Help, I was (almost) hacked!

Pissed off, eh? Me too! After you put together your site (small or big, hobbyist site or a large corporate one) and installed all the security gizmos available out there you began to receive all kind of alerts about hacking attempts. This is the good scenario - succesful hacking attempts usually aren't reported: you experience the sometimes devastating effects by visiting the site.

Anyway, you probably get frustrated over time, and you definitively will try to do something above just stopping these attacks.

What you can do?

 

An often overlooked possibility is under your fingertips: you can report these guys on various sites and add them to blacklists making their life hard.

First of all, you should use one of freely available services and networks to detect bad guys. My favourite is Project Honeypot http://projecthoneypot.org/, and Joomla has several tools you can use to benefit from their services. There are couple of plugins to implement the httpBL framework their are supporting, and most of good security components, as sh404SEF (surprised? yea, is a security component too) are supporting it out of the box. My first thing after installing a new Joonla site is to add this to the defense arsenal - and to install the honeypot script, personalized to the site too. Also check http://www.honeynet.org, they have some great tools too!

If they are coming from a country with well estabilished legal backround on Internet fraud and hacking, your first step should be to locate their ISP an issue a complaint about what they did and where. You can be sure, that the ISP will take the needed measures - it's their vital/commercial interest to not be associated with such activities. for this one of my preferate sites is http://www.arin.net. Just type in the attacker's IP address and hit  Enter. they willl give you all the info about the perpetrator's ISP company and administrative emails and telephone numbers. You just need to use them.

You can also use RIPE's AbuseFinder tool: https://apps.db.ripe.net/search/abuse-finder.html.

If the hacker comes from US - the one pissed me off enough to write this is from Texas  - you can go to FBI's website, locate the Internet Crime menu item and file your report.

But what if the attacker comes from a country where nobody seems to care about these kind of actions? You think the situation is hopeless? Wrong. Tools like ProjectHoneypot's and the various IP blockers are stopping them from anywhere they might come. And there are more ways to add their IP to publicly available blacklists - and more and more people are using these data to block the bad guys.

Here is a short selection of my preferred sites to file your complaints:

iPillion: http://www.ipillion.com - here you can register an account and file a complaint withouth using the Captcha protection they have and listing your IP - or you can list the attacker's IP and the malicious act directly, if you are a bit lazy...

dShield: http://dshield.org/  - these guys have some great security tools for various Internet devices, and are happy to receive such reports and to use the gathered data to enlarge their database of bad guys.

IPFraudReporter: http://www.ipfraudreporter.com/ - also a great resource to lod them.

NetWatchman: http://www.mynetwatchman.com - old, but still up and working service.

There are more, of course. Check back, I will keep you updated!


betin72 made a real revolution in the industry.

Learn more about hosting webhostix at http://webhostix.com.mx