Website Hacked

O

organik

New Member
Joined
Jan 9, 2010
Messages
4
Reaction score
0
Hey all,
I can't find information on this subject anywhere and thought that the guys on this forum might be able to help me.

I detected an intruder on my website a few weeks ago originating from an IP address that belongs to one of the major ISPs in South Africa.

What would be my course of action if I would like to press charges against the intruder? Is it even possible? How long are the IP logs kept by the ISPs?

I am from South Africa and my website was generating a small income, would it be possible to sue for loss of income if my website was defaced?

Any help or info on this subject would be greatly appreciated.

Peace.
 
organik said:
Hey all,
I can't find information on this subject anywhere and thought that the guys on this forum might be able to help me.

I detected an intruder on my website a few weeks ago originating from an IP address that belongs to one of the major ISPs in South Africa.

What would be my course of action if I would like to press charges against the intruder? Is it even possible? How long are the IP logs kept by the ISPs?

I am from South Africa and my website was generating a small income, would it be possible to sue for loss of income if my website was defaced?

Any help or info on this subject would be greatly appreciated.

Peace.
Click to expand...

What IP is it? Is it a static IP or a dynamic IP? You will be able to tell by looking at it or trying to telnet or ssh to it. If it's a static IP it can be reported very easily to the relevant ISP, they will maybe even be able to have a look at their logs and trace the IP to a phone number for you. With dynamic IPs it may be a bit harder, but it can also still be traced to a number.

Do you know which ISP the intruder was on? If so, give them a call and find out what their abuse department's e-mail address is and send them a mail. That's all I can think of.

Hope you catch the oke.
 
to0kenZA said:
What IP is it? Is it a static IP or a dynamic IP? You will be able to tell by looking at it or trying to telnet or ssh to it. If it's a static IP it can be reported very easily to the relevant ISP, they will maybe even be able to have a look at their logs and trace the IP to a phone number for you. With dynamic IPs it may be a bit harder, but it can also still be traced to a number.

Do you know which ISP the intruder was on? If so, give them a call and find out what their abuse department's e-mail address is and send them a mail. That's all I can think of.

Hope you catch the oke.
Click to expand...

It's a dynamic IP on Mweb. Apparently I have to open a case at the police station and then get a section 205 subpoena to get the information out of the ISP.

Can anyone verify this? How long does the process take?
 
organik said:
It's a dynamic IP on Mweb. Apparently I have to open a case at the police station and then get a section 205 subpoena to get the information out of the ISP.

Can anyone verify this? How long does the process take?
Click to expand...

Just start the process so long by going to the police. It's the same with Telkom, when you want to report someone you have to make a case first as well. That's apparently some new procedure.
 
organik said:
It's a dynamic IP on Mweb. Apparently I have to open a case at the police station and then get a section 205 subpoena to get the information out of the ISP.

Can anyone verify this? How long does the process take?
Click to expand...

Sounds about right. Telkom / MWEB can't give out that information without the Police involvement as far as I know. I recall some time back (1 year +) there a few threads that dealt with line fraud etc, which basically said the same thing. I'm sure a quick search here will yield results.

Good luck!
 
It is a long and involved process and could quite easily cost you more in legal fees to persue than it is worth. Dont expect the cops to be very interested.

It is very possibile the IP that you picked up could just be coming from a PC that was infected with some malware and being used as a bot to attack your site. Thousands (hundreds of thousands) of these hack attempts happen every day. My advise is to secure your website so it doesnt happen again.
 
Last edited:
Who at the police station would understand the details of this complaint? ;)
 
Last edited:
I suppose proving it would be a problem. How do you show a judge raw server logs and expect him to understand it. Has anyone gone through this process before?
 
It would be interesting to know if someone has gone through this process? should I call the cyber police so they can back trace it :P
 
no,

im sorry just abandon all hopes of this immedietly, its not worth bothering, its not worth even trying...
All i can suggest is that you make sure your website is 100% secure so this never happens again...

use google or people here on MyBB to figure out how to do that...
 
DUDE!@##$%% said:
no,

im sorry just abandon all hopes of this immedietly, its not worth bothering, its not worth even trying...
All i can suggest is that you make sure your website is 100% secure so this never happens again...

use google or people here on MyBB to figure out how to do that...
Click to expand...

+1. No point in doing that, just make sure you fix the vuln.
 
Well trying to pursue this will most propably end in hair loss for you with no result at the end. Try not to use online website development tools because there is back doors that can be exploited by hackers as a friend of mine found out a while back. Also use a hosting service that has good security on their web servers.
 
First restore an old backup of the account or have your account cleaned properly and also inform your web host about it. Take the site offline and make absolutely sure you know how the website was hacked and implement measures to fix the vulnerability (after the old backup was restored).

Was it an automated hack or a targeted one? Once that has been decided (or estimated), you can decide to pursue the person from their log records, but they were probably using a proxy or another hacked system / bot.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X