How to deal with spammers/hackers?

Adam · 20-06-2005 6:15pm #1

In the last 2/3 days i've had a site spammed and hacked(by hacked i mean they managed to guess the password, they are teh1337!!), and changed it and the email contacts. They then went on to post adult material with heads from pictures on the site photoshopped onto them and basically took the p1ss.

The problem is what to do with these idiots?! The site has been reported to the webhosting authorities(yesterday and still no reply) but what will that actually do to help? Knowing the culprits(but not knowing they're surnames/addresses means we cant properly report them), makes everything all the more frustrating.

I would post a link but as stated the site contains adult material, but for those of you interested the host is freewebs.com and the band name is dead effect, from there i'm sure you can gather the url.

Any suggestions/muscle for hire??

Regards,

ftg

Binomate · 20-06-2005 6:32pm

OWNED!

I supose you'll just have to wait untill the webmasters close your account down, then just register a new account and name and shame them.

dlofnep · 20-06-2005 6:36pm

It's highly unlikely they guessed the password. Either the script you are using is flawed and they used some sort of SQL injection attack or something similiar to escalate their privileges or they used a dictionary attack to pretty much throw everything but the kitchen sink at the login.

Remove the default admin account if you have the ability to and change it to something only you know. Make sure the password is alpha-numeric and is at least 6-8 characters long. Make sure it doesn't include a word from a dictionary - Use completely random letters and numbers.

If the script is flawed or if you are not sure, search securityfocus.com's bugtraq and see if the script you are using is flawed. They are pretty up to date on their bugs database. The fix is usually mentioned also on there.

This should help you. Btw, you'd probably get a better response in the Security forum than you would here.

Adam · 20-06-2005 6:48pm

No really, they're not smart enough for any of that, they wouldnt know script if it slapped them in the face! The password was simply the same as the sign in, stupid I know but it wasn't me who made that smart move.They're transition years from my school, which i left at the end of this year. Now getting random phone calls from them, how can i deal with the phone calls? Do Meteor provide a call trace or anything of the sort? I'm sure they've broken several laws at this point!

Gone West · 20-06-2005 6:52pm

public beatings is the only known cure for these "1337 haxx0rz"

Adam · 20-06-2005 6:55pm

Tell me about it. I swear if i find them beatings will be the order of the day. Until then, whats the best/most effective manner of reporting them?

FX Meister · 20-06-2005 6:55pm

Ha ha, it's your own fault you sap. Just forget that site and buy a proper .com address. The less you threaten them then the less of a buzz they get out of it. Just ignore them.

I really can't believe you threatened to call their mothers. Actually, you can use this. Call their moms and tell them that you have had sex with their son but now he won't return your calls and you just wanted to let her know what way her son swings.

dlofnep · 20-06-2005 7:02pm

Same password as the login, LOL. Says it all, best of luck with that.

Adam · 20-06-2005 7:03pm

Quite frankly I couldn't care less what you think. If you're not going to contribute to the thread in referance to my queries then please remove yourself altogether!

Binomate · 20-06-2005 7:09pm

lol at dead effect 2. I might try out those numbers tonight.

joe. · 20-06-2005 7:09pm

Ha Ha

is_that_so · 20-06-2005 7:17pm

Ignore the kids and scrub the site. Learn the lesson from it and concentrate on making your site more secure.
I'd look at what the user login can do.
Drop the admin login facility to the website. Not wise on a server you have no real control over and I can't see why that should be exposed to the open world. Surely the host server has a facility for you to administer your site.
If not, as others have suggested splash the cash and get a .com or whatever and a hosted environment you have real control over.

Adam · 20-06-2005 7:24pm

Problem is we cant scrub the site as the changed the original email contacts so its as though they set up the site now and it will just remain there til its removed, if its removed. Any more computer literate among us who might be capable of altering the site for us it would be grately appreciated... *wink wink*

Adam · 20-06-2005 8:17pm

Right we've regained control of the forum, hopefully the site is soon to follow. But what we need now is a way to block IP's from posting, as these idiots refuse to leave it alone and keep creating new users and posting new threads as fast as they can churn them out! Anybody any help?

Capt'n Midnight · 20-06-2005 8:31pm

They could use a dial up account to bypass the IP block.
If it's only from the school you could ask then to block access to your site on thier firewall. Also since they are under-age not sure what you can do, at a guess you may have had a Welcome message on the site rather than a Warning, and that defense has worked in the past.

You were lucky that it's only a bunch of kids, could have been anyone on the net, could have been changed to a kiddieporn site.

BTW: if you want technical help it might help to give technical details like what software you are using :rolleyes:
The people hosting the site might be able to block IP's. Settings to block IP's depend on the control you have over the scripting on the site and the software used etc.

You could use confirmation emails when people register - it's not exactly a new idea.

Trojan · 21-06-2005 10:50am

Moved. I'm not certain which is the most appropriate forum in Comp, but it's certainly not AH.

rsynnott · 21-06-2005 12:08pm

fade_to_grey wrote:

Quite frankly I couldn't care less what you think. If you're not going to contribute to the thread in referance to my queries then please remove yourself altogether!

No need to get upset; if you do something silly and admit it in public, people are allowed talk about it

Just consider it a lesson learned, really.

GoneShootin · 21-06-2005 12:22pm

fade_to_grey wrote:

Quite frankly I couldn't care less what you think. If you're not going to contribute to the thread in referance to my queries then please remove yourself altogether!

I think he contributed a great deal in his first post earlier in the thread. He cant help the fact that you were stupid enough to use such a poor password. You deserve everything you get, you might learn from it.

mneylon · 21-06-2005 1:16pm

Unless you are using a very weak password it is far more likely that it was an exploit of some kind.

Serbian · 21-06-2005 1:22pm

blacknight wrote:

Unless you are using a very weak password it is far more likely that it was an exploit of some kind.

The fact that he knows the people though means it could have been a bit of 'social engineering'.

rsynnott · 21-06-2005 2:47pm

No, he already said how they found out; the username was THE SAME AS THE PASSWORD.

GoneShootin · 21-06-2005 3:09pm

fade_to_grey wrote:

The password was simply the same as the sign in

^^ !!

How to deal with spammers/hackers?

Comments