need help stoping hacker...
Results 1 to 10 of 10

Thread: need help stoping hacker...

  1. #1
    Junior Member
    Join Date
    Jul 2003
    Posts
    3

    need help stoping hacker...

    im involved w/ online gaming and i belong to a clan.

    recently we came under attack from 1 hacker (don't know who it is) who is unhappy with us. basically he is just defacing the site. but, in addition to this he took control of the admin possition on our board and banned all the other admins. so basically he runs the show. banning people etc...

    because of the hacker, the guy who runs the forums had to shut them down until we can stop him.

    basically im crying for help.

    what can we legally do to try to stop this?

    any help would be greatly appreciated.

    if talking through an instant messenger service would help let me know...

  2. #2
    Senior Member
    Join Date
    Mar 2002
    Posts
    442
    More info please. What web site is this? What type of message board system is it? Privately or commercialy hosted? More specific question = more specific answer.

    Best answer I can give you from your question is that you cannot do anything to anyone, it is illegal period. There is no eye for an eye rule. If someone shoots you, you cannot go over to there house and shoot them in the head.

  3. #3
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Well, the way I see it is... the true admin can always take back power. They have all the power on the box as they have local access to it. If it is so bad that he can't take it back... its time to backup the forums, burn down the box, and recreate the site but make sure it is secure. After that, restore the forums and messages. You will most likely have to have everyone rejoin and choose different passwords too... as they were most likely compromised too.

    I've never been an admin on a message board... but I couldn't imagine it being too hard to do this... I could be completely wrong here... but that'd what I'd think about doing. I wouldn't just try to take back admin on the boards... because if he was able to get admin on the boards, he is most likely admin on the box. You don't know what he has done to keep access of the box. Rootkits, trojans, etc.

    If they can't even get into the box... then shut it down and boot it up with knoppix. Do a remote backup to another box and get all important info. Then burn down and rebuild.

    Do you know what has been compromised? Just the board? The whole box?
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  4. #4
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    If the guy logged in as an admin... is the owner of the forum/site able to identify his IP address? If so, run a whois on the IP and see the contact information of the company that's registered to. E-mail or call the respective ISP and tell them your problem. It is possible the guy used a proxy [since log in is possible through http] so it may not work. Or, if he managed to hack other computers and is using those, same thing.
    /\\

  5. #5
    Senior Member
    Join Date
    Mar 2002
    Posts
    442
    It sounds like he does not have physical control over this box. He wants to know what he can do to get to the forums and control back over the box. With a hacker having admin rights to a box, and you not having physical access to the box, the problem is much different than backing up and securing everything.

  6. #6
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    It sounds like he does not have physical control over this box. He wants to know what he can do to get to the forums and control back over the box.
    Thats why I said true admin. Contact the true admin and notify them of the problem. The real admin WILL have local access to the box... or whoever is hosting the box will have local access... yada yada yada
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  7. #7
    Junior Member
    Join Date
    Jul 2003
    Posts
    3
    its privatly run... and operated. (not by me)

    just the forums are compromised, the rest of the website hasn't been messed with.
    the true admin will probably just do a backup and hope the guy doesn't come back.

    we got his ip moments before he deleted all the admins, problem is the ip changes... there are 5 different ip's that we have, not sure if they are all his or not. will a whois work on this type of ip? (i forget the technical name for it, may be dynamic?)

    thanks for all the responses so quickly, but im afriad u guys are way over my head on this stuff. the most i can do is the whois search. ill try to get in contact w/ the person who has local access to the box and get him to come here.

  8. #8
    Senior Member
    Join Date
    Mar 2002
    Posts
    442
    Yes, a whois look up will work even on a dynamic IP. http://www.arin.net/whois/ is a good place to do one. The admin can then contact the abuse e-mail, phone number, or snail mail address of that admin, and the problem can then be fixed.

  9. #9
    Senior Member
    Join Date
    Jul 2003
    Posts
    217
    even tracing the guy might not help as he could be using another machine that he controls to do the hacking or the ISP might not be willing to help out. It might be worth the effort to try but dont get your hopes up.

    The best way would be to get the true admin to rebuild the forums if the server is not compromised. If the server is compromised then the whole server will have to be reubuilt. Since you dont have physical access to the server then the best would be to get the true admin to rebuild the forum since there might be other stuff on the server for other clients that might make rebuilding the whole server not feasible.

    Try to make sure you secure it as best as possible this time or maybe just change the company hosting your forum.

  10. #10
    Junior Member
    Join Date
    Jul 2003
    Posts
    3
    ohh boy did we stumble into a problem...

    its a team of hackers, right now we have 2 of em tho... hehe. making progress.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •