Utter distress, please help. Being attacked...

[Subsane]

I have an ex-member who has hijacked and hacked my clan website. Absolutely destroyed the site in matter of an hour actually. http://www.75thairborne.com Because he was caught hacking in game with another member (not his first offense) and we removed him from the clan. So he retalliated. We need to ensure he stays off our ventrilo server as well but he goes through a router and the ip jumps. Hard to ban an ip you don't know... Please help! Any advice greatly appreciated right about now...

*bangs head repeatedly on the desk*

This clan has been around for years and I refuse to let him dismantle it. Over 50 members, 4 games, and so much work to get where we are.

I'm speechless....just absolutly stunned.....Imagine this happend the speedguide site...

HELP????

[cyberskye]

Do you own/control the server internet connection?

EDIT - give some specs - OS, routers/firewalls. How did he get in?

I am not sure what security the applications could provide - doubt it's much. Rather than block him, you could allow only the valid users - via ip addy, require vpn access - though this would hurt bandwidth noticeably...

[Subsane]

PS. Thank god our old forums from over 1 year ago are still active.

Note: Only click this link if you are NOT offended by foul language....gunna be some venting going on. http://kwyjibo.suddenlaunch.com/index.c ... 1084509276

[cyberskye]

^bump^

we cross-posted while I was editing.

Don't wanna get involved - happy to give what advice I have.

[Subsane]

Do you own/control the server internet connection?

I don't but I think I know who does.....90% of our members don't even know this has happend yet as they are all in bed! (EST)time. I lead (or used to for now) the 2nd battalion, my co-officers are going to freak...

P.S. it may be possible the hijacker owned the domain....or possibly owns our 4 game server domain...god help me

[YeOldeStonecat]

We need to ensure he stays off our ventrilo server as well but he goes through a router and the ip jumps. Hard to ban an ip you don't know...

Router or not router, it's his WAN IP that counts if he has a router. You mean he has a dynamic IP which changes from time to time? I don't know about Ventrilo, but can you ban an IP block? Like is he often has 64.65.66.678 one day, and 64.65.66.679 another day, and 64.65.66.680 the next day...can you block 64.65.66.xxx?

I don't know what "stuff" he had access too...but time to change passwords well, look for back door accounts he may have created, etc.

[Subsane]

Update.

We moved to another ventrilo server, and he's hacked that as well deleting all admin accounts. If I have his IP, can't his isp pin point him and contact him? This kid (yes he's 15-16) is causin some real problems and if I have to contact multiple authorities AW!@$R~@R~@#$jhbgkl;jgbhFV

F_*K IT!!! I'm takin the dog for a walk

[TonyT]

We moved to another ventrilo server, and he's hacked that as well deleting all admin accounts.

If moved to a new server & he still can gain root access then your server is improperly configured, needs shadow passords, needs new password for root and password should be a MINIMUM of 8 characters using upper and lower case, some numerals and special characters. (example: T6y3+@wZ )

Most likely he is sniffing packets sent to the server and he is grabbing your password and username. Or he has installed a backdoor program on the local compouters that have admin rights on the server.

[BlastU]

try a different forum software, there may be an exploit in this one? try that for a few hours, see if it holds up, don't delete the old one.