SitePoint Sponsor

User Tag List

Page 2 of 2 FirstFirst 12
Results 26 to 32 of 32
  1. #26
    SitePoint Enthusiast Durinthiam's Avatar
    Join Date
    Jan 2005
    Location
    www.raidshout.com
    Posts
    87
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Andrewaclt
    In that case, I'd be ticked off too. Send him an email saying he crossed the lines. You are working on fixing it, make sure he knows this.
    He's not crossing the lines. He's saying what I said, fix the flaw first :P

  2. #27
    SitePoint Addict
    Join Date
    May 2003
    Location
    UK
    Posts
    243
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How can anyone know the motives of the person, I'd rather not use the word attacker until you know his intent is malicious.

    Either way, at least you now know there is a flaw .....

  3. #28
    SitePoint Evangelist Andrewaclt's Avatar
    Join Date
    Dec 2003
    Location
    Raleigh, NC
    Posts
    535
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    He's not crossing the lines. He's saying what I said, fix the flaw first :P
    To continue to illlustrate a flaw time and time again after it has first been demonstrated so that it interrupts operation is unethical, and he did indeed cross lines. His intent becomes malicious when he disrupts service time and time again causing the admin to waste time better spent on fixing the issue.

  4. #29
    SitePoint Addict
    Join Date
    Oct 2004
    Location
    Brooklyn, NY
    Posts
    359
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't think the ethics surrounding various security activities like this are as clear as you guys seem to think. I would be slow to demonize this particular person, but I also wouldn't be praising him and his good intentions without learning more. It's definitely a subjective and unclear situation, as are many.

    My original point was that it's best to not jump to conclusions, especially since this seems to be an automated tool that is "contacting" the administrator each time. It could be a malicious teenager, a curious developer, or a benevolent computer science professor. Who knows?

    The first order of business is to fix the flaw. If this takes more than five minutes, I'd be surprised. You can always post details here and probably get some advice within that time frame. After that, you can try to contact the notifier, speculate as to his intentions, etc.
    Chris Shiflett
    http://shiflett.org/

  5. #30
    SitePoint Zealot ablueman's Avatar
    Join Date
    Jun 2005
    Posts
    178
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    [rant] He hasnt done harm he has just shown you that the changes you made were not sufficient.

    Any sensible web developer in my opinion would either rip the whole forum down until it can be secured, or segment that area with a password or something / replace it with a temporary secure forum.

    You are a haystack with an open petrol can next to it at the moment. Imagine if this site had sensitive data on it. That could be a breach of the data protection act.

    By not securing the fault you are, I feel, being somewhat ignorant to the risks. Someone else could bust in to the site the same way and be posting all sorts of stuff that you really dont want on there IN YOUR NAME and you could actually get in legal trouble for. Or he could harvest usernames / change pass's and cause you years of false posts appearing from trusted users.

    You could end up getting ure butt dragged through court cus of a scriptkiddy.

    Take the thing down till you can fix it. Problem solved. And thank the guy because he could have done something alot more malicious.

    People have been sued over Racism / Porn / Deflamatory content on websites and have lost alot of money because of it. Even the ISP's have been sued and settled out of court because the case may not have been strong enough to defend.

    Sorry to rant but I really think you should take a look at the bigger picture and stop complaining about this guy.

    he didnt have to change it to the same password as before. He could have just changed it and then gone and posted it somewhere where the dregs of digital society could get hold of it and abuse it.

    [/rant]
    Last edited by ablueman; Aug 2, 2005 at 09:13.

  6. #31
    SitePoint Evangelist sputza's Avatar
    Join Date
    Jan 2002
    Location
    Canada
    Posts
    528
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I agree. He is doing you a service. Fix your code and then thank the guy. Even if he is just a little 12 year-old who is bored on his summer vacation.
    Steven Watkins
    Chief Web Ninja
    Code Monkey Interactive
    lowgravity.ca

  7. #32
    SitePoint Member
    Join Date
    Sep 2004
    Location
    VA
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Our forum was attacked a few months ago, and I was able to obtain the IP address of the attacker. I contacted his host, but they did little to nothing; and never bothered to respond to any of my emails after the first one.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •