Hello,

Today I caught someone trying to break into our Support Forums and was terminated.

He was trying to access the 'admin' user account to take out the forum but the security module took him out before he got in.

Now I got the IP address and did a trace route back to the service provider... ... Seems that this person is "nice" enough to actually leave me an unfiltered, unmasked and traceable IP address :rolleyes:

Now I emailed the ISP that this user is on and of course got the general automated replies.

What should I do to this incident? Should I press charges for attempted disruption to my network? because the forums is a critical area where we provide services and support to our thousands of free hosting members.....

galacnet,

As with many service providers abuse reports do take some time to complete. You have taken the right steps so far, I would compile up the logs of the activity as well and have those handy as I am sure any good host would require logs of the activity before taking action against their client (be it an isp, or any service provider). I'd say give them 7-10 days to respond back to you (as most state they will give a response within that time frame) and if they have not responded at that point then seek further council and take further corrective actions.

-Justin

7-10 days way too long.

Bad host if cannot do it by next day.

and i always call to isp and make them work immediately :)
Usually, next day when that someone gets dropped of networks etc.

Sueing is all together another matter then again.

Yes I do have the email message given to me by my security module on the IP address and the user account that this perso attempted to break in.

I am sure its not a series of wrong passsword or wrong username entry because he was trying to login as "admin".....

Well these guys are in New York I think from the information on their website, I think I should wait for working hours before I give them a call.

I don't think pressing charges would really work out well, probably just a kid with nothing better to do. Send a report to the ISP, and then let them, if they decide to, do anything further.

How people love to try and take over someone else's IT property.

I logged into my cpanels main email account yesterday to find an email asking me to click the below link to reset my password.

Turns out that someone had tried to reset my root password for my entire redhat sys (Think it was one of 2 people recently "removed").

Lucky for me that they didn't succeed.

-Turboz

Yes I guess as much it would be some kid that I refused to host his IRC bot or 100GB site that is attacking me.

Its getting a pain in the neck to keep on doing these things... ...

IF you think its this kid have you got his contact email and does the domain match up at all to the ISP

Yes the traceroute shows its from this ISP