Site defaced - what next?

Matt Galster galsterm at gmail.com
Fri Aug 6 17:22:31 EDT 2004


If you figure your time is worth $60 or $70 and hour, it shouldn't
take too long rebuilding, tracking the bastage down, and making sure
he can't ever get in again, before you are in the money here with the
FBI...

MEG

On Fri, 6 Aug 2004 11:52:29 -0400, Jeff Kinz <jkinz at kinz.org> wrote:
> On Fri, Aug 06, 2004 at 10:29:20AM -0400, Greg Rundlett wrote:
> > My site was owned and defaced.
> > 
> .........<SNIPPED>..........
> >
> > Anyway, there isn't a significant financial loss involved in this, it is
> > more a nuisance since my site is informational.  But still, my question
> > to the group is what if anything should be done to hunt down the
> > script-kiddie who defaced the page.  Is there any regulatory body that
> > ISP's report these incidents to?
> 
> Who ever did it broke some laws, so it is a crime, unfortunately the FBI
> won't move on it unless you lost at least $10K.
> 
> That said, however, definitely file a report with the Police or FBI.
> Adding more numbers to that category of crime will raises the budgetary
> value of enforcing those laws at all levels and so eventually law
> enforcement will get more resources to follow up, but only if we report
> the crimes.
> 
> As for finding the SOB, if the guilty party can be positively identified
> it would be helpful to everyone to know who it is.  If they are local
> I would certainly want to be aware of their activities.
> 
> If they are not local, the community which they live in is probably
> interested in knowing who they are and what they do as well.
> 
> Did the server get rooted as well? or just defaced ?  If its not rooted,
> then you may have some log file information that may be useful.  (of
> course even if its there, it may not help, depends on the sophistication
> of the attacker.)
> 
> Also - would you consider putting up a honeypot?  If they attacked once,
> they may try again and it would be much easier to find out who it is
> if a honeypot is active.
> 
> 
> >
> > ps. This is not in any way connected to running a CVS pserver -- an
> > earlier thread discussed the vulnerabilities therein.
> >
> > --
> > FREePHILE
> > We are 'Open' for Business
> > Free and Open Source Software
> > http://www.freephile.com
> > (978) 270-2425
> > If you are smart enough to know that you're not smart enough to be an
> > Engineer, then you're in Business.
> >
> > _______________________________________________
> > Discuss mailing list
> > Discuss at blu.org
> > http://www.blu.org/mailman/listinfo/discuss
> >
> 
> --
> Our father, which art in Redmond, Monopoly be thy name.
> Thy empire come, thy OS never done, shipping as it is in development
> 
> Give us this day, our daily bug And forgive address violations
> as we forgive those viruses that trespass against us
> 
> Lead us not unto competition but deliver us from Choice
> For thine is the license, the revenue and the greed forever. Amen
> ==========================================
> 
> Linux and Open Source.  The New Base.
> 
> Now All your base belongs to you, for free.
> 
> Jeff Kinz, Emergent Research, Hudson, MA.
> 
> 
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss
>



More information about the Discuss mailing list