May 6, 2012
Hackers are Yucky!
As most of you guessed, last week ChaosMen.com was being hacked by a persistent hacker. Most adult websites deal with this routinely. DOS (Denial of Service attacks) are pretty common. Unfortunately, this was not one of those. This one really kept at it, and as we sealed up one hole, he would take advantage of another. Finally, he got frustrated and posted a homophobic remark on the site, and we finally blocked several key “hacky” countries while we continued to search for security holes.
ALL sites get hacked. The FBI, CIA, Sony Playstation, Twitter, Facebook… No matter how good you are, someone with determination will keep trying. For almost a decade we have kept them at bay, and longtime members have endured several DOS attacks where the site slows to a crawl. We do our best, but we aren’t security professionals here. No one really is. I think security companies and even the FBI end up employing hackers rather than putting them in jail.
I am always aware the site is under constant attack. At least once a month I am reminded while someone noses around the site. I even made it part of the Terms and Conditions page, that this site WILL get hacked, and will go down. It’s just a given. The site stores no personal information, and all transactions occur at CCBill and Epoch. Injecting code and virus, well that just ain’t good!
I had 3-4 very nice emails from members who work for private companies telling me horror stories of how their mail server was hacked, or their private server was hijacked. Of course there were some angry member and non-members(?!?) quite upset that the site was not up, but also trying to redirect and infect their computers. Understandable. I apologize for not being able to fend this one off!
Having said that. . .
Wear a Condom on Your Computer!
All I can tell you, is much like my Condom Use Statement, you have to protect yourself. Go to downloads.com and try some of their top-rated security software. Also, get a copy of Malwarebytes Anti-Malware and at least once a month scan your computer.
Every week I am updating usernames and passwords for 2 to 3 members who have had their credentials lifted directly from their computer or using an insecure wireless connection. The only pattern I can see are members who use the same login at every site, and also join the site many times with the same credentials, which likely means they use the same login everywhere. It is bound to get out there!
I update their login, and advise them to scan their computer aggressively. I have done this for members hundreds of times over the years, and thankfully I have yet to see a repeat where that usernames gets lifted again. I never take the stance that members deliberately share their login info. Users are bound to get hacked too!
If you are looking for a cool Password Manager, check out Splash Data’s SplashID. Usually they have a free mobile app, and you just need SplashID installed on your computer($40). It will sync your information with your phone, so you have your logins with you at all times! It will generate usernames and passwords, for people like me, who aren’t very creative.
Yes the software is currently listed for $39.95, but I gotta tell you, and perhaps I have many logins for many things, but this software keeps me sane, especially when you have it synced with your phone!
Don’t be an Apple Lemming!
I love Love LOVE Apple stuff! Great gadgets and computers! Awesome design! I am an Apple Lemming myself!
Apple has done a fine job letting everyone know how bad Microsoft’s OS is, and how perfectly safe their OS is. Well that has come back to haunt them as the latest news reports are that if you own a Mac, you are now a prime target for hackers. I find most users with password sharing issues are on Macs. You make up much more of the market share, and most user don’t have even the most basic protection setup, believing their computer is secure.
It is not. Lots of great software now to protect your investment and identity. Go to downloads.com and search on Security Software for the Mac and find the highest ratings one and install one now.
Apple is having to change it’s party-line on how secure they are. They have thrown down the gauntlet to hackers… which leads me to another point…
Making Bold Statements During A Hack Attack!
I did do a press release to CCBill, Epoch, and all active affiliates about the hacking. But because the hacker was still around, posting a message on the site that it is “perfectly safe and under control” would likely not only increase their attack, but also, invite others to join the hacking frenzy. No sense advertising vulnerability.
It took us about 4 hours last Monday to rebuild what was damaged. Later that day, we decided to refresh the username and password files, as both Epoch and CCBill were unable to add new members or delete lapsed ones when the site was down. They both ended up nuking each other’s logins over and over. Thankfully my web-hosting team was there to make sure the names got added back in. CCBill continues to lose about 300 names during these re-adds, and I now have a special message for members to see when their login fails to contact Support.
I have a rather high opinion of my members. They are smart enough to know when something is happening. If the site is acting crazy or terribly slow, we are likely under attack, and they know it. Many sent me Trouble Tickets, Thank you! Everyone keep your AV software updated, and scan your computer, which you should be doing already.
Use the Trouble Ticket System!
A few of you will report to CCBill or Epoch an issue. I understand that you might need to if the site is DOA. But I find many users feel cheated or just don’t email or use the trouble ticket system to allow us to troubleshoot their issue. WE WANT TO HELP!
I check it often, and my server team also jumps in when I am filming, sick, or otherwise unable to timely respond. We often will escalate video playback issues and will even offer to remote into your computer to help trouble shoot an issue that is not easily resolved.
You don’t even have to create an account, just Submit a Ticket by Clicking the Next Button!
For all the members who stuck by while this attack happened. I prefer not to run and hide when an anti-porn or homophobic attack happens. I am glad to see many of you are as determined as me! I would love to say it will be the last, suspect it won’t be, but let’s keep our fingers crossed!