Results 1 to 14 of 14
  1. #1

    where to report hack try?

    well someon from italy is trying to hack our server by my_gallery module in php-nuke

    we have detected him and stopped + blocked ip on firewall

    and my question is:

    where can i report him? i already sent mail to his isp - it was italy adsl ip.

    what else can i do to make him suffer

    i dont think its possible to sue him - or its possible?

    he could kill the server if he would root it - so i want to take him down with everything i can - i will not let him go with this try.
    Pro-net-hosting.com - www.pro-net-hosting.com
    Pro hosting solutions since april 2003.

  2. #2
    Join Date
    Mar 2004
    Location
    Vancouver Island, BC
    Posts
    173
    Don't bother, you won't get that far at all. Over the years I've learned that contacting the authorities over hack attempts is a waste of time as they really don't care unless you are losing a huge sum over the incident, for the FBI it's $5k minimum loss before they'd even bother looking.

    I'm in Canada, I contacted our local RCMP detachment after we kept getting the fraudulent signups from Malaysia, etc. using stolen credit card numbers. I spoke to some office clerk who said she would forward my info to an officer and thety'd call me, I never heard a thing after two attempts even though we could surely help nab some of these international crime rings.

    Nowadays I just block at firewall and move on. Just make sure everything is kept up to date and minimize any routes the hackers can take to get into the system.

    There's also a good chance the IP hitting you was a trojaned system anyway and likely not the true location of the culprit.
    Dynanet Network Services - 206-607-9075
    We Do Hosting - Established May 2001
    http://www.dynanet.ca/

  3. #3
    It'd be nice if internet crime was easily punishable, but as Dynanet explained the costs of researching and tracking down criminals are just too high, so unless you have been substantially hurt there isn't much point in going after them.

    Hacking attempts are just a way of life on the internet, that's why you have to take all the security measures possible, because you can't simply rely on the law to project you if something goes wrong.
    A Collection of Web Hosts
    Small biographies on hosts, uptime reports and some reviews
    Feel free to add your review or add a host that isn't on the list.

  4. #4
    Join Date
    Aug 2002
    Location
    London, UK
    Posts
    9,037
    You will see hack attempts on daily basis. Its part of being a web host.
    Matt Wallis
    United Communications Limited
    High Performance Shared & Reseller | Managed VPS Cloud | Managed Dedicated
    UK www.unitedhosting.co.uk | US www.unitedhosting.com | Since 1998.

  5. #5
    Join Date
    May 2002
    Location
    Kingston, Ontario
    Posts
    1,573
    First line of defence is to make sure you setup a good barrier for your servers and keep them monitored. Keep your software up to date, watch Tripwire, Logwatch reports etc. It seems you did the right thing by finiding the user who caused the problem and reported them to the ISP which is probably the best thing you can do to get them cut off.... although if the IP is an infected computer, which it probably is, you can't do much but block the IP.
    Upload Guardian 2 - Malicious Upload Scanner - Windows and Linux!
    Instantly scan uploaded files
    Get notified when released

  6. #6
    servers are secured - but i feel like someone want to break doors to my home and im not happy about this.
    Pro-net-hosting.com - www.pro-net-hosting.com
    Pro hosting solutions since april 2003.

  7. #7
    Join Date
    Aug 2003
    Location
    EU
    Posts
    1,671
    You have two options:
    The first one is to hire some really good admins, so this won't happen again
    The second one is to let it go...
    As it's been said, the costs are pretty high to track them, but you can use a third option, as seen on my server: The admin tracked down the guy, and obviously he was an IRC addict, because he installed psy BNC on the server too. Found the logs to the psyBNC, tracked the channels he was on, talked to some of his friends, impersonating a newbie hacker, got every info about that guy from his friends, when he came online had a small discussion with him about hacking, then called him impersonating a IT crime dept. officer.

    The hacker thought it was a joke, till the moment the admin told him everything he knew about him , the servers he hacked etc and dumped all his psyBNC's(tens of them) . The guy freaked, and he promised to be at the police Hq the next morning with a full statement.

