Vintage Mustang Forums banner

161 - 180 of 213 Posts

·
Registered
Joined
·
682 Posts
Ok so how do I make sure these things are NOT doing that from my house ?
Shoot the television.

Just kidding! Do not shoot the television. You can't do anything to secure web-connected consumer devices except hope the designers used a secure embedded OS. It's their reponsibility to track their devices and release new firmware as needed. You can check their web site to see if they have firmware updates. But unless you install a "packet sniffer" upstream of the device, there's actually no way for you to tell if it's sending out data without your consent.

Then again, I can almost guarantee that both your cable box and TV are reporting what you watch (and when) so the Internet provider and TV maker can re-sell that information. Of course, that's not "hacking". That's "Informed Consent" in the End User Agreement nobody reads.

I personally don't use smart phones, so I can't help you there. Malware protection for computers is built into the latest OS, but you can also install aftermarket tools.
 

·
Registered
Joined
·
3,426 Posts
So no fix for this mess? Every hour tonight. I'm really missing the old slow forum!
 

·
Registered
Joined
·
709 Posts
Shoot the television.

Just kidding! Do not shoot the television. You can't do anything to secure web-connected consumer devices except hope the designers used a secure embedded OS. It's their reponsibility to track their devices and release new firmware as needed. You can check their web site to see if they have firmware updates. But unless you install a "packet sniffer" upstream of the device, there's actually no way for you to tell if it's sending out data without your consent.

Then again, I can almost guarantee that both your cable box and TV are reporting what you watch (and when) so the Internet provider and TV maker can re-sell that information. Of course, that's not "hacking". That's "Informed Consent" in the End User Agreement nobody reads.

I personally don't use smart phones, so I can't help you there. Malware protection for computers is built into the latest OS, but you can also install aftermarket tools.
Good news , Its NOT my TV,wife wanted to do something on the web and wanted to use the TV,It was not connected to the net.
 

·
Registered
Joined
·
1,874 Posts
The source of most bots is usually web hosting companies. They allow baddies to openly rent space and/or they host hacked web sites. For example, Amazon Web Service (AWS) and GoDaddy are both cesspools of hacked web sites and malicious bots. It's so bad, I now suspect that most AWS customers are Russian mafia.
Bot ops are typically foreign state actors using operations that are farms. Many times these are state supported or encouraged. The large ops don’t operate on compromised machines as they have large networks from which they direct the attack. I don't think you understand what AWS provides. It’s an enterprise grade infrastructure as a service and not a “web hosting” company. An AWS based op of that scale would cost hundreds if not thousands a day and be easily detected. The smaller less sophisticated guys often run on compromised third party servers but they aren’t the guys doing it at this scale.

I’d guess that rather than being an advertising campaign it’s a recon op designed to see if they can penetrate the infrastructure. Could be to to see if they can find something of value or compromise the site or ad network in a way where they could compromise the user’s devices. The problem isn’t foreign language spam it’s the activity the spam is meant to cover.
 

·
Registered
Joined
·
682 Posts
Bot ops are typically foreign state actors using operations that are farms. Many times these are state supported or encouraged.
I agree. But I'm also pragmatic. I don't care who they are. Whether they're official government hackers, mafia, amateur script-kiddies, students, or an unemployed Romanian teacher, or all of the above... they get blocked wholesale.

I don't think you understand what AWS provides.
Again, it's irrelevant to me. I don't care about the nation of origin or company name if there's 99.9999% baddies coming from their networks. I've only had one legitamate source of traffic from AWS in the past 6 years, and that's DuckDuckGoBot. So I make a hole for that one bot. Otherwise, AWS is a cesspool of bots, hack attempts, and DDoS attacks.

The nice thing about AWS (like Russia and China) is that they're rich and their IP Ranges come in vast chunks. It's just delicious to use those big "/10" or "/11" CIDR ranges. I actually get to use "/8" blocks for Africa. That's rare.

The owner of an IP Range is ultimately responsible for the crap coming out of their networks. Over several years of accumulating data and analyzing patterns, it became obvious that AWS is by far the worst domestic offender. There is something systemically wrong with AWS. If I had to guess, I'd say they're swimming in money, lazy, and don't care about anyone else.

A quick search at the "webmasterworld.com" forum reveals that I'm not the only person who recognizes that AWS is a cesspool. If you work for AWS or have connections there, please pass up the corporate chain that most independent webmasters think they stink on ice.



 

·
Registered
Joined
·
1,874 Posts
Again, it's irrelevant to me. I don't care about the nation of origin or company name if there's 99.9999% baddies coming from their networks. I've only had one legitamate source of traffic from AWS in the past 6 years, and that's DuckDuckGoBot.
Just looking at an IP address won’t tell you where it came from. What sort of deep packet inspection are you doing? At what layer are you doing this inspection and with what hardware? There are plenty of reasons not to like the way Bezos and his companies do business. Using webmaster world as an authoritative source? Seriously?

The people hitting this site aren’t morons advertising in Chinese language on an English speaking forum. If I had to take a WAG I’d reckon they were attempting injection exploits at either the presentation layer or in the SQL.
 

·
Registered
Joined
·
682 Posts
Of course my rants against irresponsible web servers is off-topic and has nothing to do with these specific forum spammers. I thought that was self evident. Abstractly, they are both part of a larger problem.
 

·
Registered
Joined
·
26 Posts
Awesome, they have now hit the Mod and Custom forum...
 

·
Premium Member
Joined
·
10,293 Posts
I nominate 4ocious to be an Administrator or Super Moderator. He's awake all hours of the night so he can zap this cheap chinese crap before most of us have to bother with it!
 

·
Premium Member
Joined
·
10,293 Posts
One would think there's a script that would not allow Chinese fonts and automatically ban a user who attempts to use more than 3 Chinese fonts in a post.
You'd think there would be lots of things like requiring a person to submit a request for membership that must be filled out in English and approved by a moderator before being able to post.
 
161 - 180 of 213 Posts
Top