UBB.Dev
Posted By: l0cke Who do you tell? - 07/31/2002 11:59 AM
Some a**hole at my forum is threatening to hack me, because I banned him. I don't doubt his ability. He has many, many Counterstrike friends, and.. well, those guys all have way too much time on their hands.

Who do I tell? Is there an organization that I can give his IP address to that can stop him?
Posted By: DPK.ducky.quack Re: Who do you tell? - 07/31/2002 3:57 PM
Lookup his hostmask and report him to his isp if he tries anything. tipsy
Posted By: usr bin geek Re: Who do you tell? - 07/31/2002 4:26 PM
You have to worry about the morons that DON'T make threats and just act. The ones that make the treats 90% time don't have the skills to do anything.

Seriously, you can't do anything unless someone does something. Then you can go to your State Police or the FBI if it crossed state lines.

The best thing you can do is harden your systems;
  • Upgrade to the latest release of UBB.classic
  • Upgrade all the other software on your server to the latest releases
  • Use difficult to guess passwords for all your admin accounts. (Use combinations of letters and numbers.)
  • Use a different password for your FTP than your admin accounts.
  • Delete any admin accounts you don't need.
  • Turn off images in signatures if enabled
  • Turn off HTML (it should never be on anyway.)
  • Enable member moderation and carefully review all new members
  • Update your anti-virus and firewall
Posted By: Greg Hard Re: Who do you tell? - 07/31/2002 4:47 PM
nothing can be done untill it happens...
Posted By: ADWOFF Re: Who do you tell? - 07/31/2002 6:59 PM
Quote
quote:
Turn off images in signatures if enabled
Why is this an issue?
Posted By: AllenAyres Re: Who do you tell? - 07/31/2002 7:07 PM
There were several ways of introducing harmful html in earlier versions of the ubb with people sneaking it in the tags used for their images. I believe the last time we were hacked a few months back was for the very same reason. I know of another time or 2 that never made it to widespread knowledge of people being able to do similar activities.

6.3.1 contains the latest security patches for all known hacking possibilities.
Posted By: Dark Templar Re: Who do you tell? - 07/31/2002 9:50 PM
Reminds me of the warning Borg gave us, 5.74 era, of that huge security vulnerability. Good thing that got fixed.
Posted By: ADWOFF Re: Who do you tell? - 08/01/2002 11:56 PM
Quote
quote:
Originally posted by AllenAyres:
There were several ways of introducing harmful html in earlier versions of the ubb with people sneaking it in the tags used for their images. I believe the last time we were hacked a few months back was for the very same reason. I know of another time or 2 that never made it to widespread knowledge of people being able to do similar activities.

6.3.1 contains the latest security patches for all known hacking possibilities.
Allen,

If you don't allow direct linking of graphics to other sites, is this eliminated then? (i.e. all the graphics come from my site)
Posted By: AllenAyres Re: Who do you tell? - 08/02/2002 12:13 AM
no, it's not in the graphics themselves, it's in the way they are linked to... people were typing in code that the ubb didn't recognize as code in the image tags and in their signatures. Stuff like using # 0153 (no spaces) to make the ubb think it's innocent text, but the browser interprets it as ™ . You can see something similar when you have a link that uses & amp; (no spaces) for the ampersand, which the browser interprets as &

Anyways, they used other code to hide their javascript/whatever to grab cookies with passwords/etc.
Posted By: LK Re: Who do you tell? - 08/02/2002 3:37 PM
If you get threats from banned users, I guess that they don't have admin/ftp passwords, or your IP. The only things you HAVE to do is:
Quote
quote:
Upgrade to the latest release of UBB.classic
Upgrade all the other software on your server to the latest releases
Turn off HTML (it should never be on anyway.)
It's recommended to do all others as well, but these are the most important ones.
Posted By: l0cke Re: Who do you tell? - 08/03/2002 1:26 AM
They didn't threaten, but I figured he would. He does have skill with hacking as he's hacked some others before. Or so the "hackies" claimed they were.

This guy is a real pain. The only way I could ban him was to change his account password and e-mail (so he couldn't access his account) and then not allow new registrations, because he could change his IP (I banned like 30 IP's at least, and they were all very different than the rest, as in, they weren't similar IP's).

But, the year service of my URL expired, and I don't have the cash to renew it, and now my webspace is running out of room, so I just give up. No more forum, no more web-cartoons, no more lyrics. frown

But no more stupid hacker guy! laugh
© UBB.Developers