Page 1 of 2 12 LastLast
Results 1 to 40 of 59
  1. #1

    Hosting A Hacker - What to do?

    I am in deep need of your opinions on this matter.

    A couple days ago, by another one of my clients, I found out a client that I host is a hacker. Not a kiddie-hacker, but from what I've heard, this guy is the real thing. He knows what he's doing. I've already gotten complaints to take action against him. This is where my problem starts.

    What would you do? Terminating their account could only lead to more problems..and even a potential hacking of my host, but if nothing is done, I'm hosting a hacker. To terminate..not to terminate...

    What are your opinions?

  2. #2
    Terminate immediately.

    Most likely the type of site he is operating, as well as it being on your service clearly puts you in violation of your own datacenters Terms of Service.
    I
    Better to dispose of his site then to lose your datacenter.
    - Tim

  3. #3
    Join Date
    Jul 2003
    Location
    Goleta, CA
    Posts
    5,550
    Gather evidence and walk away slowly.
    Patron: I'd like my free lunch please.
    Cafe Manager: Free lunch? Did you read the fine print stating it was an April Fool's joke.
    Patron: I read the same way I listen, I ignore the parts I don't agree with. I'm suing you for false advertising.
    Cafe Owner: Is our lawyer still working pro bono?

  4. #4
    Join Date
    Apr 2002
    Location
    USA
    Posts
    5,779
    Has he broken your TOS or done anything to get his site terminated other than what you have heard about him?

    One option is to hire him as your security advisor. No one better than a real hacker to show you how to harden your security.

    If he has mis-used your server then you have no choice, back your server up to an off site backup and tighten your security up as tight as you can then tar his site up and explian what he has done to break your TOS and give him his tar ball as you ask him to leave. Try to do it nice and with an open dialog.

  5. #5
    Join Date
    Oct 2001
    Location
    Ohio
    Posts
    8,299
    Is he doing anything illegal on the webspace you provide him?

  6. #6
    His site are forums, from what I can see, there is nothing illegal about it, though. From what I've heard, he uses his own server to do his work, nothing illegal goes on in our servers.

  7. #7
    Join Date
    Dec 2002
    Location
    chica go go
    Posts
    11,858
    gather evidence, suspend his account, take data which was submitted with his order of your service, and contact his local authorities.

  8. #8
    Join Date
    Jun 2003
    Location
    Texas
    Posts
    1,957
    Get all the information about him as you can get. verify his phone number address and then terminate the account if he is doing illegal activities on your server. Do not let hom hold you hostage. Breaking into a server is illegal and you should take every step into making sure he is not doing anything.

    I would contact the authorities if you have the proof of what he is doing. remember try to get rid of him as nice as you can. If he gives you any trouble just let him know you have all the information you need to take action against him.

    I would not even think about keeping him on. You are running a risk. keep an eye on your servers .

    Good luck bud!

  9. #9
    Join Date
    Apr 2004
    Location
    Australia
    Posts
    8
    I dont see what your problem is, he doesn't seem to be doing anything hacking related, so he's a hacker you cant just walk up to a police station and say im hosting a hacker and arrest him, it wount work, for all you know he could just be a plain old Security Consultant.

  10. #10
    Join Date
    Apr 2002
    Location
    USA
    Posts
    5,779
    Originally posted by dinc
    His site are forums, from what I can see, there is nothing illegal about it, though. From what I've heard, he uses his own server to do his work, nothing illegal goes on in our servers.
    If there is nothing on his forums that is wrong and he has not done anything from your server then why are you going to terminate his account?
    What kind of proof do you have that he is a hacker?

    You are going to have to give out a lot more info if you want a decent opinion.
    So far alll you have given is you heard he is a hacker but he has done nothing wrong.

    Not much to go on.

  11. #11
    Logs from the peoples he's hacked, I've seem AIM logs with people he's hacked. Actually, a lot of my clients have heard about him and his hackings.

