Self hosting is less appealing for criminals, though. Especially if the protocol is “vanilla” like ssh.
When you hack LastPass you know what you’ll find, millions of passwords. When you hack a dude ssh you have one chance over one million that there is one dude password wallet.
It doesn’t make financial sense to hack self hosting (unless it’s specific server software)
You need to aumatize any operation… It’s not conceivable that an human look at every device for stuff to steal. It would be even more expensive.
Generally all these bit malware do is 1) using a vulnerability to replicate themselves 2) mine crypto or other kind of crap. Sometimes (1) involves also stealing ssh keys but it’s not the goal, it the mean.
Self hosting password/code/photos/whatever niches you are almost guaranteed that no human will look at hit because the amount of IoT/Routers/etc with nothing valuable beyond themselves generally composes the majority of these compromised bots
diffusive@lemmy.world 1 year ago
Self hosting is less appealing for criminals, though. Especially if the protocol is “vanilla” like ssh.
When you hack LastPass you know what you’ll find, millions of passwords. When you hack a dude ssh you have one chance over one million that there is one dude password wallet.
It doesn’t make financial sense to hack self hosting (unless it’s specific server software)
ribboo@lemm.ee 1 year ago
There are plenty of use cases for going after self hosters. Bot farms are basically made up of “regular” computers infected with malware.
While you’re at it and have access to tens of thousands computers, also grabbing their passwords is just a nice bonus.
diffusive@lemmy.world 1 year ago
You need to aumatize any operation… It’s not conceivable that an human look at every device for stuff to steal. It would be even more expensive.
Generally all these bit malware do is 1) using a vulnerability to replicate themselves 2) mine crypto or other kind of crap. Sometimes (1) involves also stealing ssh keys but it’s not the goal, it the mean.
Self hosting password/code/photos/whatever niches you are almost guaranteed that no human will look at hit because the amount of IoT/Routers/etc with nothing valuable beyond themselves generally composes the majority of these compromised bots
This is just the economic incentive
ribboo@lemm.ee 1 year ago
Oh yes, because automating a search for csv and json files to search for mail addresses and passwords can’t be done by malware. It must be a human.
Common. This happens on massive scale, wether you like it or not.
securityboulevard.com/2023/06/…/amp/
mybroadband.co.za/news/security/…/amp
phys.org/…/2013-12-stolen-credentials-million-com…