Header snip originally from giphy, added onto to by other enthusiastic fans, and then I took it through memedad.
-Mobile continuation from Xanga blog PinkyGuerrero
-Most of the graphics and vids click to sources.
-Personal blog for Janika Banks.
 photo README2.gif

Translate

Monday, October 24, 2016

lol, I found a stats with cats blog

click for stats with cats
Do you guys ever check the logins on your accounts? Some accounts, like G+, automatically let me know if someone tries to log in with a wrong password, but many accounts don't. For instance, I discovered today that my another one of my accounts had an unsuccessful login attempt last Wednesday.


It's easy to geolocate IP addresses.


If this had been an IP lookup for geolocation on an IP showing up in my tracker, it could have pinged 5 different ways, depending on the device, the software, the service, the browser, a mask, and a few other possible things. Like sometimes an out of country visitor will ping through Mountain Home because Google translate, which is in California, simultaneously ping in through one of a handful of states depending on a facebook bot if that's where they clicked the link, ping a region and then a couple of cities depending on their carrier service and whether it's layered with a wifi plan or something, etc. I'm getting really used to seeing how people ping in looking at my stuff. This particular login attempt (not a link click or keyword search) was very DIRECT, local, and either bot-coded not to ping anything in a list more than once to draw attention, or was a live person playing around typing in my name. There was only one attempt because it's so easy to raise flags nowadays doing that.

When I check my facebook login, I can show up in several different states just depending on what device I'm using. I am familiar with my own IP proxies and regularly fuss with statcounter about their project cookie blocker since it blocks a fuzzy spread that isn't just me, so statcounter and blogger disagree on how many IPs are actually eyes on blog. Stuff like that.

I know this is a lot of gunk that seems unnecessary, but if you haven't yet secured your accounts with security backup codes, you need to. If I log out of an account and then log back in, even on the same device a few seconds later, that account will send a security code TO MY PHONE, and I will have to type that code into my login to continue. So far I've never had a security code show up out of the blue to my phone without it being me. If one ever does, I'll know someone is trying to login and trips the verification wire. The account that stopped the login attempt left me a note that it wasn't necessary for me to check my backup since security wasn't breached.


I kind of joke around sometimes about site hacking. My kind of slang for 'hacking' is running into back doors on unsecured pages. I never try to login to someone's account. Ever. I'm really good at finding holes and flaws in host site security, and it's usually accidental. I can assure you Vimeo is one of the worst sites for actual security. A few years ago Facebook was so bad that I was able to find back doors into private timelines whenever I wanted. They've got that fixed now, but it still doesn't help that their source code is unsecured. Myspace got so bad that they had to just wipe and rebuild, and before their rebuild I was going in manually recoding my embedded youtubes every few months just because they kept upgrading their security and knocking the coding off. Things are a lot better nowadays, but there are still lots of holes and ways in and around accounts to see content without logins, so if someone is actually trying to login, it's to get your personal info- banking, location, birthdate and social, OR to royally screw and spam your account. I've watched a few people work diligently trying to get swiped twitter accounts back when all they had to do was secure it with a login code in the first place to prevent all kinds of stress and tears.

I'm not saying that's foolproof. Last year my Facebook personal info was hijacked into a foreign 'facebook' account and someone was pretending to be me. It was harmless, but believable, so I contacted Facebook security and they were very prompt looking into it. I don't know if their promptness had anything to do with my Facebook account being what I use to verify a couple of other accounts, but hubbing accounts definitely helps prove you are who you say you are, especially if they're all sharing the same email address. The flaw with this is how vulnerable the entire architecture is if the email address is compromised, and I've seen that happen, too. One of the reasons I'm very open about who I am across social media is so it will be very obvious if any of my stuff ever gets hijacked. I'm hub verified through gravatar, about me, G+, and even had a real pinterest verification before they decided to upgrade verification requirements.

Years ago, a few people did try to login to some older accounts I had that I could see happening over and over on a really good tracker, and when I first set up G+ I got a solid login attempt notification complete with IP and a sweet little zoom map. I expect people to test me once in awhile when I toss around being a little bit tech savvy, so I publicly blew it off, although I'll always have that info. I'm sure there've been other attempts I don't even know about, but the personal attempts have pretty much stopped with multiple step verification turned on, because that's the fastest way in the world to find out there's a hack attempt going down live. I know that sounds exciting, but it's not. It's mostly just a big facepalm and extra work having to check on who is it now kind of thing.

Since I do have friends all over the world connected with me across my social medias, I'm quite used to seeing a wide variety of areas pinging my trackers. It's fun to watch numbers and maps, and sometimes I can even pin down who they are, but mostly it's a sport I really don't have time for. Login attempts, however, get my full attention. And I know some of you will naively shrug that off as spam bots, but bots swarm around sticking on without ever having to login. You'd be amazed how many porn site pingbacks Pinky blog gets from people playing around with apps looking for keywords, and don't worry, those don't show up in statcounter.

As always, this kind of stuff makes a birthday more fun, like last year. I'm taking a quiet day off not doing much, dinking around my piles of stuff and running into things. I bought a waffle iron to make chocolate cake waffles this year, but I haven't even started that yet. I'm thinking about playing around with a coffee flavored cream cheese fluff dip. I know Scott won't be crazy about it, but I bought him some ice cream today to make up for it.

This song has really been sticking with me the last few days. I think it's a birthday thing. There's so much I want to talk to her about, but so many years passed that I think we've just lost that part, and all we can do is let there be a gap. It's funny that most of my life has been about big gaps left behind me...

No comments:

Post a Comment