What is this

[unknowngiver]

Hey
I recieved this email yesterday or something..i wasnt able 2 get online for 2 days ...

Hello DOMAIN4FREE.org Admin,

I just have a warning for you that we will be attacking your site soon,
We are from the LockerTALKERS groups, and we have recently hacked you site
www.domains4free.org as a warning we found some of your other sites
including
apkafuture.com, if not listened carefully it will be hacked aswell.
so we can compramise or make some sort of cash / related deal if you do not
want
that to happen, and i am sure that you seriously wont.
if you want to make a deal with us, please do contact us as soon as
possiable.
before we directly go and attack it. not to mention we have previously
hacked
your site apkafuture.com once before that is if you dont remember.

ok well we'll be waiting some time for you response.

LockersGroup!

Some details abt the emailer

X-Gmail-Received: c40accf9fbe619e8bd861a97b7d859bb5ede9703
Delivered-To: [email protected]
Received: by 10.65.22.13 with SMTP id z13cs24509qbi;
        Fri, 23 Sep 2005 20:37:29 -0700 (PDT)
Received: by 10.37.13.61 with SMTP id q61mr771583nzi;
        Fri, 23 Sep 2005 20:37:28 -0700 (PDT)
Return-Path: <[email protected]>
Received: from host2.dedicated4less.com ([209.59.181.203])
        by mx.gmail.com with ESMTP id c1si1742073nzd.2005.09.23.20.37.28;
        Fri, 23 Sep 2005 20:37:28 -0700 (PDT)
Received-SPF: softfail (gmail.com: domain of transitioning [email protected] does not designate 209.59.181.203 as permitted sender)
Received: from [64.4.53.51] (port=50825 helo=hotmail.com)
	by host2.dedicated4less.com with esmtp (Exim 4.52)
	id 1EJ0qs-0003bu-HC
	for [email protected]; Fri, 23 Sep 2005 23:37:26 -0400
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Fri, 23 Sep 2005 20:37:25 -0700
Message-ID: <[email protected]>
Received: from 61.5.131.12 by by19fd.bay19.hotmail.msn.com with HTTP;
	Sat, 24 Sep 2005 03:37:24 GMT
X-Originating-IP: [61.5.131.12]
X-Originating-Email: [[email protected]]
X-Sender: [email protected]
From: "weza weza" <[email protected]>
To: [email protected]
Bcc: 
Subject: Domains4Free.org Hacking Warning
Date: Sat, 24 Sep 2005 06:37:24 +0300
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
X-OriginalArrivalTime: 24 Sep 2005 03:37:25.0635 (UTC) FILETIME=[47D1ED30:01C5C0B9]
X-ClamAntiVirus-Scanner: This mail is clean
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host2.dedicated4less.com
X-AntiAbuse: Original Domain - apkafuture.com
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - hotmail.com
X-Source: 
X-Source-Args: 
X-Source-Dir:

I thought it was just a spam email..but my website domains4free.org was kinda messed!!

Some1 had logged into the adminpanel and messed around with it

What am i suppose to do
can i take any legal actions against this? do i have ANY options?

plus for pplz who do hosting: If you think ur host is "SECURE" then please PM me..i dont want to lose my websites

 

[user-7256]

Take your site offline - make a backup, take them offline, remove all online content if you feel these people are a threat and have your host look into this, contact the ISP if you can get their IP address. I would if I could write you a program to that scans all access to a particular IP and takes their IP address, but hackers... I can't do it with hackers...

 

[unknowngiver]

I think i know who this f*cking loser is

X-Originating-IP: [61.5.131.12]

according to http://www.ip2location.com/free.asp
This guy is from pakistan, kharachi
and i know only 1 loser who would try to do that and who already did it {check my posts at the scam section}

since he is from pakistan..i dont know wt to do abt it?

 

[nicholas]

The one real (and definitely not easy) thing you can do is look beyond this guy and examine the scripts and other software running in your system and ensure its security and stability; if it isn't this guy then it'll be someone else. In other words, make your top priority

 

[Kate]

I would also scrub the web server log. In particular check when someone logged into the admin panel, when and what IP was used.
Also contact hotmail and send the E-mail with full headers so they can close this account.

I think i know who this f*cking loser is

X-Originating-IP: [61.5.131.12]

...

lol there is a web server running on this IP
would run a scan port just to see

 

[Peter]

lol there is a web server running on this IP
would run a scan port just to see

that could indicate it was sent from a compromised machine.

as nicholas has said check you are running the latest version of the software you have on your server. Also get your host to update the programs running the server.

The easiest way to hack into someones web page is by using a known vulnerability in a piece of software. Just take a look at php-nuke and phpbb they have had a rough ride over the last few months because of things like this.

Also change your admin username and passwords try and make the password very random (using both upper and lower case as well as numbers) and if possible make it so that it locks the account or bans the ip if the login attempt fails x amount of times.

 

[unknowngiver]

Hey
i m pretty sure that my vbulletin is secure

the script that he hacked into is a custom script
i m going to ask some other professional programers to take a look at the script and find all possible ways to make it more secure.
About the IP...it is from Pakistan I think i know whose it is
i m going to call [long distance] that guy today and tell his parents what he is doing online [he is 14 yr old kid]

I have been trying to get intouch with the server support pplz..but they are not answering me on MSN...i hope i get this fixed soon

 

[Virgil]

Any updates on this matter, unknowngiver?. Did you call the brat's parents?.

 

[hotrod12]

That is blackmail and you should press legal charges for that alone including the hacking against the kid.

 

[MadAboutDomains]

Get your host involved, get them to secure your site. If they gain access to your hosting without permission they may choose to take action themselves.

If they hack you... they are hacking their servers

You never know!

 

[unknowngiver]

I havent called them...I am just playing aroud wid tht kid right now
he is dumber then i thought
he is asking me to pay him :P

and he is like
I DONT HAVE PAYPAL BUT GIVE ME YOUR PAYPAL ACESS SO I CAN GET THE MONEY OUT, DONT WORRY I WONT DO ANYTHING ELSE

lmao like how childish can u get :P

 

[kalesh]

Have you asked your host or any programmers to help you with this if not maybe I can look into it.
This kid really needs something serious done to him.
Like maybe erase his hard drive
that should set him right

 

[unknowngiver]

I contacted a programmer to try to find and fix any bugs and security holes in the script..

 

[Venolus]

Why not try if you have any keyloggers installed on your machine?
Thats what nobody cares about....
I got my personal networks hacked by a keylogger tracer