KVR Audio = A warning

[Ernest Meyer]

For others who may have found KVR Audio, I feel obligated to give a warning, because of a coincidental failure of the maxforlive.com server today in a pattern similar to my previous experience.

Quite a number of referrals from the KVR site have attempted to cyberdestroy my server. In the last month, I mounted a new website with much deeper cyber protection, and feeling safe, I posted about it on KVR Audio, because since I started in this business it took over musicdsp.org. Anonymous members there who would never have been tolerated on the original musicdsp.org lists criticized my integrity and claimed my work as their own with hostility. When I defended myself, the forum administrator banned me. Within a few hours cyber attacks from the KVR website resumed.

So rather than use KVR's service, I have mounted a forum on my own server. Today the owner of the KVR forum, or at least a person from the same location in sheffield UK, visited my new forums. Within a few minutes after that visit, the Maxforlive.com server went down, apparently due to a DoS attack similar to that which my site receives on a regular basis.

It may have a total coincidence, but my experience provides good reason to believe the KVR Audio administrators are thermselves or allied with cybercriminals who are intentionally sabotaging websites of audio nature, so that more people are forced to use the KVR service.

This may explain the fact there are almost no generic forum alternatives about audio design left on the web at all, and the large number of vendors who have put forums on KVR. There are only a few proprietary community websites from other vendors left. Most audio developers certainly dont have the Webserver experience I do, and wouldnt be able to put the effort into protecting their web pages from cyber attacks. Thankfully I was one of the original Web developers, for example documenting HTML 3.2 from Netscape, and I worked for Yahoo a long time ago too. So I dont have all the modern sophistications of Google, but I believe I do have enough background experience and integrity to justify sharing this warning.

[ohigetbywithalittlehelpfrommyfriends]

.
.
.







.











.


































.




















.


















.



























.










.




































































































.

[Ernest Meyer]

I hope I dont have more to say. I have been creating blacklists to block access from anyone I know is nasty for the last year. As they receive 'access forbidden' messages with 403 HTTP errors, I can't easily know how much they are still trying to break into my server without going into enormous logfiles.

As a simple test, though, I deliberately left a hole in the firewall for a bit, last week. And there was an attempt to hack the server from one of the baltic nations, I cant remember which, within 15 minutes, from an IP address I had caught 3 months ago. So I know that person must have been pinging my server to try and hack it at least four times an hour, for the last three months.

There is another thread on this topic on my own forums:

http://www.yofiel.com/forum/software-de ... nd-pirates

Thanks for the encouragement )

[Angstrom]

Surely you know that anyone attacking a server tends to be from a widely distributed botnet. What sort of attacks are you seeing? SSH login attempts?injection attempts? DNS or buffer overflow attempts? In my experience these source IPs tend to be widely distributed geographically. No experienced attacker would be using a single IP.

I would suggest that its probably coincidence. I spend most days tinkering to dissuade sinister bots targetting one of my servers. The reason they attack this server of mine so hard ? - The IP address of that server used to be associated with a weird old profitable site, so they think that its the same server, full of credit card data. It isn't. I dont even own that site. I could take it personally, but frankly thats just the modern world of servers. One day your server will wind up on a list and a botnet will have a go at it. The IP address you noted is probably just an old compromised box sat in the corner of an accountants office.

[eyeknow]

Meh, considering cprezzzzzzz and my experiences here, I'll take my chance with kvr any day

Computers are a mess.

[Ernest Meyer]

Well, the most astonishing cyberattack I am getting was definitely not from KVR. It was an attempt to login as administrator about 100 times an hour, which changed to a server in a different country about once every 20 hours. I know it continued for over a month. It is totally astounding to me that anyone in an international hacking ring would waste so much computer time trying to hack a server that is only providing freepublic downloads of audio software and hasnt got anything to steal.

[TomViolenz]

Well, the most astonishing cyberattack I am getting was definitely not from KVR. It was an attempt to login as administrator about 100 times an hour, which changed to a server in a different country about once every 20 hours. I know it continued for over a month. It is totally astounding to me that anyone in an international hacking ring would waste so much computer time trying to hack a server that is only providing freepublic downloads of audio software and hasnt got anything to steal.

Maybe they thought they could change your files for malware to infect the users?!

[Ernest Meyer]

maybe. And maybe I am just too old. When I started in this business, UNIX was free and anyone could write in it, no one tried to sabotage anyone else, and everyone said 'thank you' when they used something you made. Now it seems we should expect being attacked whatever we are doing, and less than one in a thousand people who download my software ever say anything at all. Maybe Im just too old and I went to the wrong college. I went to Oxford, and I was offered an exchange semester at Berkeley. When I asked about it, I was warned not to leave my papers unattended in a classroom or library, because other students steal them just to destroy then and get a better grade. I guess thats how things work in the modern world. I chose not to go to Berkeley.

[mcnelson]

It may have a total coincidence, but my experience provides good reason to believe the KVR Audio administrators are themselves or allied with cybercriminals who are intentionally sabotaging websites of audio nature, so that more people are forced to use the KVR service.

Considering the density of developers relying on the site, not to mention the advertising $$$, do you honestly believe your accusation has any credibility? You're basically accusing KVR of being criminal, or criminal association, because someone from Sheffield visited your new forum and an attack on maxforlive.com followed?