    I know the things that I've listed as 'evidence' could all be spoofed, I don't have any hard evidence that he's a hacker, though.

    But, no, I've looked through everything. He's doing nothing illegal on our servers.

  12. #12
    Join Date
    Apr 2002
    Location
    USA
    Posts
    5,779
    Then you have nothing to stand on and are best leave him alone.

  13. #13
    Then, what to say to the people that have emailed me and have asked to take some sort of action?

  14. #14
    Join Date
    Nov 2003
    Location
    Florence, KY
    Posts
    604
    I hope he doesn't have shell access?

    Justin

    [edit]and if he does TAKE IT AWAY IMMEDIATELY[/edit]

  15. #15
    Join Date
    Apr 2004
    Location
    Australia
    Posts
    8
    You would cause more damage if you terminated his account.

    Plus also there could be legal problems.

  16. #16
    Join Date
    Apr 2002
    Location
    USA
    Posts
    5,779
    Explain to them that he has done nothing from your servers and has not broken any part of your TOS and if they have a problem with him they should take action with their local law enforcement.
    You are a host not the internet police.

  17. #17
    Join Date
    Apr 2004
    Posts
    338
    Nothing you can do. If I were not doing anything illegal and you suspended my account because of AIM logs. Id be a little pissed. Id leave it alone. Might contact the person(s) involved to get their side of the story. IM logs are worthless...not very credible in courts either.

  18. #18
    Join Date
    Sep 2003
    Posts
    169
    Why in the world would you think terminate his acct just because his a "hacker"? I dont see any reason why you should, since you said yourself he is just hosting forums on your server and you see nothing wrong with it.

    the suggestion of him being a security consultant is a good idea, but i think if he just wants to host forums with your business, you should leave it at that and treat him like a normal client. Up until he/she does something that breaks your TOS then you can terminate.

    Its a very bad idea to terminate his acct all of a sudden if he knows he didnt do anything wrong.

  19. #19
    Join Date
    Aug 2003
    Location
    Pittsburgh
    Posts
    3,479
    Originally posted by Techark
    You are a host not the internet police.
    Can I quote you on that Techark? I agree completely: he hasn't violated your TOS or done anything to you. You have no evidence whatsoever to suspend/terminate his account.

  20. #20
    Join Date
    Apr 2003
    Location
    Atlanta, Jawja
    Posts
    3,066
    If your server isn't already updated and hardened, security wise, I would do that immediately. Contact a server management company (I am using Rob/Ronny from Acunett, www.acunett.com ), they have more than paid for themselves in the two days I've already had them working on my server (as a matter of fact, they're going to find a nice little bonus with next month's payment).
    Douglas Hazard - Certifiable Sports Junkie and Sports Community Enthusiast

    Host of Two Cents Radio - Follow @TwoCentsRadio on Twitter (@BearlyDoug on Twitter)

  21. #21
    Join Date
    Sep 2002
    Location
    Western Canada
    Posts
    1,888
    Originally posted by Fox-K
    You would cause more damage if you terminated his account.
    Are you saying the host should cower in fear because they allegedly host a hacker?

  22. #22
    Join Date
    Jul 2003
    Location
    Goleta, CA
    Posts
    5,550
    No it's wrong to terminate an account that isn't violating any of your rules even if people have complaints about them. It's not your job to handle that. I would hardly call that cowering in fear. In fact immediately terminating the account would be cowering in fear.
    Patron: I'd like my free lunch please.
    Cafe Manager: Free lunch? Did you read the fine print stating it was an April Fool's joke.
    Patron: I read the same way I listen, I ignore the parts I don't agree with. I'm suing you for false advertising.
    Cafe Owner: Is our lawyer still working pro bono?

  23. #23
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,109
    Originally posted by dinc
    Logs from the peoples he's hacked, I've seem AIM logs with people he's hacked. Actually, a lot of my clients have heard about him and his hackings.

    I know the things that I've listed as 'evidence' could all be spoofed, I don't have any hard evidence that he's a hacker, though.

    But, no, I've looked through everything. He's doing nothing illegal on our servers.
    What exactly, do these logs show and can any IPs be traced back to your Server/their account?

    If you feel that doing forensic checking on your Server is beyond you at the moment, hire a very good Security person to do it for you. Unless your TOS have been broken, repeated many times already, or some hard evidence from your own Server logs can be obtained, then you do not have much of anything to go on.

    One way or another though, you have to put this to rest -- for your own peace of mind if nothing else.
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

  24. #24
    Join Date
    Dec 2002
    Location
    chica go go
    Posts
    11,858
    Examine the mysql database that his powering his forums, there could be hidden discussion regarding what he is doing.

    You might also want to hire a professional security firm to study your server, and your server logs to determine weather or not he is actually hacking from/to your server.

    AIM logs aren't going to hold up in any court unless they are presented by aol.

  25. #25
    No reason to be scared, just make sure you are secure. Most likely he/she is not going to do anything, he/she has no reason to. Plus "Hearing" is not on grounds to terminate a clients account.

    Best of luck
    FastServerManagement
    Powerful CPanel Server Management
    [email protected] 1-877-898-1423

  26. #26
    Join Date
    Apr 2004
    Location
    Australia
    Posts
    8
    Originally posted by westcan
    Are you saying the host should cower in fear because they allegedly host a hacker?
    No, but your Hosting business can get a bad rep by terminating an account for no apparent reason.

    I would personly be a little flatered if a hacker got hosting from me, could mean you got pretty good security.

  27. #27
    It seems to me that if he hasn't done anything wrong, you would have no reason to cancle his account. I host many hacking websites and I've never once had a problem. Most of these sites are information based forums with valuable security information, that I myself visit to get a heads up on any new exploits and what not.
    Download my eBook + Videos: Starting your own successful web hosting company.
    Learn from a web host with 7 years of experience.

  28. #28
    Join Date
    Nov 2001
    Location
    Atlanta, GA
    Posts
    632
    Originally posted by Fox-K
    I would personly be a little flatered if a hacker got hosting from me, could mean you got pretty good security.
    Good way to look on the bright side of things

    Seriously though, I would not terminate his account if he's not using it for any of his illegal purposes. God knows I could be hosting drug dealers, terrorists, and thieves, but it's not my responsibility to manage what my customers do outside of the domain of hosting. Like Techark said, you aren't the internet police and if your other customers are having that much of a problem, help them with contacting the local police authorities. Look up the phone number of the police (not 911 ), get them FBI numbers. If you have an anywhere decent privacy policy, you shouldn't be giving out addresses and phone numbers, but at least point them at someone who can do something for them
    Former owner of A Small Orange
    New owner of <COMING SOON>

  29. #29
    Join Date
    Sep 2002
    Location
    Western Canada
    Posts
    1,888
    Originally posted by Fox-K
    No, but your Hosting business can get a bad rep by terminating an account for no apparent reason.
    Ah, I though you were referring to some sort of retaliation.


  30. #30
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    4,695
    Amazing, i can't believe that half the people who posted here would terminate somebodys account just on the basis of what they heard from somebody else.

    Other hosts take note, if you want to put these guys out of business just ring them up and tell them all their clients are hackers.

  31. #31
    My Reply May Not/May Matter, But here's what I do.
    1) Before even doing anything, See if he's violated your terms of services/agreement.
    2) If he hasn't - Reply to the complainers that you can't do anything
    3) IF he has - You may consider about taking actions and maybe legal actions such as FBI ect.
    Just a thought

  32. #32
    Join Date
    May 2003
    Posts
    598
    Guilty until proven innocent. I could complain that the guy who posted above me is a world famous hacker who stole my llama, but until you have evidence that he is doing (or hosting discussion about) these illegal activities on your server, let him be.

    My opinion.

