I agree with all of that, although I’d say that if your enemy is the State, they will have the resources to compromise all three points, and if your enemy is just some Joe Bloggs then why should you worry, because his easiest route will be to send you an infected email which plants a keylogger etc on your PC…
I know this is not the most fashionable civil liberties view, and bear in mind I come from a communist country 
but if the State (in the free world) is after you badly enough to want to see your stuff, then you are probably a terrorist or some other serious criminal.
Yes the mac address of some PC ethernet cards can be changed. This is quite a useful thing because some expensive software uses a server for floating licenses, and if that server packs up, you have a big problem, so you want to build a spare server with the same mac number 
But I doubt changing the mac of a modern phone is any easier than changing its imei. Anyway, the mac # goes only as far as the most immediate network connection i.e. the wifi you are connecting to. If you want anonymity while uploading dodgy data, you need to randomise everything: the mac, the imei, the number, and this means a one-time phone – or have a rooted phone which has been heavily hacked to not do any reporting and I bet that is really hard to do.
And there is a thousand ways to slip up and make one tiny mistake which blows it all… It’s a lot easier to not be a criminal
Also remember that, in most real life contexts, if you want to p1ss off somebody via a VPN, they will probably know it is you, because who would use a VPN terminating in Russia anyway? They are not free. And you have no idea who is monitoring the far end and will send you a bitcoin blackmail demand. Russia is full of criminal activity and running VPN terminators is probably the second most popular profession there It’s like the old crypto debate of 30 years ago: crypto on comms is really useful only if everybody, or almost everybody, is using it. Nowadays, most people couldn’t care less. Let’s face it, they have already uploaded all their Contacts to FB So those using crypto stick out, and traffic analysis is normally enough. If you browse EuroGA via a VPN, you are perhaps (I have no way of checking and if I had I could not be bothered) in the 0.1% or less of daily traffic.
Far more people use a VPN to circumvent stuff like BBC Iplayer IP checking; the 100,000,000 Brits in Spain are on VPNs
Prepaid sims are hard to get in many places, because they make it so much easier to evade tax by running a business out of the back of a van. Been to Greece lately?
I am pleased to report that with some mods success has been achieved…
The comms security discussion is always enjoyable too It’s a field I was partly involved with many years ago.
The Russian guy is back, but with difficulty (the job is very slow now, due to changes we did).
Somewhat on topic:
French pilot shop trashed by hackers
(google translation)
OK; they obviously were not keeping backups. And probably running old off the shelf unpatched PHP shop code. But if somebody was able to trash their server, and their admin was this sloppy, the hacker got all the customer details too, including credit card details. Not much you can do about that now (have to get them cancelled) but one lesson is to not use the same trivial password for loads of websites. Most people do that, of course… I do too. This shop may even have been storing passwords in plain text (a very bad practice anytime in the past 15 years or so) but even hashes can be reversed, with serious hardware usually involving a high-end graphics card, if the password is short (say 4 or fewer characters), especially if the hash algorithm was some obsolete one, and the hackers got access to the whole site.
However why would somebody trash an online shop? If you stole customer data you want it to remain undiscovered. Did they have enemies? Every forum has enemies, but a shop?
I reckon somebody has organised somebody to just waste time and keep creating characters, with emails like [email protected].
They will never succeed because of the manual approval step which was brought in recently. They can do exactly nothing.
Currently all the IPs are Russian but blocking Russia is about 6500 lines in the firewall, and not practical. Previously he used African IPs; mostly TOR endpoints.
We’ve just done some changes to make life harder for bots.
Nothing should change if you are using a normal web browser, but if anyone sees any strange site behaviour, please let me know.
If I may, i think you might be potentially perpetuating the situation with this thread / posts: they are not succeeding at creating valid new users, but if their intention is to annoy you (eg because of personal issues) they’ll probably fee like they are having success since you are giving the impression you care / they are giving you extra work. It might also appear as if you are teasing them.
my 2cts on the best way of stopping this would be on just ignoring it and not give any public importance.
I agree.
Actually I now think the current lot, on Russian IPs, is just random bots. One of the indications is that one recent email used was [email protected] which if you google it has a “reputation” from various target sites
Had it been some previous EuroGA posters, the pattern would have been different.
A number of forums had to shut off new joinups in recent times, due to this. They ask you to email them if you want an account. That would reduce participation massively; some 99% of people won’t bother. It is a particular problem for a forum which is run for advert revenue and/or nobody is interested in doing much admin on it. It can cost serious time (money).
Peter wrote:
OK; they obviously were not keeping backups.
Their message suggests they were keeping backups, but these were not offline. That is, all the backups were reachable to the intruder, and (s)he trashed them, too. The same error than the big web hoster that thrashed all customer data and backups with a single “rm -rf” (the Linux command to delete directories and files, suppressing warnings and confirmations), because they were all visible, and in read+write mode, in the same filesytem hierarchy.
These “online” backups are all the rage. They are very convenient, but then… They are indeed more fragile to such accidents and malice.
Keeping a backup on the same server (or on the same virtual server VM) would be really dumb… as you say, anybody who gets root privileges can wipe the lot really fast.
Backups are a huge issue and a lot of people are not up on this. It starts from backing up family etc photos; most people don’t, and lose them when they lose a phone or laptop, etc. Web servers need backups which are physically off-site. Arranging that in a suitably secure and automated manner is not trivial.
Also most off the shelf forum / shop packages are vulnerable. All the PHP forums I know about have been hacked at some point, usually multiple times. Magento (a popular shop package) has also been hacked to steal credit card numbers; the best defence there is to use a 3rd party payment processor e.g. Paypal.
Peter wrote:
Keeping a backup on the same server (or on the same virtual server VM) would be really dumb…
Things are often more subtle. Like the server and the backup storage being reachable as a virtual/remote filesystem from the same machine, or one from the other.
Peter wrote:
Web servers need backups which are physically off-site. Arranging that in a suitably secure and automated manner is not trivial.
Indeed. Fundamentally, either the backup server must have authority to automatically connect to the to-be-backed-up host with a high privilege account (at least able to read all date, including confidential data; in practice also to run programs with a high privilege, e.g. tell the database to flush its cache, etc. Often it will be end up being root, and read-write), or the live host must have remote write access to the backup storage.
In the first case, penetration of the backup server gives access to both. In the second case, penetration of the live server gives access to both.
Theoretically, this can be mitigated by the backup software having its own client daemon (service) listening on its own port, and that daemon is able only to serve data (giving read-only access) and the daemon itself decides what command is run before backing up what data. In practice, this means having yet another daemon listening on the network, with an authentication system and general quality of implementation security-wise that is just not up to par with the generic “access with high privilege account” or “remote write access to files” used in the previous scenarios, and increases your attack surface. And in practice, central configuration is just too damn convenient, so in practice the backup server decides what command is run, and you have an SSH-equivalent, only with poorer security.
Again, this can be mitigated by having the backup daemon listen only on a dedicated network link (real or VPN) to the backup server, but that’s faaar beyond most setups.
