MondaySundaySaturdayFridayThursdayWednesdayTuesday

What a Hacker Stole from Me

wonger_ 384 points mynoise.net
BLKNSLVR
Lovely, but naive.

But naive in a way that most people (?) would like the world to be.

But ultimately, unfortunately, unrealistic.

Building has always been the kind of difficult that, had you known at the beginning then maybe you wouldn't have started. And still quickly and easily destroyed.

Keep creating and building, otherwise there's nothing else to do. Love the obstacles for challenge of defeating them, don't hate them for their existence. To build X you often have to build A, B, and C (and sometimes all the rest of the alphabet) just to have the right setup to maximise the success of X. It can grind, but focus on the benefits of X.

Which sounds like the position they've taken, thankfully.

(Where X represents "anything" and is specifically not the <whatever it's classified as> platform formally known as Twitter).

The melancholy will return, just ride it out each time. It gets easier, gradually.

drdiamo
Lovely, but naive.

it’s unbelievable to me that anyone would do this to him.

are you familiar with what he’s done? the amount of work he’s put into helping people?

you should dig a little bit more into the story before badmouthing someone.

honkycat
A bored teenager doesn't care.

There are people in the world who are profoundly nihilistic[0]. They will do mean shit for no reasons, and move on without caring.

This has always been true throughout human history.

Father, forgive them, for they know not what they do

0: often without actually knowing what that word means

dmd
I love the guy, I love mynoise, but he needs to chill out. Nobody "did this to him". This is almost certainly, like 99.99% certainly, just normal internet noise and he's just never noticed before. All sites get this sort of thing.
algorithmsRcool
That doesn't make it ok or less impactful. He's been running MyNoise for years and it sounds like if he had been attacked before, this one was much worse, prompting a blog post about it.
giantg2
Many malicious people don't care if their target does good deeds. In some cases it makes them a bigger target, like hospitals are to ransomware.
BLKNSLVR
No intent to badmouth from my side. I'm not trying to come from whatever angle it might look like to you that I'm coming from.
wizardforhire
Regardless of the moral and ethical implications brought up in response to the individual in TFA, you’re spot on. One of my favorite reasons for creating is that it’s me against myself vs reality. Theres not an endeavor I find myself in that this is not true… of course I have the privilege of having accomplished all of my life goals from childhood at an early age, which only led to depression. So I set loftier goals only to complete them. It was only the third time around and confronting failure did it finally click that it wasn’t about accomplishing things and it was all about the journey. I was a latch key kid, so basic stuff like this and everything else that people from well adjusted families that are not poor af I’ve had to learn the hardest way possible. Which I guess in a way is a super power because now whatever I want to do I know what the learning curve looks and feels like and I know that failing a lot is the only way to crawl out of the trough of disillusionment.
neuralkoi
I really like this perspective, it's right along there with what the Stoics would do:

"The wise act with a reverse clause--meaning that they not only consider what might go wrong, but they are prepared for that to be exactly what they want to happen--it is an opportunity for excellence and virtue.

Guvante
Doesn't have to be naive we have just decided to not allow this kind of website to exist by forcing them to deal with anyone else.

Want to know why? Because major websites have to do is no matter what so figure minor websites getting screwed doesn't matter.

socalgal2
hackers effectively killed https://glslsandbox.com It's been closed for about a year and a half because some hackers spammed it and no one has time to deal with it. There are other sites like shadertoy that do something similar but still, it sucks to see someone's project get shit on by assholes.

As for denial of service issues, because it's free I've mostly hidden behind cloudflare in the hope of not having to personally deal with those kinds of issues on my own stuff.

It's always annoying to me the hacker attitude of "it's your fault if I can break your stuff. You should have implemented it better". Well, I can break your windows, your door, your body and it wouldn't be an excuse that it's your fault because it's possible. Still, I know it's impossible to get rid of the assholes so ...

beeflet
Physical systems are different from information systems. You can make an impenetrable information system, but not an impenetrable physical system. Physical systems are inherently safe due to their locality, and can benefit from security-by-obscurity.

When you hook up a weak information system to a global network where anyone can interact with it, and someone finds a way to break it, perhaps it is worth looking into the systemic weaknesses instead of getting angry about a given attacker.

bronlund
The unfair match between good and bad has most likely been a conundrum for thousands of years. Multiple solutions has been proposed as to how to deal with the bad ones, including; kill them, forgive them, educate and reform them - but nothing really seems to work.

One solution might be to gather them all up and send them to another planet were they can live as they please without bothering the good ones - and some might suggest that this is exactly what they did and here we are :)

thijson
I think I saw an article recently where someone used the http protocol to serve gzipped content that was specially crafted to explode in size on the receiver side. This could be a good preventative to crawlers as they don't typically have that much space dedicated to each instance.
bronlund
I like the general idea of having zero tolerance for bad behaviour.
lcnPylGDnU4H9OF
bad behaviour

It’s worth noting that the “zip bomb” was at a resource location specified in the Disallow section of robots.txt, meaning the server specifically told the bot not to go there and it did anyway.

(Not that the parent commenter seems confused, just that it hadn’t been noted.)

tux1968
gather them all up and send them to another planet...

Has been tried before, they started with telephone sanitizers, hairdressers, and advertising account executives

erikerikson
I thought you were talking about Australia
bronlund
:D
ValentineC
One solution might be to gather them all up and send them to another planet were they can live as they please without bothering the good ones - and some might suggest that this is exactly what they did and here we are :)

Sounds like we're the bad ones here.

bronlund
If we take the planet as a whole, we definitely are!
tiahura
When have we tried killing malicious hackers?
bronlund
One example is Junaid Hussain. Drone strikes may not be for everyone, but killing hackers isn't anything new.
drpixie
1. Don't take it personally. They don't know or care who you are.

2. Some kind of rate limiter is becoming essential for servers. Scanning/probing is worse than rude but there's plenty of obnoxious out there.

Fail2ban can easily be configured to handle simple login or vulnerability scans.

If there's not something similar for web servers, it wouldn't be hard to write one. Anyone know of fail2ban or rate-limiters for webservers?

rvnx
Needs to put Cloudflare (free plan) in front of the website and the problem is fixed
VladVladikoff
Maybe I’m just a curmudgeonly old fart but I’m so tired of everyone pretending like the entire internet being MiTM’d by Cloudflare is somehow a good thing.

FWIF if you are looking for a decent alternative take a look at ModSecurity project by OWASP.

rvnx
It’s a good cost vs reward ratio in that specific case. Very little risk if NSA knows your MyNoise history. And for emails and very confidential content they have partnerships with Apple, Google, Meta, etc
beeflet
Think bigger. Very little risk if the NSA knows your MyNoise history, very great risk if the government knows all of your history.

SSL added and removed here :)

brookst
One good sign that your viewpoint may not be well thought through is if you find yourself claiming that any contrary opinions could only be pretense.
VladVladikoff
Yeah. You’re right. I should have spent the time to write out my thoughts more succinctly. I appreciate your comment. It’s what I really enjoy about discourse on hackernews.

My main problem with it is that we put all websites behind a single point of failure. One with large corporate interests. It is the antithesis of the free and open web.

Also I dislike it from a technical standpoint. It makes response times from the server much worse. And I spend a lot of time improving the performance of my sites, to throw that all away because I’m afraid of hackers seems like the wrong solution to me personally.

