homepage Welcome to WebmasterWorld Guest from 50.19.169.37
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
Identify hacker from IP
Identify illegal user from ISP
shady




msg:393286
 8:46 am on Jul 21, 2004 (gmt 0)

My server has recently been used to send out spam email through one of my customer accounts. It appears that somebody has managed to get hold of his password.

I have a few IP addresses that this person has used and they are all through 1 dial up account.

Is it possible that the ISP would be able/willing to identify the user, if given the IPs used and times?

 

wheel




msg:393287
 12:09 pm on Jul 21, 2004 (gmt 0)

Without a warrant from the police? Doubtful.

Plus, chances are reasonable that the IP is a hacked machine and not the originator.

encyclo




msg:393288
 12:57 pm on Jul 21, 2004 (gmt 0)

Hackers and spammers are criminals, and they are very unlikely to use valid information to get a dialup account anyway.

Just grab one of the 2 million AOL CDs which arrive in your mailbox each week, and sign up using a stolen credit card. By the time your free month is up and AOL realise the card is stolen, the criminal has switched to another dialup account. This isn't even going into the details of anonymous proxies, zombie networks and the like.

If you're in the US, unless you can prove that more than $5000 damage has been done, it isn't even a crime - and the FBI aren't interested unless the damage exceeds several hundred thousand dollars. Same goes for most other juridictions, too.

Dudermont




msg:393289
 3:38 pm on Jul 21, 2004 (gmt 0)

Well it is most likely that the police will not do anything. They did dial in from somewhere. Unless along with there aol cd stollen credit card with address and name to match, stollen username and password, not to mention the anonymous proxies and other such things they are using, they also started breaking into houses to use others phone lines...

the information to find out who it is is most likely there, just might not be worth the time to get it when it would not be easy to charge them with anything...

I don't believe that the people doing things like this take that much care in hiding there identity because with the laws and what law inforcement is willing to do for someone sending email isn't all that much.

m_shroom




msg:393290
 3:46 pm on Jul 21, 2004 (gmt 0)

Is it possible that the ISP would be able/willing to identify the user, if given the IPs used and times?

Yes but it would only be the valid user's name, which should also be available by viewing source on the e-mail.

Only if the ISP is subscribing to and loging call display more info could be gathered.

shady




msg:393291
 5:19 pm on Jul 21, 2004 (gmt 0)

I have just received an abuse warning from my host!
I believe the security holes are now closed but it is very frustrating that my business could effectively be suspended due to the abuse of a third party!

encyclo




msg:393292
 5:45 pm on Jul 21, 2004 (gmt 0)

The ISP will only ever reveal their client to the authorities who make a request with an appropriate warrant. They will never disclose more than that to you as it would put them in the position of them breaking the law for letting out confidential information. However, if you know the ISP, file an abuse report and they can take action to shut down the dialup account at least.

Shady - send a full report and explanation of what happened to your host - but if it is as you say that your client was careless with his password, then your client must take some of the responsibility.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved