• geekworking@lemmy.world
    link
    fedilink
    English
    arrow-up
    148
    arrow-down
    1
    ·
    10 months ago

    accounts of a subsidiary of one of the world’s largest e-commerce entities.

    How to say AWS without saying AWS.

      • hpca01@programming.dev
        link
        fedilink
        English
        arrow-up
        67
        ·
        10 months ago

        It’s not fun, I got hacked through an archived git repo, for when I was learning to use AWS, following tutorials and whatnot.

        Forgot about it for years, then out of nowhere got hit for 27k…needless to say I said good luck collecting that shit.

        They waived it all granted I logged in and deleted all resources that were running as well as removed all identities. Sure as hell I did that and saw a ton of identities out in the middle of nowhere. Fucking hackers ran up a shit ton of AWS sagemaker resources trying to probably hack some dude’s wallet.

        Every time I see a tutorial on how to deploy x in AWS, I get pissed. The newbies need to learn about administration before they start deploying shit on cloud infra.

        • Dave.@aussie.zone
          link
          fedilink
          English
          arrow-up
          18
          ·
          10 months ago

          I’m always a bit paranoid about my google compute account. Opened it many years ago, ran a few instances for a few dollars for a few months, had enough, oh look there’s no easy “delete just my google compute account” button.

          Unhooked all the payment methods, shut everything off, turned out the lights, but it seems I can’t leave the building.

          • hpca01@programming.dev
            link
            fedilink
            English
            arrow-up
            8
            ·
            10 months ago

            Funny thing I had a paranoid freakout too before I got hacked on AWS, I had bought a visa gift card and that’s what I put in as a payment card on AWS. Of course they know where I live and could still screw me, but they would have to do it on their own dime.

            They make it really hard to leave or just use a specific service only. I use them for DNS, objectively it’s supposed to be cheap AF pay yearly, but now I have to pay $2 a month just to do all the auxiliary stuff to notify me that I got hacked.

            I’m buying a server rack soon and just got a full symmetric fiber line put in so I can do my own hosting.

            • Dave.@aussie.zone
              link
              fedilink
              English
              arrow-up
              3
              ·
              10 months ago

              Everything is so intertwined, and that’s the way they like it. Do I trust some random support bot/person in Google to unhook and delete my compute account from my google identity and not accidentally trash the rest of my 15 year identity with Google/Gmail? Hell no. So my compute account still sits there idle.

              I guess it bolsters their metrics, that’s nice for them I suppose.

        • Max-P@lemmy.max-p.me
          link
          fedilink
          English
          arrow-up
          8
          ·
          10 months ago

          I especially hate that this culture now made its way into the corporate world too. It’s now normal and expected that a developer will just have to follow one of the AWS tutorials to get the thing going and leave it like that.

          Nobody thinks about how they’re going to compose their resources anymore, all the AWS “experts” just spit out their AWS training verbatim without any thoughts of their own.

          • nybble41@programming.dev
            link
            fedilink
            English
            arrow-up
            2
            ·
            10 months ago

            I’d settle for just the limits, personally.

            The part that makes me the most paranoid is the outbound data. They set every VM up with a 5 Gbps symmetric link, which is cool and all, but then you get charged based on how much data you send. When everything’s working properly that’s not an issue as the data size is predictable, but if something goes wrong you could end up with a huge bill before you even find out about the problem. My solution, for my own peace of mind, was to configure traffic shaping inside the VM to throttle the uplink to a more manageable speed and then set alarms which will automatically shut down the instance after observing sustained high traffic, either short-term or long-term. That’s still reliant on correct configuration, however, and consumes a decent chunk of the free-tier alarms. I’d prefer to be able to set hard spending limits for specific services like CPU time and network traffic and not have to worry about accidentally running up a bill.

  • Poutinetown@lemmy.ca
    link
    fedilink
    English
    arrow-up
    32
    arrow-down
    2
    ·
    10 months ago

    By using the computing resources of others’ servers to mine cryptocurrency, the cybercriminals can profit at the expense of the compromised organizations, whose CPU and GPU performance is degraded by the mining.

    Oh boy, where do I start…

    • BearOfaTime@lemm.ee
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      6
      ·
      10 months ago

      Right?

      I have so little sympathy for people who get owned today…

      And I say this as someone who’s always dragging my own feet to follow new security protocols and concepts, change passwords often, etc.

      But on the professional side… I do everything, and don’t let anything slide, even something seemingly minor. It’s those cracks that get exploited.

      So dot your “T’s” and cross your “I’s”, because that’s how you ensure this stuff doesn’t happen. Layers, layers and layers of security and oversight.