If he's in the US then he's in trouble. Or at least should be.

First, I'd contact the company with the account number and let them know one of their customers was using their service to commit a felony. Then I'd contact the FBI and let them know I was being blackmailed and give them all the info. Lastly, try to enlist the help of online friends to track him down via the account number given. Turn the tables. Let him know you know who he is and he just f'd with the wrong bull.

Come strong. Bully's and blackmailers only pick on the weak.

ahh, extortion

I would gather as much information as possible about this person and contact a lawyer.

be careful about crossing the lines of the law by using strong tactics yourself

Contact e-gold. Contact the FBI. Contact your own country's equivalent. Don't waste time with a lawyer unless they can get you to these investigative agencies. You can't sue someone you can't find.

Don't waste time with lawyers, go straight to the authorites. The lawyer would probably cost as much as the blackmailer. Being in India it may be a bit harder to get the authorities to act quickly but you have to try that route also. These types of scumbags do not stop if you give into their demands, and since he has your client database he will probably go after them as well. You have to let him know in no uncertain terms that you will take action against him. The suggestion to report him to e-gold is also good. Also contact the email service provider free or not most will close the account.

Do all of the reporting stuff mentioned +

- Move your site to a host renouned for their security.

- perhaps put your site on a secure SSL server.

I don't know much about hacking but I believe the host setup makes it easier or harder. Some hosts are very well setup and some not.

Did you think about it

are you sure that the hacker did not get the info by placing some spyware on your local machine

are you sure that he/she does not have capability to read your email

Reason: He/She could read that thread and know about your next move

good luck

henry

Yes, spyware sounds like a strong possibility. Also, do you have an unencrypted wireless network? Shut down any security hole. Get your Windows updates. Make sure you have virus protection, just in case. And get spyware protection - and not those freebie spyware programs that masquerade as anti-spyware.

if its spyware read this article on how to protect yourself.
<snip>

[edited by: stuntdubl at 2:46 pm (utc) on Jan. 13, 2005]
[edit reason] No urls, thanks. See TOS [webmasterworld.com] [/edit]

To get rid of any spyware you may have i often use adaware and spybot search and destroy.

Ad aware [google.co.uk]
SpyBot search & Destroy [google.co.uk]

Remember to get a Firewall like Zone Alarm Pro. and if you have Windows without service pack 2 enable your windows firewall.
[microsoft.com]

Change all your ftp passwords, email passwords, maybe even computer start up passwords.

RJ

I just thought of something. I think you said the Hacker sent you information about your files and file structure, AND that they did not actually change anything.

Are you on a shared unix-type host?
I'm not a techi but my Programmer explained to me, if you use a shared unix-type server it is possible (using telnet) to VIEW all of the files for accounts that share the same server as you, but you CAN NOT CHANGE THEM.

So I wonder if the 'hacker' can only view but not change anything? You would think the hacker would change something on one of your pages to prove their ability e.g. create a harmless typo or something just to make the point. If you are on a shared server ask your host to move you to another server.

I think a lot of this is beside the point.

The perp threatened this and that unless you PAID him.
That is extortion, clean and simple.
I can't imagine a court of law that would find otherwise.

Your job equally simple. IDENTIFY the perp and turn him in to the authorities.
Better yet, go to the police/FBI (or equivalent) and get their help finding him.

Case closed. Stop wasting time and get him behind bars where he belongs.

- Larry

Actually you have 2 jobs:
1.) The most important thing is to protect your business, the 'person' may never be found!
2.) Then... see if you can catch the low-life.

Havn't heard anything from Manish_Singh. Are you still there? What happened?

Thank you all for your valuable inputs and suggestions. I do read this thread daily. I did contact FBI, e-gold and my local police.

E-gold needs court orders to disclose any account information. Nothing less than this will do. The local police is investigating the case. They have contacted the ISP whose proxy server was used to connect to my website.

FBI is yet to reply to my initial complain, although they did ask for the email message headers and other information.

I don't connect to my website's control panel using a wireless network. I have all the latest windows updates, SPYBOT Search and Distroy. etc

I contacted my host and was told that telnet is disabled on all accounts. They use some apache mod which restricts each user to their home directory. So its not possible for other account holders to read any files in other hosting accounts.

I downloaded my server logs for past 3 days and went through them bit by bit. After going through the logs for over 6 hours, I came to know how the hacker intruded : My old phpBB support forums. :(

He was able to read my config.php file, database files and the directory structure using a security hole in phpBB forums software. He/She found a directory with permission 777 on my website. I wont go into more details here as he/she may be reading these posts as well.

The hacker was not able to do anything as I had deleted the phpBB forum software, 777 directory and changed all passwords. I took a backup of the site, deleted the old files and uploaded the files from my computer. Ran a virus check on the server. Everything is back to normal now.

If you guys run a forum which uses phpBB, please do the following.

Update PHP to 4.3.10
Update phpBB to 2.0.11

There are major security holes in older versions of phpBB as well as PHP. This could allow a hacker to gain administrative access on your forums and read other files as well.

Thanks again for your valuable inputs and happy new year :)

MS

HEHE I had this LONG response about this, then I read your last response hehe. SO, I would say..the best thing to do is forget it. I am sure you will be paranoid for awhile and take all the necessary steps. I wouldn't email the hacker back, especially don't piss him off or he will continuously research new exploits in hope of finding they work on his 'bookmarked' sites. You don't want to be a target for 'terrorists', which is what they are. Stay LOW on his radar, best way is by not responding to him. If you do, the best you could do is be humble and tell him you are a poor man just trying to scrape a living! hehe.

Also, I would suggest that you do not run 'fun' things on your development machines/host. IN other words, keep the instant messengers, MIRC, games, etc OFF of your development machine. The more things oyu have that are unnecessary on your machine, the more chances for exploits and backdoors and thus...hackers discovering your software/information.

GL TO YOU!

S

PHP is not at fault
Problem lies in how using it
And how implementing related security tasks

PHPbb2 - Those among us that periodically review the forums have been made long time ago aware of the PHPbb2 exploit

Glad to see you back in regular mode

Regards