Spam Fly Needed Swatting...

Today was a fun day.  I started advertising my site finally using google's adwords & targeted placement which has been working well for me, not phenomenal, but well.  The membership growth is still at a level that over a few hours I can look at each profile that comes in and check it, the Access Management does a great job of pairing up matching IP's to watch out for those who might attempt to be scammers/spammers and isolate them for me to review first, and the scamnet does a great job of catching the e-mails that these idiots try to send out.

But today, I only needed 2 of the tools of my site.  My site's Instant Messenger (Thank you for this option on the sites Boonex) and the Access Management that was created by AntonLV.  A few other items came into play for this also and worked wonderfully.  Let me explain how it happened.

I logged into my site, members side (not Admin) and almost instantly I got an IM from a new (and mind you by the photo very attractive 22 year old lady) who wanted to talk.  Okay, I can take a moment to talk to a member and see what's up, obviously this took me to her profile EVEN Faster to see what she had on it.  What?  I'm a guy and I'm not married right now, I'm allowed to look aren't I? 

Well, it said she was from SF, CA on the profile and it seemed like a 22 year olds profile would seem, not much content and horid grammar.  I also noted the English was less than perfect in chatting with this individual (No, I don't believe it was the person in the pic).  As we're chatting she says she's does porn movies (okay, red flag one as my site is definitely PG)... I continue to chat and feel her out as I'm hop into the Admin panel to grab the IP on her and check it out... That's when Access Management became so useful.  Within 14 minutes of the first profile being created a 2nd profile was created (this one even more horid than the first, though still an attractive female pic) only it said that person was from Virginia and had the same IP as the first one... Hmmmm....

So this meant it was time for some fun... Find out what this person wanted and then block the IP, seems simple enough right?  So, this individual asks to move to off-site messenger so I give out one of my yahoo messenger ID's that I don't use very often and decided to take the conversation there.  Within a few minutes I identified myself as the site owner, played along like I needed a model for Ads that I run and more less had a little fun.  The individual then requested I join teenlove.com (a paid sex chat site, some of you may not mind this so far.) and that's when I said sure, and hopped into the admin panel to block the IP's and do away with this person. 

Oh, if it had been so simple from that point on... They became irate and threatened to run a DDOS Attack on my server, knock it offline for 6 hours, hotswap my database and many other things... I went ahead and ran the IP used to sign up, they made a huge novice mistake and didn't proxy it when joining, and made contact with my host who added a couple security measures to the server with cron jobs and rules for mod_evasive and obviously I already  run Brute Force.  Now, I'm not a guru when it comes to the server, that is what my host is for and I pay them to make sure this thing is as close to unhackable as it can be.

Next, we sat back and watched this idiot hacker (I could of done a better job and I really don't know anything about servers) attempt to come straight into my server and try the wrong password and the wrong port... It didn't take long for BruteForce to kick him out.  Of course, it was on the same exact IP that the idiot attempted to join on.

Next, I pulled the server logs showing the futile, but still an attempt, to access the server, contacted the Long Beach California Police Department and have provided them with both the conversation and server logs.  Did you know it's a real crime to threaten to take down someone's server?  It's an even bigger crime to actually attempt to do it.  Now, this novice hacker has been swatted, the site took zero seconds down time and the internet community is a safer place without this idiot who wanted to get credit card information via a sex cam chat site. 

The purpose of this thread is to say thank you to a few people for building a script that if we pay attention to what we are doing and who is on our sites, makes it so we can protect them.  So, here is the list of individuals I owe this thanks to:

Boonex Staff.  You guys have created an awesome script, that while it takes some time to learn how to use it, does a phenomenal job of allowing us site owners to communicate with members and find out what they want without always having to announce ourselves as Admin from the start.

AntonLV, you have created some amazing mods that you know I use on my site and they performed better than I could of hoped they would of.  I didn't even have to go look for the duplicate IP accounts.  Your mod placed them one right about the other and pointed them out to me to check.  This is exactly what Dolphin sites need and you did an awesome job with it.

