Previous Thread
Next Thread
Print Thread
Rate Thread
Who do you tell? #85385 07/31/2002 4:59 AM
Joined: Apr 2001
Posts: 42
l0cke Offline OP
Member
OP Offline
Member
Joined: Apr 2001
Posts: 42
Some a**hole at my forum is threatening to hack me, because I banned him. I don't doubt his ability. He has many, many Counterstrike friends, and.. well, those guys all have way too much time on their hands.

Who do I tell? Is there an organization that I can give his IP address to that can stop him?

Sponsored Links
Re: Who do you tell? #85386 07/31/2002 8:57 AM
Joined: Nov 2000
Posts: 915
DPK.ducky.quack Offline
Developer
Offline
Developer
Joined: Nov 2000
Posts: 915
Lookup his hostmask and report him to his isp if he tries anything. tipsy

Re: Who do you tell? #85387 07/31/2002 9:26 AM
Joined: Feb 2001
Posts: 817
usr bin geek Offline
Moderator / Kingpin
Offline
Moderator / Kingpin
Joined: Feb 2001
Posts: 817
You have to worry about the morons that DON'T make threats and just act. The ones that make the treats 90% time don't have the skills to do anything.

Seriously, you can't do anything unless someone does something. Then you can go to your State Police or the FBI if it crossed state lines.

The best thing you can do is harden your systems;
  • Upgrade to the latest release of UBB.classic
  • Upgrade all the other software on your server to the latest releases
  • Use difficult to guess passwords for all your admin accounts. (Use combinations of letters and numbers.)
  • Use a different password for your FTP than your admin accounts.
  • Delete any admin accounts you don't need.
  • Turn off images in signatures if enabled
  • Turn off HTML (it should never be on anyway.)
  • Enable member moderation and carefully review all new members
  • Update your anti-virus and firewall

Re: Who do you tell? #85388 07/31/2002 9:47 AM
Joined: Feb 2000
Posts: 4,625
Greg Hard Offline
Member
Offline
Member
Joined: Feb 2000
Posts: 4,625
nothing can be done untill it happens...

Re: Who do you tell? #85389 07/31/2002 11:59 AM
Joined: May 2001
Posts: 794
ADWOFF Offline
Content Queen
Offline
Content Queen
Joined: May 2001
Posts: 794
Quote
quote:
Turn off images in signatures if enabled
Why is this an issue?


Sue
adwoff.com
Sponsored Links
Re: Who do you tell? #85390 07/31/2002 12:07 PM
Joined: Mar 2000
Posts: 21,084
AllenAyres Offline
I type Like navaho
Offline
I type Like navaho
Joined: Mar 2000
Posts: 21,084
There were several ways of introducing harmful html in earlier versions of the ubb with people sneaking it in the tags used for their images. I believe the last time we were hacked a few months back was for the very same reason. I know of another time or 2 that never made it to widespread knowledge of people being able to do similar activities.

6.3.1 contains the latest security patches for all known hacking possibilities.


- Allen wavey
- What Drives You?
Re: Who do you tell? #85391 07/31/2002 2:50 PM
Joined: Sep 2000
Posts: 793
Dark Templar Offline
Member
Offline
Member
Joined: Sep 2000
Posts: 793
Reminds me of the warning Borg gave us, 5.74 era, of that huge security vulnerability. Good thing that got fixed.


-DT
Re: Who do you tell? #85392 08/01/2002 4:56 PM
Joined: May 2001
Posts: 794
ADWOFF Offline
Content Queen
Offline
Content Queen
Joined: May 2001
Posts: 794
Quote
quote:
Originally posted by AllenAyres:
There were several ways of introducing harmful html in earlier versions of the ubb with people sneaking it in the tags used for their images. I believe the last time we were hacked a few months back was for the very same reason. I know of another time or 2 that never made it to widespread knowledge of people being able to do similar activities.

6.3.1 contains the latest security patches for all known hacking possibilities.
Allen,

If you don't allow direct linking of graphics to other sites, is this eliminated then? (i.e. all the graphics come from my site)


Sue
adwoff.com
Re: Who do you tell? #85393 08/01/2002 5:13 PM
Joined: Mar 2000
Posts: 21,084
AllenAyres Offline
I type Like navaho
Offline
I type Like navaho
Joined: Mar 2000
Posts: 21,084
no, it's not in the graphics themselves, it's in the way they are linked to... people were typing in code that the ubb didn't recognize as code in the image tags and in their signatures. Stuff like using # 0153 (no spaces) to make the ubb think it's innocent text, but the browser interprets it as ™ . You can see something similar when you have a link that uses & amp; (no spaces) for the ampersand, which the browser interprets as &

Anyways, they used other code to hide their javascript/whatever to grab cookies with passwords/etc.


- Allen wavey
- What Drives You?
Re: Who do you tell? #85394 08/02/2002 8:37 AM
Joined: Mar 2001
Posts: 7,395
LK Offline
Admin / Code Breaker
Offline
Admin / Code Breaker
Joined: Mar 2001
Posts: 7,395
If you get threats from banned users, I guess that they don't have admin/ftp passwords, or your IP. The only things you HAVE to do is:
Quote
quote:
Upgrade to the latest release of UBB.classic
Upgrade all the other software on your server to the latest releases
Turn off HTML (it should never be on anyway.)
It's recommended to do all others as well, but these are the most important ones.

Sponsored Links
Re: Who do you tell? #85395 08/02/2002 6:26 PM
Joined: Apr 2001
Posts: 42
l0cke Offline OP
Member
OP Offline
Member
Joined: Apr 2001
Posts: 42
They didn't threaten, but I figured he would. He does have skill with hacking as he's hacked some others before. Or so the "hackies" claimed they were.

This guy is a real pain. The only way I could ban him was to change his account password and e-mail (so he couldn't access his account) and then not allow new registrations, because he could change his IP (I banned like 30 IP's at least, and they were all very different than the rest, as in, they weren't similar IP's).

But, the year service of my URL expired, and I don't have the cash to renew it, and now my webspace is running out of room, so I just give up. No more forum, no more web-cartoons, no more lyrics. frown

But no more stupid hacker guy! laugh


Donate Today!
Donate via PayPal

Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.

Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
Recommended Hosts
We have personally worked with, and recommend, the following Web Hosts:
· Stable Host
· Blue Host
· Interserver.net
Visit us on Facebook
Member Spotlight
Bill B
Bill B
Issaquah, WA
Posts: 87
Joined: December 2001
Show All Member Profiles 
Forum Statistics
Forums64
Topics37,499
Posts293,661
Members13,824
Most Online1,498
Mar 17th, 2017
Top Posters(All Time)
AllenAyres 21,084
JoshPet 10,370
LK 7,395
Lord Dexter 6,709
Gizmo 5,786
Greg Hard 4,625
Top Posters(30 Days)
isaac 28
driv 16
Gizmo 5
Morgan 2
Today's Statistics
Currently Online 973
Topics Created 0
Posts Made 0
Users Online 1
Birthdays 19
The UBB.Developers Network (UBB.Dev/Threads.Dev) is ©2000-2019 VNC Web Services

 
Powered by UBB.threads™ PHP Forum Software 7.7.3
(Snapshot build 20190716.dev)
PHP: 5.4.45 Page Time: 0.047s Queries: 14 (0.011s) Memory: 3.2878 MB (Peak: 3.4759 MB) Data Comp: Zlib Server Time: 2019-07-20 01:07:51 UTC
Valid HTML 5 and Valid CSS