Help us deal with this hacker!
October 13, 2004 7:57 PM   Subscribe

S.O.S. We're being hacked! I run a small community website and somebody is trying to hack our VBulletin-powered forum. So far our passwords and usernames have been tampered with. How do we prevent this bastard from messing up years of dedicated volunteer work? Can we trace who the offender is? Any strategies in dealing with his demented mind? Its depressing/ I'm taking this personally. After years of thankless effort this is what my partners and I get. Please help.
posted by anonymous to Computers & Internet (6 answers total) 1 user marked this as a favorite
 
* Where is the website hosted? Do you have control over the server itself or are you renting space at a webhost?

* If possible, shut down the forum IMMEDIATELY--backup and remove the site & database, or preferrably just rename the directory it's in temporarily.

* Any other help I can think of relies a whole lot on the answer to the first question.
posted by cyrusdogstar at 8:13 PM on October 13, 2004


Everything does indeed depend on the answer to the first question. If it's your server, take the usual post-compromise steps: shut down the server's access to the outside world, rifle the access logs for IPs, blackhole them on the router or firewall, make a backup, nuke the server down to a blank drive, reinstall the OS, web server and application server, patch any vulnerability used to compromise the system, then restore all the known-good data. Because accounts were compromised, you'll probably want to start the account database from scratch, presumably with a stronger password policy that leaves you less open to brute force attack.

If it's not your server, you call whoever runs it for you and ask them for help. That's what you're paying them for.
posted by majick at 11:37 PM on October 13, 2004


I'm just curious...do you think it's someone here (as you're anonymous?)
posted by filmgeek at 7:48 AM on October 14, 2004


Ah, the major problem with anon posting right now: being able to reply to questions...
posted by jmd82 at 8:58 AM on October 14, 2004


Perhaps they just don't want it to be known their website has been compromised. Come to think of it, are we really really sure metafilter isn't running on a themed version of VBulletin?
posted by fvw at 10:34 AM on October 14, 2004


no fvw, i'm pretty sure vbulletin is a lot more stable than metafilter.
posted by bob sarabia at 6:36 PM on October 14, 2004


« Older Brugal Rum in LA   |   Tell Me Lies Newer »
This thread is closed to new comments.