I hate this part... But I have to thank all who have contributed... Sammie, we may not see eye to eye on many things but I have to say thank you for your mod on hackers, it performs wonderfully and allows me to run the site the way I want it to run while giving major piece of mind when it comes to making my site perform seamlessly... Yes, I am saying thank you to you for this....

Now, I'm off to learn the rules for some of my security features so I can see if there is anything else the site needs to protect it from future idiots.

Thanks guys for all the hard work it takes to create a script like this and making it all flow so seamlessly...  One Amateur Hacker down and a zillion to go... :))

Congrats!

I'm happy to say that you have given me new-found hope in Dolphin.

Again, congrats man.

Interesting story - did you learn for a fact they are in Long Beach?  Yes, of course it is a crime to threaten to destroy someone else's property - that is not free speech.  The bad English makes me think maybe they had hijacked an IP address - the U.S. is supposed to be an English speaking country.   I lived in Nigeria for a while, and love that country, but it is true that many of the spam and fraud operations still originate there.  Here is a good investigative piece the Los Angeles Times wrote - it is about three years old, but still worth a read: http://www.latimes.com/technology/la-fg-scammers20oct20,0,301315.story?coll=la-tot-promo

-

Rob

I tend to agree that its other countries on the whole, not america with the vast amount of this kind of stuff going on. As daft as it seems ive actually adopted one on my spiritual forum, He's only a young lad and from the philipeens, and he along with many others get paid to post in places placing adds in their siggys, and usually its for big sites that seem to target this cheap slave labour from somewhat third world countries. so i let him post on the forum while allowing him to place his links in his signature. Seems to work this softly softly catch a monkey, because ive not been bothered with anymore in over  two years, not even one spammer on that site, and last count we have over 20,000 posts and not one spam ever. Not sure if it's anything to do with this young lad and the grapevine. I know this lot can get nasty though if you take their soothers away from them.

Regards

Tyke

Update:

Thanks to the Long Beach California PD we have confirmed this amateur hacker was in fact in Long Beach, an Australian who had migrated/immigrated to the US.  Kinda hurts my feelings to find that part out.  I just got done talking to long beach and we went over the issues he caused.

Seems that by installing the mod_evasive onto the server, it created issues with delicensing the widgets which put the site down for hours, killed my ads that were supposed to run starting at midnight (I run a new campaign every day starting at midnight and I lose the day if it's not ready to go right at midnight).  It seems the server log and yahoo messenger conversation was enough to pay the individual a visit and do a little questioning/detecting on the PD's part.  Not sure what all they have yet, but they did advise the individual is with them right now and I shouldn't experience any more problems.  They are going to charge him with hacking due to the site going down by our installing the mod_evasive in an attempt to prevent him from disrupting the site and it causing the disruption.  The officer said they view it as he caused the problem with his threats and futile attempt so let him pay for it and the attorneys can sort it out.

So, we have confirmed this idiot hacker and before you do what I did, installing mod_evasive onto your site, please take a moment to make sure it won't disrupt other items when you do.  If anyone has installed it successfully on a dolphin site without it causing disruptions to the widgets please let me know...

Thanks

What were the security measures that you placed on your server? Some of the very important posts have been taken down by the owners and we all could use this information. I googled Brute Force and came up with many downloads...If you could be so kind to direct us....

-

Thanks.

-

~~L

Your profiles don't work:

Fatal error: Call to undefined method BxTemplCmtsView::isOwner() in /home/mydatery/public_html/templates/base/scripts/BxBaseCmtsView.php on line 213

 Profiles work fine, you caught it in the middle of me modifying the comments section of the site.

You forgot to answer lreptons question.

I would also be curious to know exactly what software your using to catch the brute force logon attempts.

Ditto Dean....she says waiting patiently.

-

~~Lorren

-