c/cybersecurity-tips

My home server got locked out by my own firewall rule

Last Tuesday night, I was setting up a new Pi-hole on a Raspberry Pi to block ads. I added a rule to my firewall to only allow my laptop's IP to connect to the admin page. I typed the last digit of my IP wrong, so the rule blocked me instead. I spent about an hour thinking my Pi had crashed before I realized my mistake. Had to plug a monitor directly into the thing to fix it. Anyone else ever lock themselves out with a typo?

Shoutout to the weird email that saved my bank account

I was at a coffee shop in Austin last Tuesday, just checking my phone, when I got a password reset email for my bank that I didn't ask for. I felt my stomach drop. I called the bank right away from my own phone, not the link in the email, and they confirmed someone was trying to get into my account from a different state. They froze it on the spot. Has anyone else gotten a random reset email that turned out to be a real attack?

Just got my 10,000th blocked login attempt alert from my home server

It happened overnight, mostly from IPs in Vietnam and Brazil trying default SSH passwords. I run a basic fail2ban setup on an old Ubuntu box, but seeing that exact number pop up made me realize how constant the background noise of attacks really is. What's a good way to tell if these are just bots or something more targeted I should worry about?

My home network went down for a full day because of a bad DNS setting

Everything just stopped working one night, no internet on any device. I spent hours rebooting the router, checking cables, and even called my ISP who said everything looked fine on their end. The real problem was a custom DNS server address I had put in my router months ago for a project, and that server had shut down. I didn't think to check that first because I forgot I even set it. It took me about 8 hours of messing with things before I finally logged into the router's admin page and saw the setting. Has anyone else had a simple, forgotten change cause a huge headache like that?

PSA: I saw a huge jump in fake delivery texts after the holidays in my town...

Last week, my mom in Springfield got a text about a 'missed package' with a link, and three years ago that same scam was just a basic email saying your account was locked.

My home network used to be a mess until I mapped it out on a whiteboard

About three months ago, I realized I had over 30 devices connected to my wifi in Austin, from smart bulbs to old tablets. I drew a simple map of everything on a whiteboard and found a smart plug I forgot about that was still on its default password. After I changed that and set up a guest network for visitors, the random slowdowns I had every evening just stopped. Has anyone else done something like this to clean up their home setup?

A hotel wifi login page in Denver completely changed how I think about public networks

I clicked a link in an email from my kid's school and it was a fake login page

It looked exactly like the real parent portal, but the URL was off by one letter. I almost put in my password. Now I check the address bar every single time before I type anything. Has anyone else seen these copycat sites getting really good lately?

Back in 2012, I thought having a single strong password for everything was the smart move.

A friend saw me log into three different sites with the same one and just said, 'Man, you're putting all your eggs in one basket.' Has anyone else had a simple comment totally flip their thinking like that?

My cousin roasted my password game at a family BBQ in Omaha

Honestly, he saw me unlock my phone and just said 'Patricia, your password is literally your dog's name and your birthday, a toddler could hack you.' Tbh, I felt so called out I went home and finally set up a password manager and made everything random. Ngl, what's the dumbest password you ever used before you knew better?

My friend in Phoenix said his bank account got drained after he clicked a text about a late package

I'm convinced that SMS phishing is the biggest threat to normal folks now, not some fancy malware, so what's the best way to spot a fake text before you click?

Honestly, I switched from a single password for everything to a password manager after my old email got hit in a breach last month.

Ngl, the breach was from a forum I signed up for in 2015, and now I'm wondering if anyone has a good method for finding and deleting those old, forgotten accounts.

I spent $90 on a 'secure' VPN that actually slowed my internet to a crawl

I bought a year of this VPN service last month because the ads made it sound like a fortress for your data. Big mistake. My download speed dropped from 180 Mbps to under 20, making simple video calls impossible. The worst part? I was trying to be safe on public Wi-Fi, but the connection was so bad I just turned it off and risked it. I looked it up and found out the company uses really old servers that can't handle modern traffic. That's $90 gone for a service that made my online life harder, not safer. Has anyone found a VPN that actually works without killing your speed?

Shoutout to the free password manager I found after my email got hacked

My Gmail got broken into last week because I reused the same password on a sketchy forum. Downloaded Bitwarden, set up a master password, and it auto-generated unique ones for everything. Anyone else switch to a manager after a scare and have tips for remembering the master key?

My bank called about a login from Florida, but I was in Ohio the whole time

I got a fraud alert from my bank last Tuesday about a login attempt from Miami. The thing is, I've been using the same password, 'Summer2021!', for three different accounts for years. I always thought adding the exclamation point made it strong enough. Has anyone else had a wake-up call like this about password reuse?

My cousin told me his password was 'password123' because 'nobody would guess it'...

This was at a family BBQ in Austin last summer, and I had to explain why that's the first thing a script tries. Anyone else have a story about a simple security mistake that just made you shake your head?

I thought my dad was nuts for using a password manager until my bank account got hit

He kept telling me to use one for years, but I figured my system of three passwords with numbers swapped was fine. Then last Tuesday, I got a $1,200 charge from a place in Florida I've never been, and my bank said it was likely from a reused password on a breached site. What's the easiest password manager to start with for someone who hates extra steps?

My home server got hit with a brute force attack last month. I tried a weird trick with fail2ban and it actually worked.

Just read that most people reuse the same password across 14 different sites

I saw this stat in a report from the National Cyber Security Centre last month. It means if one site gets hacked, attackers can try that same login on 13 other places you might have an account. I checked my own password manager and I was doing it too, just with a few variations. That's a huge risk for something like your email or bank account. Has anyone found a good way to break this habit without getting totally locked out?

Remember when everyone just clicked 'update later' on their computers?

Honestly, back in like 2015, my whole family would ignore those software update popups for weeks. Tbh, we just saw them as annoying. Then the big ransomware stuff hit the news, and our IT guy at work gave a talk showing how many attacks used old, unpatched software. Ngl, it scared me straight. Now I have auto-updates on for everything at home. Has your update habit changed too?

I spent $40 on a password manager and it caught a weird login attempt last night

I finally got a password manager (Bitwarden) after my sister kept telling me to. Last night, I got an alert on my phone about a login attempt from a city I've never been to. The app blocked it because the password was unique to that site and they didn't have my master key. It would have been my old reused password on a dozen other sites. Has anyone else had their manager stop something like this?

After my friend's garage got broken into in Austin, I finally set up a separate guest network for all smart home gadgets.

The thieves got in by exploiting a known vulnerability in a cheap smart lock, which gave them access to the whole home network and all the devices on it, so now I always isolate IoT stuff on its own VLAN.

TIL a hard lesson about public Wi-Fi at the Denver airport last month

I logged into a fake network that looked real, and someone tried to get into my email before I shut it down. How do you guys safely check things when you're stuck traveling and need to connect?

My neighbor's kid just got his whole Xbox account wiped because he used the same password for everything.

A hotel Wi-Fi login page in Denver made me change my travel habits

Last month in Denver, I tried to connect to the hotel's free Wi-Fi. The login page looked real but asked for my email password, not just a room number. I checked the network name and saw it was 'HotelGuest_2' instead of the official one. I asked the front desk and they said the real one was 'DenverInn_Guest' with no password needed. Now I always double-check network names before I connect on trips. How do you guys check if a public Wi-Fi is safe?