Previous Thread
Next Thread
Print Thread
Rate Thread
#85385 07/31/2002 4:59 AM
Joined: Apr 2001
Posts: 42
Member
Member
Offline
Joined: Apr 2001
Posts: 42
Some a**hole at my forum is threatening to hack me, because I banned him. I don't doubt his ability. He has many, many Counterstrike friends, and.. well, those guys all have way too much time on their hands.

Who do I tell? Is there an organization that I can give his IP address to that can stop him?

Sponsored Links
#85386 07/31/2002 8:57 AM
Joined: Nov 2000
Posts: 915
Developer
Developer
Offline
Joined: Nov 2000
Posts: 915
Lookup his hostmask and report him to his isp if he tries anything. tipsy

#85387 07/31/2002 9:26 AM
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
Moderator / Kingpin
Joined: Feb 2001
Posts: 817
You have to worry about the morons that DON'T make threats and just act. The ones that make the treats 90% time don't have the skills to do anything.

Seriously, you can't do anything unless someone does something. Then you can go to your State Police or the FBI if it crossed state lines.

The best thing you can do is harden your systems;
  • Upgrade to the latest release of UBB.classic
  • Upgrade all the other software on your server to the latest releases
  • Use difficult to guess passwords for all your admin accounts. (Use combinations of letters and numbers.)
  • Use a different password for your FTP than your admin accounts.
  • Delete any admin accounts you don't need.
  • Turn off images in signatures if enabled
  • Turn off HTML (it should never be on anyway.)
  • Enable member moderation and carefully review all new members
  • Update your anti-virus and firewall

#85388 07/31/2002 9:47 AM
Joined: Feb 2000
Posts: 4,625
Member
Member
Offline
Joined: Feb 2000
Posts: 4,625
nothing can be done untill it happens...

#85389 07/31/2002 11:59 AM
Joined: May 2001
Posts: 794
Content Queen
Content Queen
Offline
Joined: May 2001
Posts: 794
Quote
quote:
Turn off images in signatures if enabled
Why is this an issue?


Sue
adwoff.com
Sponsored Links
#85390 07/31/2002 12:07 PM
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
There were several ways of introducing harmful html in earlier versions of the ubb with people sneaking it in the tags used for their images. I believe the last time we were hacked a few months back was for the very same reason. I know of another time or 2 that never made it to widespread knowledge of people being able to do similar activities.

6.3.1 contains the latest security patches for all known hacking possibilities.


- Allen wavey
- What Drives You?
#85391 07/31/2002 2:50 PM
Joined: Sep 2000
Posts: 793
Member
Member
Offline
Joined: Sep 2000
Posts: 793
Reminds me of the warning Borg gave us, 5.74 era, of that huge security vulnerability. Good thing that got fixed.


-DT
#85392 08/01/2002 4:56 PM
Joined: May 2001
Posts: 794
Content Queen
Content Queen
Offline
Joined: May 2001
Posts: 794
Quote
quote:
Originally posted by AllenAyres:
There were several ways of introducing harmful html in earlier versions of the ubb with people sneaking it in the tags used for their images. I believe the last time we were hacked a few months back was for the very same reason. I know of another time or 2 that never made it to widespread knowledge of people being able to do similar activities.

6.3.1 contains the latest security patches for all known hacking possibilities.
Allen,

If you don't allow direct linking of graphics to other sites, is this eliminated then? (i.e. all the graphics come from my site)


Sue
adwoff.com
#85393 08/01/2002 5:13 PM
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
no, it's not in the graphics themselves, it's in the way they are linked to... people were typing in code that the ubb didn't recognize as code in the image tags and in their signatures. Stuff like using # 0153 (no spaces) to make the ubb think it's innocent text, but the browser interprets it as ™ . You can see something similar when you have a link that uses & amp; (no spaces) for the ampersand, which the browser interprets as &

Anyways, they used other code to hide their javascript/whatever to grab cookies with passwords/etc.


- Allen wavey
- What Drives You?
#85394 08/02/2002 8:37 AM
Joined: Mar 2001
Posts: 7,394
LK Offline
Admin / Code Breaker
Admin / Code Breaker
Offline
Joined: Mar 2001
Posts: 7,394
If you get threats from banned users, I guess that they don't have admin/ftp passwords, or your IP. The only things you HAVE to do is:
Quote
quote:
Upgrade to the latest release of UBB.classic
Upgrade all the other software on your server to the latest releases
Turn off HTML (it should never be on anyway.)
It's recommended to do all others as well, but these are the most important ones.

Sponsored Links
#85395 08/02/2002 6:26 PM
Joined: Apr 2001
Posts: 42
Member
Member
Offline
Joined: Apr 2001
Posts: 42
They didn't threaten, but I figured he would. He does have skill with hacking as he's hacked some others before. Or so the "hackies" claimed they were.

This guy is a real pain. The only way I could ban him was to change his account password and e-mail (so he couldn't access his account) and then not allow new registrations, because he could change his IP (I banned like 30 IP's at least, and they were all very different than the rest, as in, they weren't similar IP's).

But, the year service of my URL expired, and I don't have the cash to renew it, and now my webspace is running out of room, so I just give up. No more forum, no more web-cartoons, no more lyrics. frown

But no more stupid hacker guy! laugh


Link Copied to Clipboard
Donate Today!
Donate via PayPal

Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.

Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
Recommended Hosts
We have personally worked with and recommend the following Web Hosts:
Stable Host
bluehost
InterServer
Visit us on Facebook
Member Spotlight
Posts: 70
Joined: January 2007
Forum Statistics
Forums63
Topics37,573
Posts293,925
Members13,849
Most Online5,166
Sep 15th, 2019
Today's Statistics
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
Top Posters
AllenAyres 21,079
JoshPet 10,369
LK 7,394
Lord Dexter 6,708
Gizmo 5,833
Greg Hard 4,625
Top Posters(30 Days)
Top Likes Received
isaac 82
Gizmo 20
Brett 7
Morgan 2
Top Likes Received (30 Days)
None yet
The UBB.Developers Network (UBB.Dev/Threads.Dev) is ©2000-2024 VNC Web Services

 
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20221218)