Page 1 of 1

Say I "caught" a cracker...

Posted: Wed Oct 01, 2008 5:46 pm
by The_Anomaly
I'm looking at PHPIDS, which is beyond sweet, and I'm wondering what I could do if I recognize the attack, and log the IP address of the attacker. I mean, could I report it to the authorities? Or just ban his account, add cookies that wouldn't let him back, block his IP for a bit of time, and hope that something bad happens to him?

All I can think of is the IP address. But cant' anyone with even a free proxy get around that? Is there ANYTHING else we can do against crackers that attack? Or just try to fill every chink in our web applications' armor? Heck, out of sheer curiosity, what's the law regarding going all "virtual vigilante," and "counter-cracking?"

Re: Say I "caught" a cracker...

Posted: Wed Oct 01, 2008 8:11 pm
by josh
The_Anomaly wrote:what's the law regarding going all "virtual vigilante," and "counter-cracking?"
only a lawyer can answer that with certainty, for your situation in your local area with your local and countries laws

My best advice would be to worry about the security holes that let him in, and not so much worry about the individual or why they choose to do it. Don't retaliate, react

Re: Say I "caught" a cracker...

Posted: Thu Oct 02, 2008 12:57 am
by The_Anomaly
Yeah, if I were to do that, I'd most definitely consult a lawyer. However, as you said, the best option is probably to just to caulk all the holes--not run around trying to crack the crackers ;) I was only wondering, so I thought I'd ask here.

Re: Say I "caught" a cracker...

Posted: Thu Oct 02, 2008 12:36 pm
by josh
Yeah, when I used to do that stuff I got lazy and didn't coverup my IP once some guy found my email and was like wtf I was just like umm lol

most of the time theyre just some kid like me doing it for fun, with no bad intentions