Do you even know who owns KVR?
http://www.kvraudio.com/aboutkvr.php

I visit KVR but it's not my "be all and end all"; nonetheless, I'd quit the inflammatory accusations until you have some PROOF.

[Ernest Meyer]

Well, its not intended as an accusation, although its difficult for it not to come across as an accusation to a negative mind. It's intended as a warning to others of like spirit to me who wish to share public work that they could be harassed and intimidated there.

On the other had, a person on the KVR forums, I know not who it is, did a search on my public records for criminal activity and all Websites for my history, then accused me of lying on my resume. For no reason at all except to demean my public work. Maybe he was at Berkeley as per my previous post or something.

After that, recently I had the collateral experience of cyber attacks after writing again on public forums, and observed the same appear to happen to someone else. I contacted an advertizing person for KVR and their IP was in Sheffield. That's all I know. So as I say, I deduce from my experience it is likely to be a person associated with KVR with whom KVR denies association, and as there is no public alternative to KVR that isnt proprietary to aspecific vendor for sharing thoughts about audio, the pattern of actions I have observed is suspicious, and I wonder if others have had similar bad experiences.

[Ernest Meyer]

I should add, after contacting the advertising representative statuing I intend to advertize, my recent posts were reinstated, for which I am actually grateful. If I had not been cyber attacked by referrers from KVR, I would advertize on KVR and use their forum service. But I concur with the person observed above. They are very hesitant in taking any action against those who are spreading viruses and support members of long standing there who at least make hostile verbal attacks, and they do not appear to have any interest in blocking users who are making cyber attacks on other sites. I want to add, Native Instruments was on the other hand very cooperative on that problem. So it appears it is alot easier for me to mount my own forum than host it on theirs.

[Ernest Meyer]

Now, reviewing my server logs today, it appears that, since the time I stated that I am not selling any audio products now, all attempts to hack my server have stopped.

[sxa]

Just so noone takes what Ernest is claiming at face value, here are some facts to repudiate certain assertions he's made.

Anonymous members there who would never have been tolerated on the original musicdsp.org lists criticized my integrity and claimed my work as their own with hostility. When I defended myself, the forum administrator banned me.

For the factual record, Ernest (under his account name 'HeavensOnEarth') was banned from KVR in 2013, following the threads which resulted from his decision to refuse to withdraw support to his paying customers.

As is KVR practice, when Ernest was found to have rejoined KVR under a new account in late 2014, that account was also banned.

Today the owner of the KVR forum, or at least a person from the same location in sheffield UK, visited my new forums.

KVRaudio is owned by one Chris Halaby, in Menlo Park, California, as anyone with the ability to do a whois search on the domain can verify. The previous owner was the company Muse Research, also from the USA, who acquired it in 2003.
The original creator of KVRaudio, from 2000 to 2003, Ben Turl, -was- based in the UK, but not Sheffield.

The kvraudio.com forum is hosted in the US, not Sheffield.


Someone with the technical ability Ernest claims should have been to confirm these alleged facts before posting them. A simple whois, or geolocation search on the kvraudio.com server IP address is all that would have been required.

It may have a total coincidence, but my experience provides good reason to believe the KVR Audio administrators are thermselves or allied with cybercriminals who are intentionally sabotaging websites of audio nature, so that more people are forced to use the KVR service.

This may explain the fact there are almost no generic forum alternatives about audio design left on the web at all, and the large number of vendors who have put forums on KVR. There are only a few proprietary community websites from other vendors left. Most audio developers certainly dont have the Webserver experience I do, and wouldnt be able to put the effort into protecting their web pages from cyber attacks. Thankfully I was one of the original Web developers, for example documenting HTML 3.2 from Netscape, and I worked for Yahoo a long time ago too. So I dont have all the modern sophistications of Google, but I believe I do have enough background experience and integrity to justify sharing this warning.

You can draw your own conclusions about the relevance of his experience from his failure to determine accurate information about KVR, and his seeming ignorance of why and how botnet based server attacks actually occur in the real world.
OTOH, if you feel that Ernest's claims of his place of education and former employment trump researchable facts, then feel free to buy into his conspiracy theory.

edit : as Ive never actually posted in the Ableton forum before, Im clearly going to be accused of being involved in the 'conspiracy', so feel free to take my post with the requisite pinch of salt and check the facts yourself.

[Ernest Meyer]

I did not refuse to support paying customers. I wanted $10 for an upgrade and refused to distribute old versions of my Reaktor ensembles that only worked on versions of Reaktor that had been hacked. And Native Instruments was very supportive of that choice. KVR members, on the other hand, incriminated me for it.

[sxa]

I did not refuse to support paying customers. I wanted $10 for an upgrade and refused to distribute old versions of my Reaktor ensembles that only worked on versions of Reaktor that had been hacked. And Native Instruments was very supportive of that choice. KVR members, on the other hand, incriminated me for it.

Im merely commenting approximately as to the nature of the threads which got you banned at KVR, Im not attempting to summarise the entire thread.
Please let me know which of the following is incorrect and I'll modify my post accordingly

1) You were banned from KVR in 2013?
2) The ban did stem from threads about your legacy products?
3) You were telling paid customers they could no longer access legacy products they had paid for?
4) You did return to KVR despite that ban, and got banned again?