  33. #33
    Greetings:

    What does your TOS state?

    Have you confirmed the complaints?

    If your TOS states anything dealing with hacking et all results in termation; and you've confirmed enough for you to feel confident the entity is a hacker, then terminate per your TOS.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  34. #34
    Join Date
    Feb 2002
    Location
    Australia
    Posts
    24,009
    Originally posted by dinc
    His site are forums, from what I can see, there is nothing illegal about it, though. From what I've heard, he uses his own server to do his work, nothing illegal goes on in our servers.
    If he's done nothing illegal or anything that has broken your TOS, on your server, then just leave him alone.
    AussieHost.com Aussie Bob, host since 2001
    Host Multiple Domains on Fast Australian Servers!!

  35. #35
    Join Date
    Apr 2004
    Location
    Button Moon
    Posts
    491
    what i would do, if he hasnt broken your TOS, i would email the people who are complain to you saying something like this;

    customer x has not volated the TOS and so i cannot terminate his account, we are now monitoring his activities on our server though. if you have evidance of his hacking activities please go to nipc.gov/sites/ipcis/cyberform.htm and fill out the form which will be sent to the FBI internet crimes department. please note that this is a very serious matter so please make sure you are 100% sure before filling out the form

    [email protected]

    (i cant post urls so it needs a www infront of that addy)

    hope that helps

  36. #36
    OMG, I speed on my way to work in my car, but because a friend of mine told the company I work for, they will no longer let me drive their work truck. I never speed using the work truck, nor have I ever gotten a ticket.

    Now how silly does that sound? He's done nothing, leave him alone until you have logs that he's used your server for his "play time".

  37. #37
    Okay, thanks for all your opinions/advice. I've talked with my client, and have told him that as long as he does not perform any illegal actions or break any violations in our TOS, we won't terminate him.

    I also sent a reply to the emailer stating that I do not have proper grounds to terminate his account, as he has done nothing wrong on our servers. But, we will moniter his account closely.

    Thanks again! I feel really relieved now.

  38. #38
    Join Date
    Apr 2004
    Posts
    96
    oh come on, maybe he is just a computer geek, any good programmer can be a hacker and vise versa.

    If he hasn't done anything then you shouldn't do anything other then tightening your security a bit.

    Just wondeing, how do your other clients know about him? and how many emails have you got?

    From what I see, your clients don't think you have a good network, now that there is a hacker, they are in danger!

    hey lets have some fun, 123.com owner is a hacker! we can ask their hosting to terminate the account.

  39. #39
    Join Date
    Dec 2000
    Location
    The Woodlands, Tx
    Posts
    5,962
    LOL.....you know, even a hacker doesnt know everything. The only difference between a Hacker and a good system administrator is what side he's on. The word "hacker" has gotten a bad rep, they arent all bad, most arent. It's the kiddie scripter wannabe hackers who gave them that bad name too.

    The "real" thing doesnt give a damn about your system. They go after multi-billion dollar companies and government top security centers. They just need a place online somewhere to call home, an account on your server may be that, and he's not going to set fire to his own home.

    My first server, I was hosting a hacker. He got lax and started hosting some illegal stuff. I removed his account. He come back with all kinds of threats of how he was going to shred my system, I said "go for it". He come back apologizinf and said my system was like a virtual Fort Knox, impossible to get in from the outside. Of course, that was before control panels and everything else users want. I know many holes these days where they could cause minor damage, but still nothing major. All it takes to be a hacker is to stay on top of security releases every day. Let other people find the holes, and exploit them before most of the industry knows about them....it's happened to me before because I didnt stay on top of security releases. (all sites were defaced via dns redirect....but was a simple fix and secure up)

    Dont panic just cuz you hear the word "hacker" LOL. As for those logs....the "real" thing erases logs anyway..

  40. #40
    Join Date
    Aug 2003
    Posts
    2,734
    If he is doing nothing wrong on your server you should leave it

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •