand it to them for running such a tight ship.

Hats off to the mods here as well. 

[sarine]

11 hours ago, slartabartfast said:

The problem of hacking in general has gotten worse as methods have been found to automate the location and access to sites. The days when simple attacks required  armies of bored teenagers or unemployed Africans or Eastern Europeans lured into manual scamming are pretty much over.

 

11 hours ago, jude77 said:

HOLY MOLY!  That's it's.  I'm going dark.  I'm off the grid.  No more internet for me.  Except for the deals forum, of course.

 

Some of the things that have made it worse: 

Everyone now carries a computer (i.e. a hackable device) in their pocket that is by default connected to the Internet at all times and that means more targets for identity theft, blackmail, theft or using as a component in an attack cluster, and the average user is even less educated about cyber security which makes relatively ridiculous scams (e.g. phishing) more lucrative.

There are more people who grew up into the world permeated by this complex and fragile tech so the number of hackers is also greater. Possibilities for exploitation were globalized alongside the connectedness of the systems comprising the Internet.

The tools have gotten much better and attacks easier to deploy due to the surgence of advanced scripting languages.

 The web is built on fragile tech written in languages that are too forgiving by compromising correctness for fast results, and the problems are amplified by stacks of overly complex frameworks, copy-paste culture, general lack of stringency expected from coders (both by employees themselves and their employers, for the benefit of fast results), and frankly speaking the average coder (the ones responsible for bringing you the web experience) are less tech-savvy, passionate, and knowledgeable about computers than your average application/game/systems programmer or a system administrator, which were pretty much the only occupations available in the field (aside from the researcher who nobody cares about) before the technology became a mainstream commodity.

Broadband brought persistent connections so it is easier to form attack clusters and move fluidly between nodes in order to make yourself untraceable. Dial-ups were highly unreliable in this regard, although they also didn't tend to reserve your network address which made tracing more involving.

TOR, encrypted tunnels and non-logging VPN services that provide anonymity and wash their hands from what goes through their servers.

 

Then some things that have made it better:

NAT's make it less trivial to get into your local network from the outside. These didn't exist before broadband, and your specific client computer's IP address would be exposed in every connection you made (unless using proxy).

Firewalls are more commonplace and smarter, every home router (as well as Windows) comes with some type of configurable packet filter (along with the NAT).

Anti-virus software has become more prevalent and OS's internal protection strings and access control stricter. Viruses vs. anti-virus software has always been a game of cat & mice, but in the 90's the balance used to be far more tipped in favor of viruses than it is today.

Many ridiculously straight-forward exploitation possibilities such as "smashing the stack" no longer exist or have been made significantly more difficult. Memory management units and virtual memory abstract away memory addresses and memory/application/privilege isolation are common facilities in any modern general-purpose OS (that includes smartphones). Nowadays even when you break into a system you have to pull some advanced shenanigans like leveraging return-oriented programming in order to escalate privileges. That's not to say there aren't a bunch of scripts to throw at exploits but I'd say that today even the script-kiddies need to be smarter than their 90's versions.

VPN adds an extra layer of security and makes your connection to the outside world more opaque. Ideally you should have it configured on your router and not just the LAN clients.

The authorities are paying more attention to these things now. Telecommunications and network traffic logging is easy from a technical standpoint, and the law enforcement has adept hackers and investigators on their payroll, which makes random cyber-crime/harassment more likely to result in legal repercussions. Thank you NSA, you know I'm a friend and that I appreciate what you're doing.

 

Finally some practical advice if you decide to at least sit at the edge of the grid for convenience:

Only install applications from trusted sources. The more extreme versions of this would including downloading PDF's, images, audio/video files, as applications used for opening certain files have been known to be vulnerable to code injection (rule of thumb might be, the more complex the format or more proprietary/closed the reader, greater the chance of an exploit persisting undetected).

Keep your OS and browser up-to-date and use pro-privacy browser extensions (from trusted sources). Don't visit shady sites. More extreme version would be to disable or severely restrict execution of JavaScript on your browser.

Don't keep any personal information stored on your devices in unencrypted text or image formats.

Use NAT, firewall, anti-virus and VPN.

Don't store your most valuable data, such as photos of your kids on a connected device. Cloud services are fine but if you want to be pious about protecting your kids' privacy and identity, get a dedicated offline device & storage with redundancy (e.g. RAID) and be careful and pedantic about how you transfer files onto it, and make it the law not to connect that device to a network. Ransomware is really the biggest threat to the average person, besides identity theft and straight-forward stealing of stuff.

Don't put details about your life on the web. Don't share personal stuff on FaceBook, Whatsapp, or the three dozen other platforms that you shouldn't give any of your information to which I haven't even heard of. It's not just about the One World Government with their future AI being able to deduce more facts about you than are available to your conscious mind, but also about criminal networks acquiring, stealing, selling and sharing data in order to plan & organize burglaries or blackmailing. Or the odd lone stalker.

 

With all that said, you'll be fine. I'll be fine. We'll all - probably - be fine, if we just stop being stupid. It's like the germs on the rail or the dust mites in your bed - it's pretty disgusting when you look at it under a microscope and think about it, but as long as you're not licking the rail and you wash your sheets every now and then, there are other more pressing matters to attend.