I have just been hacked again. I had a deface screen up, saying that the people who done it are: Mr.Mix Bloodshot Blackhacker There has been this guy hanging around my forums spamming, flaming and making threats. I have his IP address, but every single time he logs in he has a different one. How can I catch this guy?
try whatismyipaddress.com..............and resolve the ip add to get the persons location..............
You need to focus on patching the holes rather than destorying him, Because just as he was able to deface you; others would and can too. So find how hes 'hacking' you and secure it. If he's using different IP's every time hes logging on, its likely he's on a dialup connection or using proxys. If the IP's are in similar range just ban the range if not then it will be harder and you'll have to ban them manually. If your using a well known forum script then you can get anti-spam module/addons, languange filters and verification by admin to create an account. These could be useful in detering him if he's causing you too much hassle. Peace.
Right, instead of searching the hacker, try to fix your server security holes. Hackers do not use static IPs, they use proxies, other hacked servers to hack more servers. You need to check what they did, make a note of the time they changed the files and search the server logs accordingly. If they are spamming your forum, enable Captcha. Change the passwords of your account, forum admin area and other necessary server side security settings. If you make sure he cannot get into your server/website, you don't have to worry about his threats.
I agree. I once wrote an article about this that it is not good to even acknowledge attacks or hacks to the public or anyone for that matter. It is best to quietly fix the problem in the background, ignore your attacker and dont even acknowledge it. If anyone asks about what happened or any downtime just answer with "problems with site" If you start making public posts or challenges to the guy then it will only give them a resolve to continue. If you dont acknowledge it in the least then that is the best revenge because you show the guy he is nothing and not worth your keystrokes.
Even if this guy has different IP addresses, you should report him to the abuse department of the address owner.
Don't forget to make sure ALL your computers are patched up. So often the hacking occurs through another mechanism - - like your personal computer may have a virus/trojan and those guys have gotten ahold of your passwords rather than actually exploiting a weakness. I recommend keeping all you login credentials in something secure like Keepass or PasswordSafe. Also avoid making updates or logging into your sites from any untrusted computers (like library or university computers) where keyloggers may be installed. Change your passwords often! Make sure there is a secure interface to log into your site (https) so passwords can't be sniffed.
Instead of having destructive plans ... grow stronger yourself - study your software - until you understand its basic function and security issues - study and understand your sever - then configure as secure as possible - adjust your permission settings across all site to the minimum possible - close ( chmod 000 ) all admin sections that are of no regular daily use then after all security work done on your SW and server run a security check on your entire site ( example by nessus ) then install mod_security2 and snort if your site gets hacked = NO need to destroy others - be grateful that others pointed out your own weakness.and learn to stay within your own limits - if your own limits / skills too little to run a site securely, then you are a danger to society and need to upgrade your own skills until all site secure. true hackers can do lots of real damage to society and economy FAR beyond defacing a site. insecure sites are a potential danger to society and thus need to be secured ...or shut down. truly damaging hackers never leave a signature behind ( deface ) - true cyber-criminals USE your site silently for their criminal purpose with as little background noises as possible. all you need NOW to do is to study ALL server logs until you find the ONE entry when all started and where it started then all above. a few hundred hours should be enough to study and solve all and you learn a lot about your site/server/applications running until then shut down all potential SW that could be a possible entry point
get a firewall,,,most virusts now days are entered in ones PC with either porn sites or downloading pirated software.....