    So you see, you can also do fun stuff when your server gets hacked

    PS:The guy really went to the police dept, we checked, and you can imagine his stunned face when he found out he wasn't called in, but since he told them what was about, he got questioned
    Lorand R. Minyo
    Co-Founder @ Neveli

  8. #8
    Originally posted by lorandm
    You have two options:
    The first one is to hire some really good admins, so this won't happen again
    The second one is to let it go...
    As it's been said, the costs are pretty high to track them, but you can use a third option, as seen on my server: The admin tracked down the guy, and obviously he was an IRC addict, because he installed psy BNC on the server too. Found the logs to the psyBNC, tracked the channels he was on, talked to some of his friends, impersonating a newbie hacker, got every info about that guy from his friends, when he came online had a small discussion with him about hacking, then called him impersonating a IT crime dept. officer.

    The hacker thought it was a joke, till the moment the admin told him everything he knew about him , the servers he hacked etc and dumped all his psyBNC's(tens of them) . The guy freaked, and he promised to be at the police Hq the next morning with a full statement.

    So you see, you can also do fun stuff when your server gets hacked

    PS:The guy really went to the police dept, we checked, and you can imagine his stunned face when he found out he wasn't called in, but since he told them what was about, he got questioned
    well he didnt managed to run anything - so we dont have any info about him - just the ip - our admins are good enough i think - he didnt had any control on the server
    Pro-net-hosting.com - www.pro-net-hosting.com
    Pro hosting solutions since april 2003.

  9. #9
    Join Date
    Aug 2003
    Location
    EU
    Posts
    1,671
    Well, sometimes the IP is the only thing you got, but some hackers are so (nevermind) that they use the same pattern, the same IP's etc. So if you administer several servers you'll see right tru it

    Did I mention that we found the same guy/guys toying arround with other servers? Did nothing but kicked them out fast
    Lorand R. Minyo
    Co-Founder @ Neveli

  10. #10
    Join Date
    Aug 2002
    Location
    Denmark
    Posts
    432
    You can complain to his ISP, mostly they disconnect him if you have some evidence.
    Checkout www.crunzh.com for nice freeware programs. Including a program for monitoring your webserver.
    Any opinions in this post, unless otherwise noted, are my own personal opinions.

  11. #11
    Originally posted by msh
    You can complain to his ISP, mostly they disconnect him if you have some evidence.
    yes i did this - sent them part of log
    Pro-net-hosting.com - www.pro-net-hosting.com
    Pro hosting solutions since april 2003.

  12. #12
    Join Date
    Dec 2001
    Location
    Above The Clouds
    Posts
    6,999
    Originally posted by lorandm
    Did I mention that we found the same guy/guys toying arround with other servers? Did nothing but kicked them out fast
    Yes, but there's more to that story,
    Laurence Flynn @ atOmicVPS LTD
    Linux & Windows Cloud Hosting Solutions Powered by OnApp
    Fully Managed [Shared][Reseller][Cloud VPS] [Dedicated]
    Featuring the atOmicSTACK ● Speed ● Performance ● Reliability

  13. #13
    Join Date
    Jan 2004
    Location
    USA
    Posts
    109
    Originally posted by msh
    You can complain to his ISP, mostly they disconnect him if you have some evidence.
    And hopefully he will have just renewed for 12 months when they disconnect him.
    HOST CAPACITY || www.hostcapacity.com || SALES: cs @ hostcapacity.com || MSN: msn @ hostcapacity.com
    Shared Hosting || Multi Domain Hosting || Private Label Reseller Hosting
    Pay Pal Accepted || 99% Uptime || Hosting Since 2002
    Support and Customer Service that really care about our clients || It's the Service that counts.

  14. #14
    Join Date
    Aug 2003
    Location
    EU
    Posts
    1,671
    Yeah Nex, there is probably more to that story...
    Nevertheless it gave someone the nightmares till the admin fixed the server(s)

    Anyway, once you got rid of them, it's really no fun calling them everytime to send them to the police hq's

    Once was phun...just that we started to "like" the guy so much that everytime we found a hacked server we searched for his MO first.

    8 out of 10 cases we were right...
    Lorand R. Minyo
    Co-Founder @ Neveli

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •