UBB.Developers Forums General Discussion Chit Chat Who do you tell?

Some a**hole at my forum is threatening to hack me, because I banned him. I don't doubt his ability. He has many, many Counterstrike friends, and.. well, those guys all have way too much time on their hands.

Who do I tell? Is there an organization that I can give his IP address to that can stop him?

Lookup his hostmask and report him to his isp if he tries anything.

You have to worry about the morons that DON'T make threats and just act. The ones that make the treats 90% time don't have the skills to do anything.

Seriously, you can't do anything unless someone does something. Then you can go to your State Police or the FBI if it crossed state lines.

The best thing you can do is harden your systems;

• Upgrade to the latest release of UBB.classic
• Upgrade all the other software on your server to the latest releases
• Use difficult to guess passwords for all your admin accounts. (Use combinations of letters and numbers.)
• Use a different password for your FTP than your admin accounts.
• Delete any admin accounts you don't need.
• Turn off images in signatures if enabled
• Turn off HTML (it should never be on anyway.)
• Enable member moderation and carefully review all new members
• Update your anti-virus and firewall

nothing can be done untill it happens...

Why is this an issue?

There were several ways of introducing harmful html in earlier versions of the ubb with people sneaking it in the tags used for their images. I believe the last time we were hacked a few months back was for the very same reason. I know of another time or 2 that never made it to widespread knowledge of people being able to do similar activities.

6.3.1 contains the latest security patches for all known hacking possibilities.

Reminds me of the warning Borg gave us, 5.74 era, of that huge security vulnerability. Good thing that got fixed.

Allen,

If you don't allow direct linking of graphics to other sites, is this eliminated then? (i.e. all the graphics come from my site)

no, it's not in the graphics themselves, it's in the way they are linked to... people were typing in code that the ubb didn't recognize as code in the image tags and in their signatures. Stuff like using # 0153 (no spaces) to make the ubb think it's innocent text, but the browser interprets it as ™ . You can see something similar when you have a link that uses & amp; (no spaces) for the ampersand, which the browser interprets as &

Anyways, they used other code to hide their javascript/whatever to grab cookies with passwords/etc.

If you get threats from banned users, I guess that they don't have admin/ftp passwords, or your IP. The only things you HAVE to do is:
It's recommended to do all others as well, but these are the most important ones.

They didn't threaten, but I figured he would. He does have skill with hacking as he's hacked some others before. Or so the "hackies" claimed they were.

This guy is a real pain. The only way I could ban him was to change his account password and e-mail (so he couldn't access his account) and then not allow new registrations, because he could change his IP (I banned like 30 IP's at least, and they were all very different than the rest, as in, they weren't similar IP's).

But, the year service of my URL expired, and I don't have the cash to renew it, and now my webspace is running out of room, so I just give up. No more forum, no more web-cartoons, no more lyrics.

But no more stupid hacker guy!