Anyone interested in shutting out and then shutting down a growing hacker?

Hi,

One of our website properties is continually getting hacked by the same guy. Unfortunately we are having difficult time figuring out how he is getting in. We have changed things on our end to shut him out, but no luck. We did get a 5 day reprieve from the problem after our latest changes, but he's right back in.

While I would like to figure out how to fix this once and for all for us, after doing some search, I found over 2,000 websites that have been hacked by this guy and I believe the number is growing. What I think we need to figure out is how to shut him out and then down.

I don't want to give away too much in this message and avoid any alerts. I have enough details from my research. If you feel you can help and want to help let me know through a private message. This will require skills in php and mysql.

Thanks.

 

It's useless to "shut down" hacker, just fix Your security hole.

 

If he is coming back, you need to improve your security. He might have stolen your FTP password (did you change it?), or left a backdoor.

If you want us to take a look at it, let me know (our company focuses on solving web-based malware and attacks).

-dd http://sucuri.net - Web-Based Integrity Monitoring

 

what scripts are you using on your site ? and are they all up to date.
have you also checked your mysql to make sure that the attacker has not enabled remote connections and added themselves as a user ?

 

You can try filing a complaint with IC3 The Internet Crime Complaint Center http://www.ic3.gov/faq/default.aspx If there are others involved get them to file complaint's as well so they take notice

 

Shutting him down is definitely not the way to go because it takes alot of both time and money.
If you care for your website security you'd go for securing your own website, that's the least you can do.
Some of my suggestions:
1) Check your whole website for security holes he may have been using. SQL Injections, LFI, RFI, and all these. Alternatively you can use website vulnerability scanners such as "Acunetix."
2) Look up your system logs, see what he uses to breach-in. Scan for shell files (such as c99, r57...)
3) Change your passwords, including FTP, cPanel, SQL databases etc...

Good luck.

 

Contact me I might be able to help you track down the person doing this, and/or help you secure your server and site.

 

They aren't going to do shit, unless you are a million dollar company, your wasting your time.