reddalo
The state of the internet is a bit sad if we need to collectively rely on Cloudflare. And we don't even have other free alternatives (that I know of).
kmoser
Nobody needs to rely on Cloudflare when they can use server-side solutions like Fail2ban (already mentioned). Other tools like iptables exist for more granular control over incoming traffic. There is no one-size-fits-all solution, so just pick the tool(s) that work for your situation. If your situation is so unique that no existing tool will work, you likely have the resources to write your own.
rvnx
It costs a lot of time and energy, especially for a music artist, for a website that has no private data and that is not sensitive. Cloudflare has specialized people who watch 24/7 and they provide free bandwidth, all of that for 0 USD
kmoser
I'm not arguing against using Cloudflare. I was responding to the assertion that we "need to collectively rely on Cloudflare" by pointing out that other options exist.
matteason
He mentions in an earlier blog post[0] that the audio files are behind Cloudflare already so if Cloudflare did its job so I think the actual bandwidth impact on the origin server should have been pretty limited. Hopefully he'd turned on the option to ignore the query string to avoid the cache being bypassed.

I run a similar audio-heavy site[1] that's reached the front page of HN, also behind Cloudflare - the traffic spiking to terabytes a day is a bit of a shock at first but if everything's configured properly CF works well

[0] https://mynoise.net/blog.php#landed

[1] https://ambiph.one

wdr1
myNoise uses Cloudflare.

myNoise is now running on a Virtual Private Server (VPS) hosted at One, with audio assets served via a CDN through Cloudflare ...
sleepybrett
I imagine something can be rigged with fail2ban as well.
mathiaspoint
You probably need to calm down a bit. Everyone who has any kind of service on the open internet sees this stuff in their logs all the time. Most of it is entirely automated. That's just how the internet works.
NilMostChill
It being common doesn't mean it's OK, it also doesn't mean people aren't allowed to be upset by it.

Casual racism and bigotry are common, "You probably need to calm down a bit" is dismissive and condescending.

luckylion
It being common doesn't make it OK, but it does make it not a personal attack.

Exploit scanners are common, they are not someone attacking you personally.

I'd be surprised if the mass download and the exploit scanner were even related. Much more likely they weren't and somebody just messed up some bot they were building and fetched everything in a loop.

It's annoying, yes, but it's not personal. Nobody is attacking him personally. Feeding into that understanding of the situation isn't helpful, just like you shouldn't encourage people who believe they are the victims of gang stalking because they've seen 5 red cars this morning.

NilMostChill
None of what i said had anything to do with the nature of the attack, personal or otherwise.

The author seems to be taking it a bit personally but they don't seem to be implying an attack targeted to them exclusively as much as an attack that they experienced personally but it could be either i suppose.

The blog post was, "this is a thing that happened, followed by another thing i think was related, i am upset, here is why"

Your response was "this is common, suck it up"

The post itself doesn't mention any sort of persecution or targeted attack.

What you said was dismissive and condescending, being technically correct about things that are unrelated doesn't negate that.

luckylion
A couple of days ago, someone (or some entity) tried to attack this website. They sent hundreds of thousands of requests, attempting to inject code into the site. [...] But then they changed strategy. They began downloading every single sound file, again and again.

The author definitely saw it as a targeted attack that, when it failed, caused the attacker to switch tactics to intentionally cause harm.

And it's not "this is common, suck it up", it's "this is common, it's not about you personally, nobody is out to get YOU". It's like when you first receive spam mails and didn't know what that was. It's easy to think it's just someone messing with you, trying to annoy you. But it's really not, it's lots of people sending out millions of messages, and some of those finding their way into your mailbox.

It helps classify what happens. It's a very different situation when your car has been keyed and you know that it happened to every car on your street (super likely to be random vandalism) vs that is happened to only your car (much more likely that somebody is out to get you). Your behavior changes in response to whether something is random vs intentional.

That's why it's important to help people understand when things aren't intentional (as in "they targeted _that_ website specifically" vs "they target all the sites, and today their scanner arrived at domains starting with myno"; of course they still intentionally ran that script).

NilMostChill
The author definitely saw it as a targeted attack that, when it failed, caused the attacker to switch tactics to intentionally cause harm.

Saying "someone or something" is generic and also accurate it doesn't explicitly imply a specific person or targeting, though I'll concede it could be interpreted that way.

