Dealing with site sabotage threats

Earlier today, one charming site visitor sent me, via my web contact form, a message telling me my site would definitely be hacked.

As the message came via my web contact form, the header of the email does not show the sender’s real IP; hence I noted the timestamp and checked the server log record for that particular time. I believe I now have the site visitor’s IP.

I should mention a pair of youngsters who frequent my web site have at different times in the past used that IP address. I think they just get assigned a dyanmic IP each time they log on to the Net, so I cannot say they are responsible and not someone else using the same Internet Service Provider.

The ‘threat’ I received today may be a prank, but in case it isn’t,
I would like to hear how others handle this kind of situation. Any help/advice would be greatly appreciated.

  • marsbar

First, change all your important passwords. Shell/FTP, MySQL, any CMS software you’re running, etc. Make them long and random.

Second, find out who their ISP is (traceroute it if you have to) and contact them, letting them know you were threatened by one of their users, and include all relevant log info.

Thirdly, make sure you’re not running any scripts that could lead to vulnerabilities. Software like Moveable Type, PHPbb, etc tends to be fairly well tested in this area.

Fourth, pray, if that’s your thing.

Good luck.

Almost make DH aware of the threat… Should your site come under attack DH would be forewarned and better prepared to handle the suitation…

I tend to just kick back and care not, hasn’t failed me yet :wink:


Thanks for your responses, folks.
I have managed to identify the person responsible for making the threat. If necessary, I will make sure the boy is put on after school detention for a week. :wink:

  • marsbar

Make sure you lock down any web applications (like PHP programs and what not) to make sure there are no known XSS (cross site scripting) holes or other security holes. These are on the rise recently; users install gallery, xgallery, or other PHP scripts with holes, and an attacker uses it to gain access to the user’s files and / or local access to our machine.

I wouldn’t really worry about it. It is just probably just some punk kid at best. If they were really going to hack, they would either find some way to root the nameservers on dreamhost (then everyone would be screwed) or attack one of the servers (again, everyone would be screwed). I’m only aware of 6 groups that are skilled enough/have a clue/ that actively hack sites (ie deface like 56 websites a month). The 6 groups equate to about 30 people on the ENTIRE planet. They are like aggressive line, xfree86, trippin smurfs, er… I dont remember the rest.

Besides, ff it were one of the IRC hacker groups, I’m sure the people at dreamhost are fully aware of it. Actually maybe it’s 5 now. I heard that fool Omega from Hackweiser finally started to like girls.

At best they are script kiddies. Maybe they are capable of comprehending the introduction to the phack. Either way I wouldn’t lose sleep over it.