1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

How to face a Blackmail? Has anyone experienced it before?

Discussion in 'Legal Issues' started by Melvinng, Jan 19, 2009.

  1. #1
    Hey Guys,

    I really need your help, about 2 days ago someone emailed me saying that if I don't send him the source code of my site, he will repeatedly attack my site.

    I don't know what he is doing but it seems that he can do some how do a sql injection, he is also making life really hard for me by deleting all my files that are hosted in rapidshare. The files are not illegal is just that he can reports it and gets it deleted, even if they are hosted in a premium site.

    I have also tried changing hosting but it doesn't work.

    There is no way to protect mysql injection, because I have so many forms and search feature. I need someone that has experience this before, and how did he face the blackmailler.

    I am thinking to send him a piece of code that is really complicated, so he won't understand. (But I don't have anything that complicated) or a Virus or a remote access, but I don't know how to do either?
     
    Melvinng, Jan 19, 2009 IP
  2. hostlonestar

    hostlonestar Peon

    Messages:
    1,514
    Likes Received:
    50
    Best Answers:
    0
    Trophy Points:
    0
    #2
    What IP is he accessing your site from? Have you tried blocking it? (I know, proxies blah blah blah) Blackmail is illegal, so is hacking a site. Let your host know about it so they can take precautions as well as any legal action they can. Since your host owns the servers, the guy is also attacking them, which is also illegal. Best thing to do is find out his IP, contact Law Enforcement in the country/state his IP belongs to. And let your host know what is going on. Changing hosts won't help you out at all, unless your host's security setup is horrible. Don't give in to blackmail, that only encourages people. And obviously the guy isn't that bright as you can see the source code in browsers.......
     
    hostlonestar, Jan 19, 2009 IP
  3. browntwn

    browntwn Illustrious Member

    Messages:
    8,347
    Likes Received:
    848
    Best Answers:
    7
    Trophy Points:
    435
    #3
    If you were in the US I would contact the FBI.

    Blackmail is a crime in most jurisdictions. Have you contacted your local authorities to see if they can assist you?
     
    browntwn, Jan 19, 2009 IP
  4. sterday

    sterday Active Member

    Messages:
    214
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    60
    #4
    Hello

    Don't share your source code with that guy anyway, some people like this only ridiculous. . Well listen what our webmasters say, But in my opinion don't share anything with that guy, then he will finish everything. . Take care. .
     
    sterday, Jan 20, 2009 IP
  5. Sapphiro

    Sapphiro Well-Known Member

    Messages:
    1,242
    Likes Received:
    61
    Best Answers:
    0
    Trophy Points:
    175
    #5
    Ermm, use parameterized statements for your SQL codes? :l
     
    Sapphiro, Jan 20, 2009 IP
  6. druidelder

    druidelder Peon

    Messages:
    285
    Likes Received:
    17
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Using stored procs an opposed to sql written on the page will help. Also, use field validators to strip away characters that are the culprit of sql injection. In MySQL you can use the mysql_real_escape_string.

    Samples here
     
    druidelder, Jan 20, 2009 IP
  7. Blakfalcon3

    Blakfalcon3 Banned

    Messages:
    41
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #7
    I got blackmailed into stripping on webcam or a 48 year old, he said that he'd blow up my pc if i didn't :(
     
    Blakfalcon3, Jan 20, 2009 IP
  8. terrymason

    terrymason Well-Known Member

    Messages:
    727
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    145
    #8
    Step 1 - MAKE A BACKUP

    Then make sure to upgrade to the latest version of whatever software you are using.

    Have you tried turning on things like CSF firewall, and mod security?

    You should not send him code, because this will just encourage him to keep doing this.
     
    terrymason, Jan 20, 2009 IP
  9. -Joe-

    -Joe- Member

    Messages:
    97
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    43
    #9
    Get his IP, there are plenty of people with botnets out there.

    One word. DDOS.
     
    -Joe-, Jan 20, 2009 IP
  10. ali123

    ali123 Peon

    Messages:
    593
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #10
    Sorry I know this is sad but I had to LOL!
     
    ali123, Jan 21, 2009 IP
  11. Toonarme

    Toonarme Peon

    Messages:
    81
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #11
    How was he gonna blow up your PC?
     
    Toonarme, Jan 21, 2009 IP
  12. TheSyndicate

    TheSyndicate Prominent Member

    Messages:
    5,410
    Likes Received:
    289
    Best Answers:
    0
    Trophy Points:
    365
    #12
    Contact the FBI or any agency in your contry. Fight back him the same way contact the email provider he use and close him down all the time.
     
    TheSyndicate, Jan 21, 2009 IP
  13. Paul8368

    Paul8368 Well-Known Member

    Messages:
    614
    Likes Received:
    13
    Best Answers:
    0
    Trophy Points:
    110
    #13
    The obvious answer is the law of course but its difficut to enforce so you'll probably have to deal with it yourself.

    Which site is it that he's attacking? Will you lose much if you take it off line for a week or so maybe? do you have a lot of regular loyal users who you could post a notice to so they know what is happening?

    I would recommend you don't send him the source code as already stated above blackmail is illegal. I have had sites attacked before, just reinstalled my back up each time they soon give up. Perosnally I wodul not respond to him and make sure you block his IP if he's fixed. If not block his whole country or region in your htaccess file and see if your host can help as well.

    Also you could convert your forms to manual email submission in the short term so he can't get the code in, a pain I know but if you close the door he'll soon get bored then just switch back after a month or so.

    If you post the domain someone might embed some malicious code in the source bore you send it maybe, not me as I don't know how but I'm sure there are people out there who do.

    Paul
     
    Paul8368, Jan 21, 2009 IP
  14. hostlonestar

    hostlonestar Peon

    Messages:
    1,514
    Likes Received:
    50
    Best Answers:
    0
    Trophy Points:
    0
    #14
    Blackmail is not difficult to enforce...........
     
    hostlonestar, Jan 21, 2009 IP
  15. healthuk

    healthuk Peon

    Messages:
    47
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #15
    It seems they are either your competitors or somebody you know. Never give out your source code to anyone.
     
    healthuk, Jan 22, 2009 IP
  16. pitagora

    pitagora Peon

    Messages:
    247
    Likes Received:
    9
    Best Answers:
    0
    Trophy Points:
    0
    #16
    if he was smart enough to find and exploit a vulnerability in your site there is no way he is going to fall for the thing with "complicated code". Noting is too complicated and he is going to know right away it's not what he expected, even if he doesn't understand what it is. Dumb idea...forget about it.

    You either give in to the blackmail or you fix the vulnerability and laugh :) Since you don't know how to do the latter find somebody who does. He will have to review the logs, the source code and modify it. Obviously this will cost time and money, and in the end you will still have to show the source code to somebody, but at least you will do it with a person you trust. Ask your self how valuable that source code is. You could very well just send the hacker what he wants, if you can make a deal with him to tell you what to fix (don't give him access to the server!) and to leave you alone. It really depends on what kind of person he is.

    You could of course go to the police but if we are not talking about a lot of money they'll just laugh at you, and even if they do help you will still have to fix the vulnerability or other will do the same, or a lot worse.
     
    pitagora, Jan 22, 2009 IP
  17. hostlonestar

    hostlonestar Peon

    Messages:
    1,514
    Likes Received:
    50
    Best Answers:
    0
    Trophy Points:
    0
    #17
    What kind of a police department laughs just because there is not a lot of money involved? You must have some crappy law enforcement where your from.

    You can always file a complaint with the Internet Crimes Commission. I still think you should let your host know, as they are in a good position to get things set up to help you (minus any exploits) Have you tried updating your software on your site?
     
    hostlonestar, Jan 22, 2009 IP
  18. Knewber

    Knewber Peon

    Messages:
    116
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #18
    If this guy is going to blackmail you with an SQL injection, he could very easily rip the source code of your website himself (depending on how big your website is). So if you only have a small website, then I wouldn't worry.
     
    Knewber, Jan 22, 2009 IP
  19. WeekendWarrior

    WeekendWarrior Banned

    Messages:
    92
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #19
    Man that really sucks =/ sorry that you have to go through this
     
    WeekendWarrior, Jan 23, 2009 IP
  20. pitagora

    pitagora Peon

    Messages:
    247
    Likes Received:
    9
    Best Answers:
    0
    Trophy Points:
    0
    #20
    yes and no. But if you think your police department would invest tens (possibly hundreds) of thousands of dollars tracking that guy through god knows what countries and proxies you are deluding your self. Not to mention the time frames involved for getting international warrants. He needs to deal with this now, not 6 months from now. Getting a security consultant to review the script is still the best advice.

    an sql injection alone can only in very rare conditions allow a hacker to read files on the local system. He'd have to find some other vulnerability that coupled with this sql injection would grant him access. Since he risked to contact the owner I dare say he can't/doesn't know how to get the source.
     
    pitagora, Jan 30, 2009 IP