Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

How to deal with spammers/hackers?

  • 20-06-2005 5:15pm
    #1
    Closed Accounts Posts: 8,866 ✭✭✭


    In the last 2/3 days i've had a site spammed and hacked(by hacked i mean they managed to guess the password, they are teh1337!!), and changed it and the email contacts. They then went on to post adult material with heads from pictures on the site photoshopped onto them and basically took the p1ss.

    The problem is what to do with these idiots?! The site has been reported to the webhosting authorities(yesterday and still no reply) but what will that actually do to help? Knowing the culprits(but not knowing they're surnames/addresses means we cant properly report them), makes everything all the more frustrating.

    I would post a link but as stated the site contains adult material, but for those of you interested the host is freewebs.com and the band name is dead effect, from there i'm sure you can gather the url.

    Any suggestions/muscle for hire??

    Regards,

    ftg


Comments

  • Closed Accounts Posts: 3,783 ✭✭✭Binomate


    OWNED!



    I supose you'll just have to wait untill the webmasters close your account down, then just register a new account and name and shame them.


  • Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    It's highly unlikely they guessed the password. Either the script you are using is flawed and they used some sort of SQL injection attack or something similiar to escalate their privileges or they used a dictionary attack to pretty much throw everything but the kitchen sink at the login.

    Remove the default admin account if you have the ability to and change it to something only you know. Make sure the password is alpha-numeric and is at least 6-8 characters long. Make sure it doesn't include a word from a dictionary - Use completely random letters and numbers.

    If the script is flawed or if you are not sure, search securityfocus.com's bugtraq and see if the script you are using is flawed. They are pretty up to date on their bugs database. The fix is usually mentioned also on there.

    This should help you. Btw, you'd probably get a better response in the Security forum than you would here.


  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    No really, they're not smart enough for any of that, they wouldnt know script if it slapped them in the face! The password was simply the same as the sign in, stupid I know but it wasn't me who made that smart move.They're transition years from my school, which i left at the end of this year. Now getting random phone calls from them, how can i deal with the phone calls? Do Meteor provide a call trace or anything of the sort? I'm sure they've broken several laws at this point!


  • Registered Users, Registered Users 2 Posts: 6,374 ✭✭✭Gone West


    public beatings is the only known cure for these "1337 haxx0rz"


  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    Tell me about it. I swear if i find them beatings will be the order of the day. Until then, whats the best/most effective manner of reporting them?


  • Advertisement
  • Closed Accounts Posts: 5,217 ✭✭✭FX Meister


    Ha ha, it's your own fault you sap. Just forget that site and buy a proper .com address. The less you threaten them then the less of a buzz they get out of it. Just ignore them.

    I really can't believe you threatened to call their mothers. Actually, you can use this. Call their moms and tell them that you have had sex with their son but now he won't return your calls and you just wanted to let her know what way her son swings.


  • Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    Same password as the login, LOL. Says it all, best of luck with that. :)


  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    Quite frankly I couldn't care less what you think. If you're not going to contribute to the thread in referance to my queries then please remove yourself altogether!


  • Closed Accounts Posts: 3,783 ✭✭✭Binomate


    lol at dead effect 2. I might try out those numbers tonight.


  • Registered Users, Registered Users 2 Posts: 1,077 ✭✭✭joe.


    Ha Ha


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 32,136 ✭✭✭✭is_that_so


    Ignore the kids and scrub the site. Learn the lesson from it and concentrate on making your site more secure.
    I'd look at what the user login can do.
    Drop the admin login facility to the website. Not wise on a server you have no real control over and I can't see why that should be exposed to the open world. Surely the host server has a facility for you to administer your site.
    If not, as others have suggested splash the cash and get a .com or whatever and a hosted environment you have real control over.


  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    Problem is we cant scrub the site as the changed the original email contacts so its as though they set up the site now and it will just remain there til its removed, if its removed. Any more computer literate among us who might be capable of altering the site for us it would be grately appreciated... *wink wink*


  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    Right we've regained control of the forum, hopefully the site is soon to follow. But what we need now is a way to block IP's from posting, as these idiots refuse to leave it alone and keep creating new users and posting new threads as fast as they can churn them out! Anybody any help?


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,604 Mod ✭✭✭✭Capt'n Midnight


    They could use a dial up account to bypass the IP block.
    If it's only from the school you could ask then to block access to your site on thier firewall. Also since they are under-age not sure what you can do, at a guess you may have had a Welcome message on the site rather than a Warning, and that defense has worked in the past.

    You were lucky that it's only a bunch of kids, could have been anyone on the net, could have been changed to a kiddieporn site.

    BTW: if you want technical help it might help to give technical details like what software you are using :rolleyes:
    The people hosting the site might be able to block IP's. Settings to block IP's depend on the control you have over the scripting on the site and the software used etc.

    You could use confirmation emails when people register - it's not exactly a new idea.


  • Registered Users, Registered Users 2 Posts: 16,414 ✭✭✭✭Trojan


    Moved. I'm not certain which is the most appropriate forum in Comp, but it's certainly not AH.


  • Registered Users, Registered Users 2 Posts: 4,003 ✭✭✭rsynnott


    Quite frankly I couldn't care less what you think. If you're not going to contribute to the thread in referance to my queries then please remove yourself altogether!

    No need to get upset; if you do something silly and admit it in public, people are allowed talk about it ;)

    Just consider it a lesson learned, really.


  • Closed Accounts Posts: 8,478 ✭✭✭GoneShootin


    Quite frankly I couldn't care less what you think. If you're not going to contribute to the thread in referance to my queries then please remove yourself altogether!

    I think he contributed a great deal in his first post earlier in the thread. He cant help the fact that you were stupid enough to use such a poor password. You deserve everything you get, you might learn from it.


  • Registered Users, Registered Users 2 Posts: 7,740 ✭✭✭mneylon


    Unless you are using a very weak password it is far more likely that it was an exploit of some kind.


  • Registered Users, Registered Users 2 Posts: 2,170 ✭✭✭Serbian


    blacknight wrote:
    Unless you are using a very weak password it is far more likely that it was an exploit of some kind.

    The fact that he knows the people though means it could have been a bit of 'social engineering'.


  • Registered Users, Registered Users 2 Posts: 4,003 ✭✭✭rsynnott


    No, he already said how they found out; the username was THE SAME AS THE PASSWORD.


  • Advertisement
  • Closed Accounts Posts: 8,478 ✭✭✭GoneShootin


    The password was simply the same as the sign in

    ^^ !!


Advertisement