As interesting a side conversation as this is it isn't my original point.

As i said in my original reply:

It being common doesn't mean it's OK, it also doesn't mean people aren't allowed to be upset by it.

"You probably need to calm down a bit" is dismissive and condescending.

It's entirely possible to explain context to someone without being dismissive of their feelings on the subject.

efilife
Casual racism and bigotry are common

Where?

NilMostChill
Ok, so lets assume you aren't just being sealioning.

We can start with the current popular shitshow, the USA.

Followed by Israel with the ongoing genocide (not me being hyperbolic , they have publicly stated multiple times that they trying to eradicate a race of people).

The generic rise of the far right (for a given definition of "right") nationalist parties in multiple countries, the Netherlands, Argentina, the UK just to name some easy ones.

The general shitshow with china and anyone that isn't towing the line (most recently notable is the uyghurs)

If we want something classic (but not as far away as it would seem), segregation, apartheid, native Americans, the aborigine, the native Canadians, india/pakistan.

That isn't even the casual bigotry, but if you want the more "casual" bigotries, TERFS, The "manospehere", piers morgan, andrew tate, systemic racial and demographic discrimination in law enforcement in many countries.

I'll even perpetrate some casual bigotry of my own and assume you are cis-het, 20-45, in what used to be called the middle class. I'd also go with male and "not in a minority of any significance" or you probably wouldn't be asking the question in the first place.

conradkay
Their website has been around for along time though, so they're probably very used to those automated requests. Even all the scrapers nowadays won't take up too much bandwidth so it's probably something dedicated.
lukas099
The fact that this is common is more reason to lament it, not less.
strogonoff
Recently I have had to live in a building with severe noise issues, and running appropriately EQed white noise on my speaker helped mask it and maintain at least some sanity and sleep. The mynoise app might not be the fanciest but it does exactly what it says without fail or frills, and works across devices. I don’t think I knew who made it when I bought it, but this story put a face on the app.

When someone attacks you, it is additionally traumatic in that it undermines your trust in people. In this way, it can breed trauma if it makes you become more defensive/distrustful and/or offensive/trust-violating to others. This is not an excuse to the attacker, but if I were asked how we can end this vicious circle I would probably say it’s about long-term mental health (across generations).

Hnrobert42
I had long-term noise issues with the tenant directly above me. Periodically complaining to the office got sympathy but little else.

Then I created a iOs shortcut that sent a templated email to my landlord each time I told Siri "Loud neighbors." I was surprised at the effectiveness of 3 - 4 emails a week. I suspect it is one thing to shoosh someone while ushering them out of your office. It's another to have to respond to an email every other day.

Of course, your situation may not be a amenable to this strategy. Either way, I feel you brother/sister, and I wish you peace and quiet.

davidee
I don't know if this is right time to share, but as someone who also had many noisy neighbours over the years, this made me laugh (if you haven't seen it): https://youtu.be/4IRB0sxw-YU

I also wish you all peace and quiet.

strogonoff
This is so good, thank you for the link. (My noise issue has no longer been human neighbour induced for the last two years, so I can now laugh about it.)
strogonoff
I appreciate your empathy.

I lived in a situation with a noisy tenant previously. It was loud bang noises of something falling in the middle of the night, with very thin floors. In my infinite wisdom I decided to move instead of sorting it out, and traded that at least potentially negotiable situation for an inflexible yearly tenancy contract on an apartment that cost 3x more to rent with what turned to be a noisy lift that building management could not care less about despite complaints. (Silver lining, at least noise EQs more easily to cover the constant rumble.)

theteapot
Noise pollution is yet another tax disproportionately shouldered by the poor.
HenryBemis
Yes!

I was "stuck" (someone dropped me off and someone else was supposed to pick me up, but they were late so..) on a highway/motorway in <country> (edit: I wrote it and then deleted it for privacy) some weeks back. The weather was great! Sun was shining, a cool 24 degrees, I was wearing my hoodie, it was windy. I got bored on waiting by the highway/motorway.

No village/coffee place anywhere near, so I decided to take a vertical small road and walk by a green field. And it was windy. And I could see the bushes and leaves from the trees swinging back and forth. And it was windy and very calming (to my soul) so I stood there gazing at the wonderful nature. And I was thinking, why the fuck do we live in cement boxes in cities? I could buy "a few sqm, build something with glass/brick/steel, no deep foundations, and smaller 25sqm "hut" as my office right next to the "house" and live next to a field and have a great life...

Anyway, my friend arrived, picked me up and we continued driving.

I was thinking that the cost of remote land/house/'office' would be 50% on the cost of a 100sqm flat in (most), with the pro of the calmness and the con of being alone in the middle of nowhere.

But there is always the option...

strogonoff
It makes intuitive sense and maybe is true in many places (I’m not in the US, for example), but some of the quietest flats I happened to have seen were in subsidized government housing or cost almost half of my rent. I simply did not luck out with one of those.

If you are in top N% then yes, you probably just do not have to worry about noise. However, at this point we are just arguing about the definition of “the poor”. If you mean anyone who lacks cash to forfeit the tenancy agreement like it was nothing, then yes.

iwassayinbourns
Pentester/bug bounty hunter here. I appreciate that this is frustrating for the owner to experience, but this reads like normal internet noise to me, or at worst someone fired up burp suite and hit go on a website. Many, many commercial tools run these sorts of attacks en masse by default, some SaaS companies even do it as a product. The entire internet is being scanned constantly and many of those scanners have automated collections of attacks run against websites when discovered. I’m not say it’s right, but it is the reality we live in. I wouldn’t be taking it personally.
doitformango
If a shark attacks you, it isn't personal, but it is traumatic.

Also, sharks weren't made by ethically-questionable hackers.

I don't see why you need to dismiss this person's legitimate trauma, seems awfully boorish of you to do so.

gblargg
I read it as the opposite, trying to help them process it as not something deeply malicious targeting them. I'm thankful of the times I took something deeply, then realized it was something else and had a change of heart. This is ultimately what trauma and processing is about: something blindsided you and your initial response is a large field of shock and avoidance, then slowly you process it until you have a practical approach to deal with the thing next time, so it doesn't blindside you again.
doitformango
That's a really good point. Now that you explain it, its not boorish but insightful. Thanks.
flkenosad
Also, sharks weren't made by ethically-questionable hackers.

You don't know that.

antod
Those are the ones have frickin lasers on their heads.
doitformango
I cannot argue with that.
orourke
Why would someone try to hurt this guy? This site is great.
ChrisMarshallNY
I have found that there are people who just want to watch the world burn. There are many reasons, but, at its most basic, hurt people hurt people.

That's something I like to keep in mind, when I'm reacting to someone being ... less than friendly ... By reacting badly, I then make it all right for them to justify doing it again, to someone else. I've found that I can defend myself, without becoming a foaming-at-the-mouth maniac. We can enforce our boundaries with water pistols, most of the time. We don't need nukes.

Everything is connected. This chap may be naive, but he's actually trying to set good connections in motion. I applaud that.

walls
I feel like a lot of people desperately want to make some kind of impact on the world. Something that causes some number of people to acknowledge their existence (or the effects of it).

It takes real effort to do that in a positive way with a society built around surfacing negativity.

heavyset_go
I think we need to recognize that there are people who genuinely get off on hurting others, and it really isn't any more interesting than that.
pksebben
I dunno, that reads a little too simple to me. People aren't magical black boxes of mysterious drives and unfathomable causes, they're components of a larger system and reflections of their environment.

Speaking as a reformed 'teen who wanted to watch the world burn', for some it isn't simple omnidirectional malice, but rather a deep and confusing sense that the world is out to get you (spoiler; in some ways it absolutely is) and an instinct to throw a haymaker just so you feel you didn't go down without a fight.

Once this kind of person begins investigating the causes of their discontent - I myself have come to the conclusion that outdated institutions and capitalism are prime suspects - you can do quite a bit more to focus down that energy on the deserving. If you're young and/or dumb enough to not know the difference between the mynoise guy and 'the system' it's almost a forgivable mistake.

That said, from a practical standpoint, yes. Some people just kinda suck real bad. The why isn't always going to get you closer to a cure.

ChrisMarshallNY
Most folks find that it’s a lot easier to tear down, than build up.

I’ve always really enjoyed building up, but it’s definitely not the easiest path.

I have managed to make a couple of mid-sized splashes, but many folks have no idea that I was behind them, which is fine with me.

teddyh
One wants to be loved, in lack thereof admired, in lack thereof feared, in lack thereof loathed and despised. One wants to instill some sort of emotion in people. The soul trembles before emptiness and desires contact at any price.

— From Doctor Glas (1905) by Hjalmar Söderberg

sircastor
I have found that there are people who just want to watch the world burn. There are many reasons, but, at its most basic, hurt people hurt people.

I'm not sure that it's even malicious. I think many hackers look at a website or a service as a game to play. They aren't thinking so far as the person that this action affects, just as far as "I wonder if I could get all the data off that site?" or something similar. And on top of that, some view the rate-limiting as a challenge.

I think it's the same thing that drives the excessive snark or cruelty in comments. They don't think of the person on the other end as a person, they think of them as an endpoint.

ChrisMarshallNY
You are correct about the way we dehumanize others on the Internet, but I think hackers have changed, quite a bit, since War Games.

Hacking, these days, isn’t just for the lulz. Hackers have a purpose, and that’s usually monetary or military (sometimes both).

Hacking crews, these days, run professional organizations that would make a lot of SV C-Suiters green with envy.

emmelaich
It's just possible that someone at some big AI company just pressed a button to add this to their collection of training material. And lazily or otherwise just hit the checkboxes for 'repeat' and 'forever'.
Aurornis
The article explains that it started as a hacking attempt with requests to inject code. It’s not a simple AI company scraper.
dewey
Without knowing more about it, this coulda also just be one of the uncountable amounts of automated scanners that are iterating the whole internet constantly trying to find wp-admin etc. type vulnerabilities.
bakugo
If all my years on the internet have taught me anything, it's that some people are just severely mentally unwell and will attempt to destroy anything they can get their hands on, purely because they can. Sometimes it's for attention, sometimes they just want to watch the world burn, but either way, asking "what did their target do to deserve it?" is pointless because the attacker likely never asked themselves that question either, and could very well just be a straight up sociopath.

As the internet grows, so grows the number of such people on it. In days gone, these people would've been rightly shunned from society, and their ability to cause harm to others was severely limited, unless they were willing to resort to more... extreme methods that would usually come with serious consequences. But the internet has given them a new outlet, a new way to ruin things for people from across the world that would've been far, far beyond their reach before, usually without any risk of punishment.

vachina
It’s not targeted. Having maintained a site, my experience is the internet is a wasteland of AI crawlers, script kiddies trying to turn every form into an amplification vector, or vulnerability probers.
muppetman
Right? I got his email too and man, I love what he does, I'm glad he's recovering from his illness etc. I've donated many times. But it's insane for him to think this was targeted. This was some bot/AI gone rogue. Or similar.

If someone wants to take you DOWN they will. And not by downloading a bunch of a files a heap.

Pine_Mushroom
Feel for the guy. I had a couple of long owned domains stolen recently. They were so low value to anyone but me though, it makes me wonder why someone would bother.
type0
Newly registered domains don't get the same recognition in search engines as older ones. That's why there's a market for stolen domains, the same is true for social media accounts
Pine_Mushroom
True enough. I had been pretty well established in my little niche too.
CamperBob2
Scary stuff. How'd the thefts occur, in your case?
Pine_Mushroom
Well it was partly my fault for letting a seperate domain expire: someone grabbed it up and started an email with my old address. That old email was the contact for the stolen domain-they seem to have used it to have the password reset, locking me out. I still have the phone I used for 2FA and Godaddy is supposedly investigating, but it's been months and I've pretty much given up hope. They email every 3 days to tell me they haven't got a chance to look into it yet...
smoll
sorry to hear that and i can absolutely relate to this feeling of losing something, of perhaps even being dragged into a game you never wanted to even play, where no one wins and everyone loses something.

the one silver lining is that it seems to have strengthened your resolve, to keep planting and keep building instead of just letting chaos and destruction stop you in your tracks. so in that way maybe you haven’t lost after all and maybe this isn’t even a bad thing, it helped clarify the things you find important in life and even inspire others (me included). thank you!

whoisyc
Universal connectivity was the internet’s biggest promise and it turned out to be its biggest flaw. It turns out if you allow literally anyone on this planet to walk up to your front door, you will end up with the world’s criminals, psychopaths, you know, the ones in a more civilized time would be driven out of town by townsfolk wielding pitchforks, all hanging out on your porch figuring out how to pick your lock, or just to spray paint your house for the lulz and cred.

Look around and you will see every piece of cybersecurity knowledge assumes your porch will be inhabited by bad actors and there is nothing to stop them, so you absolutely need to harden your server as if you are a bank. Have you ever lived somewhere you genuinely don’t need to lock your front door to feel safe? I have, it was amazing, and it depresses me to no end to see the polar opposite to be what is expected on the internet. We were promised a world of peace and unity and total freedom of information but instead we got the tyranny of the petty cyberdelinquent, with no way to enforce prosocial values as we ought to do in a sane society. “On the internet no one knows you are a dog” was a warning, but we would be in a much better world if it’s only dogs we have to share an internet with. When humans get low they can get way lower than the worst dogs ever born.

We are already seeing a Brazilification of the internet. Crime is rampant, so you live in a gated community with private security if you can afford it. On the internet the name of this private security operation is Cloudflare. I hate one private company becoming the de facto gatekeeper of the internet but I cannot blame any individual website (including the one in the article) for using Cloudflare. It’s the thin orange line between a somewhat usable service and getting knocked off the internet by smart fridges every other day because some kid somewhere on the planet got bored.

How will this end? I honestly don’t know.

wintermutestwin
The MyNoise app has tangibly improved my life. I use a white noise machine at home, but when I travel, MyNoise is my sleep companion and I particularly appreciate that I can set the EQ to block the particular noises that are likely to wake me.

Sorry to hear about the annoying hack…

StanislavPetrov
Agree completely and have been doing the same for years.

And what I find especially nice, when I'm on a spotty connection, is that once you load up your preferred noise it runs locally in your browser, so when your connection craps out it keeps playing seamlessly.

NBJack
I've loved this site since I first learned about it. In today's increasingly densified office spaces (in my area at least), this has been an even bigger help to me.

The latest app redesign has been fantastic.

It's worth a small donation just to get access to the huge library he built.

Note that the vast majority of his content is stuff he, personally, recorded on site, mixed, and sliced into equalizer bands. That includes an Irish coastline, an underground waterway, and several forests.

xyst
Poor guy probably got crawled by LLM bots. The "attacker" probably doesn’t know who this person is. Just a faceless corporation using his sound or white noise content to train and feed llm.

I get similar "attacks" on daily basis, but find out it’s just a bot crawling the certificate transparency logs. Inspecting site certificates, and it’s issued by Let’s Encrypt CAs. Script kiddies, at best, trying to pick off the low hanging fruit.

Hope he doesn’t take these "attacks" too personally going forward. Seems like a good guy overall, maybe too good for this world.

ykonstant
I, too, just keep going back to mynoise.net for ambient sounds. It just looks "right" for the task, and is clearly designed to get out of your way and let you choose the kind of sounds that you want. Amazing site, I highly recommend it.

The attacks are painful, I hope the creator can attract some competent help from here or elsewhere to mitigate this problem.

mnky9800n
This website is amazing. In love ambient sounds. It is a shame something like this happened. Glad he continues.
Procrastes
I'm a lifetime member and have enjoyed mynoise.net for many years. It's the best thing I've found for focus and distraction blocking. I have brain.fm, and YouTube music, but I keep coming back to his site because it's just better, more intentional, and more effective for me.
StanislavPetrov
This site is fantastic. Sending a donation. Keep up the good work!
madaxe_again
This is just how some people are.

A few years back someone set fire to our land and our home just to see what it would look like on fire.

Vast destruction, hundreds of hectares reduced to ash, wildlife displaced, us displaced, thousands of man-hours of firefighter time used, millions of euro of aviation costs for firefighting aircraft, years of rebuilding now behind us, years of restoring the land ahead of us.

The individuals concerned faced no consequences, as extradition was refused, and our insurer refused coverage as they don’t cover arson.

This is just the way things are. Some people just want to watch the world burn, and there’s nothing you can do about it.

orionblastar
I heard of this on other websites. AI chatbots are web scraping data off websites, and you have to use fail2ban to block them. People are learning how to teach AI Chatbots to hack websites as well. My website http://blastar.in/ was affected, and I don't host it; a friend runs it for me, but he doesn't respond to email.
squigz
I hope Stéphane doesn't let this sort of thing get to him too much - focus on the happy users of the site, learn to combat this sort of attack, and move on. Don't give these assholes any sort of attention.
Karawebnetwork
Stéphane, the creator of MyNoise, is an incredibly talented and kind individual who built something truly special. It's really unfortunate that things turned out this way.
stavros
Oh I downloaded and use the app but I didn't realise they had a whole site! This is great.
ddingus
Hacking never included thievery where I come from, nor did it condone doing harm by vandalism.

Seems to me, a vandal has learned how their less than worthy craft is done virtually.

adi_kurian
I am so sorry to hear this story, and I am so glad to have found this website!
FreeTrade
It's traumatic to be victim of malevolence. There's the injury, but it is the lack of a motivation which is disturbing - it's a loss of innocence.
acomjean
It does suck. Because it’s a reminder that they’re are jerks out there and hard to avoid. Especially on the web. It also must sting because he’s trying to be a good citizen.

We see this in abusive behavior towards open source maintainers. It saps their will. And 100 thanks < 1 savage attack.

About a year ago the site I worked on had a hacking attempt. I’m not sure why, it was a site that provided online genetic tools for researchers. We had no financials, or even logins. I felt bad in a similar way as when someone broke into my car years ago, or when I had a package go missing.

Move forward/ move on is how I handled it.

socalgal2
Just as a note to 100 thanks < 1 savage attack. I run several open source sites that collectively get 240k unique vistors per day. They've been running for > 10 years. I get less than 2 thanks a year. I'm not saying I deserve any or that I want them. Only providing data.

I also have 100+ open source projects on github. A few with ~1000 stars. Same thing, few if any thanks.

I wish there was some way to make it easier to thank. I'm just as guilty of not thanking all the open source projects I use except for the few I donate to.

It would still suck to get attacked but it would be motivating to get thanked as well.

bornfreddy
Just wanted to say that each of those stars is a small thank you from someone. At least I always gave them with this in mind, and I always assumed others did too.

I don't know which projects are yours, but a big thank you to you and everyone else who is helping others either through opensource or otherwise!

wizrrd
It's a normal situation in the current reality, easier to ignore and use a CDN like Cloudflare. AI scrapers, AI hacker - ignore it.
sneak
…people downloading a bunch of stuff from your website, even maliciously, is not a tenth of the tragedy this webpage seems to make it out to be.
m463
Nobody takes your peace, you give it away.
drdiamo
this is incredibly upsetting.

mynoise is one of the best things on the net.

johncole
I am really sorry this happened.