someone trying to sabotage new forums?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Corgimom
    New Member
    • Apr 2007
    • 7

    someone trying to sabotage new forums?

    We have just had our new forums up for about a week and the administrator at another, similar forum found out (we are thinking by reading PM's at his site) about our new site. (Notation here... we are NOT trying to steal "his" members, but there were several members that had already left his site due to being unhappy and wanted a new place to gather, hence why we started our forums.) This morning... someone tried to access a member's account, but maxed out their tries. That member got the IP address, and we matched it to another member who signed up 5 minutes after trying to hack her account. What we are curious about is if there is anyway to legally track this IP address, or the email that was used to sign up the account back to the person behind it. We want to know if this person is the admin at the other forums, or just another member. If we CAN find out who this person is, is there any action we can take (other than banning the account they signed up under which was already done). Thank you.
  • Floris
    Senior Member
    • Dec 2001
    • 37767

    #2
    You can't really. You would have to get access to the IP of that admin to match them up. Even if the ISP range is the same as the admin, it doesn't mean it is that person.

    Best thing to do here is to stop caring actually. Ignore this happens (but don't forget it) and just ban that user and ask the user where this happened to change his or her account.

    Why do I say that? Because a fight between two communities can backfire on yours and it simply is a waste of time. Focus on your members and the content they create. If the other site is not worth it according to you and your members, then why bother spending time on them? Exactly. Make the best out of your own forum and block the abusive IP serverwide so they have to get a new IP in order to try it again.

    Of course, seeing how you are important enough for them to screw with your site (if that's actually the case here..) then it is wise to secure your vB powered forum. Add .htaccess directory protection to your admincp/ modcp/ and includes/ directory. Get a hard to guess password for it, and also a different hard to guess pass for your staff members.

    Also, keep discussions OFF the forum about that other site. If someone on your site has an issue with that web site or their members,or whatever, .. take it to private or away from the public view. Because it will just provoke the other site to cause more harm or spend more time on being abusive.

    Good luck!

    Comment

    • Corgimom
      New Member
      • Apr 2007
      • 7

      #3
      Thanks for the advice. Most of that we are already doing (i.e. not discussing the other site in the open forums and such). We'll just keep trucking and do our best to make sure they can't get in again. Thank you!

      Comment

      • Rick Grunwald
        Senior Member
        • Feb 2005
        • 211
        • 3.0.6

        #4
        Go to the vbulletin.org site and check out the "miserable users" hack
        Rick Grunwald
        http://grunwalds.com
        XP home SP2, Celeron 2gb, 2GB RAM, Zone Alarm Security Suite

        Comment

        • Total666
          Senior Member
          • Jan 2006
          • 158
          • 3.6.x

          #5
          Originally posted by Floris
          You can't really. You would have to get access to the IP of that admin to match them up. Even if the ISP range is the same as the admin, it doesn't mean it is that person.

          Best thing to do here is to stop caring actually. Ignore this happens (but don't forget it) and just ban that user and ask the user where this happened to change his or her account.

          Why do I say that? Because a fight between two communities can backfire on yours and it simply is a waste of time. Focus on your members and the content they create. If the other site is not worth it according to you and your members, then why bother spending time on them? Exactly. Make the best out of your own forum and block the abusive IP serverwide so they have to get a new IP in order to try it again.

          Of course, seeing how you are important enough for them to screw with your site (if that's actually the case here..) then it is wise to secure your vB powered forum. Add .htaccess directory protection to your admincp/ modcp/ and includes/ directory. Get a hard to guess password for it, and also a different hard to guess pass for your staff members.

          Also, keep discussions OFF the forum about that other site. If someone on your site has an issue with that web site or their members,or whatever, .. take it to private or away from the public view. Because it will just provoke the other site to cause more harm or spend more time on being abusive.

          Good luck!
          Really good info in this post , I added the htaccess to the modcp / admincp / and the includes directory .. I did not see a prompt for the includes password yet , browsing the admin cp area .. Is this more for someone trying to hack into the includes directory on the server ?? Thanks
          Last edited by Total666; Sun 15 Apr '07, 12:12pm.

          Comment

          • Floris
            Senior Member
            • Dec 2001
            • 37767

            #6
            Sticky: How To Make My Forums More Secure

            Comment

            • Total666
              Senior Member
              • Jan 2006
              • 158
              • 3.6.x

              #7
              Originally posted by Floris

              Yes , I have read that article before - but it does not mention the " includes" folder .. Total

              Comment

              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
              Working...