[PLEASE HELP] Stollen My Database And Threatning to Steal my Site

A

Ab.Nath

New Member
Hi Guys many know that i have been a member of good times
and i developed my forum which was doing great

recently , or rather yesterday i saw a guy ( hacker ) he pmed me and told me that he has stolen all infos from my site

and he created a new site which he gave me the url , and in that new site he dumped my database and made it exactly as my site

Now he is pming me again that he will steal my site from me

Can Anyone tell me what should i do
he is just blackmailing me and telling me that he will disclose our members ip's and stuff emails and rest to the general public and put me into bars as my site is Porn type

<-- Removed this line -->

his email is also there

i am putting them listing them here : -

Username : - hacker
Ip : - 76.20.215.17

Email Address also his yahoo id : - [email protected]
Website he put my dump database it is in a sub folder but i am adding his site : - http://idesishare.com/index.php

Can Anyone do something to him please
And tell me how can i can secure my site please guys i need help great help now please help me

what should i do ??
how do i restrict that member stealing my database even i don't know how he did it previously

If any one wants which is my site i can provide the links if you want tooooo

But please help Great danger
and what else can he do with that stolen database he have please
 
A

Ab.Nath

New Member
from where what should i do

he says nothing just wants to destroy my site or he may demand money don't know

from where will i contact server abuse any site where should i go
he is just stealing everything that i have
 
C

chakru

New Member
take backup of your database and tell your hosting provider that you get such threats. with your database backed up and the domian under your control you should be fairly safe even if he takes control of your site... you can restore your site back anytime.

just contact your hosting and give them the info.. and get your database backed up.

next time that hacker calls you tell him to f off.. lol..

regards
 
C

chakru

New Member
Ab.Nath said:
from where what should i do

he says nothing just wants to destroy my site or he may demand money don't know

from where will i contact server abuse any site where should i go
he is just stealing everything that i have
Click to expand...

stealing your stuffs dont mean a lot really. dont worry about it. he wont get anything out of stealing your stuff and putting it in another forums. there are hell a lot of databases of forums with huge contents are already available so nothing will happen out of it. what really matters is your domain.
 
A

Ab.Nath

New Member
Thanks but he tells me that he will put me into bars putting our infos meaning ip's and emails in google

and just stearnly telling me he will put me into bars

my site is a porn site there are many other site's like that in the world porn warez type
he says he will out me into bars

can he do that really , please help
 
G

Grinderhand

New Member
Here's the whois for that site, including his name and email, which of course, may be fake. It doesn't list an address for abuse, but you may want to try contacting [email protected] since that appears to be his host. Be sure to include his emails to you with the threats when you contact his host. Might not do any good as the host is in the Netherlands, but you never know. If nothing else, you can call him on the phone and bitch him out. The phone number is in New York.

Code: 
DOMAIN: IDESISHARE.COM

RSP: LeaseWeb BV
URL: http://www.[url=http://cqcounter.com/whois/index.php?query=leaseweb.com]leaseweb.com[/url]

owner-contact: P-RPS1142
owner-fname: Ricky
owner-lname: Singh
owner-street: landau. ave 107
owner-city: elmont
owner-zip: 11003
owner-country: US
owner-phone: +1(0)5164390804
owner-email: ricky_2021@[url=http://cqcounter.com/whois/index.php?query=ymail.com]ymail.com[/url]

admin-contact: P-CLZ29
admin-organization: LeaseWeb BV
admin-fname: LeaseWeb
admin-lname: BV
admin-street: J.W. Lucasweg 35
admin-city: HAARLEM
admin-state: Noord Holland
admin-zip: 2031BE
admin-country: NL
admin-phone: +31(0)203162880
admin-fax: +31(0)203162890
admin-email: technical@[url=http://cqcounter.com/whois/index.php?query=leaseweb.com]leaseweb.com[/url]

tech-contact: P-CLZ29
tech-organization: LeaseWeb BV
tech-fname: LeaseWeb
tech-lname: BV
tech-street: J.W. Lucasweg 35
tech-city: HAARLEM
tech-state: Noord Holland
tech-zip: 2031BE
tech-country: NL
tech-phone: +31(0)203162880
tech-fax: +31(0)203162890
tech-email: technical@[url=http://cqcounter.com/whois/index.php?query=leaseweb.com]leaseweb.com[/url]

billing-contact: P-CLZ29
billing-organization: LeaseWeb BV
billing-fname: LeaseWeb
billing-lname: BV
billing-street: J.W. Lucasweg 35
billing-city: HAARLEM
billing-state: Noord Holland
billing-zip: 2031BE
billing-country: NL
billing-phone: +31(0)203162880
billing-fax: +31(0)203162890
billing-email: technical@[url=http://cqcounter.com/whois/index.php?query=leaseweb.com]leaseweb.com[/url]

nameserver: ns1.[url=http://cqcounter.com/whois/index.php?query=leaseweb.nl]leaseweb.nl[/url]
nameserver: ns4.[url=http://cqcounter.com/whois/index.php?query=leaseweb.net]leaseweb.net[/url]
nameserver: ns5.[url=http://cqcounter.com/whois/index.php?query=leaseweb.nl]leaseweb.nl[/url]
 
A

Ab.Nath

New Member
1 more thing can i stop this person even coming into my site meaning to my cpanel nor site

anything via proxy or anything he will not be able to access my site
then it will stop this stuff

and today i have taken a full home database backup
what do you recommend

change my server
or anything more please help
 
C

chakru

New Member
its stupid that he says he can put you behind bars, infact the truth is you can put him behind bars coz he hacked your stuffs lol.. He is in potential danger not you hehe..

I really don't know why he is threatening like this, may be he is someone you know well my guess. Just ask him to do whatever, your site related to porn doesn't matter. Just change your name and address in domain details. if your hosting is offshore where everything is allowed then it does not really matter and some US hosting allows porn I think. its not an issue.

as mentioned before just tell your hosting that he is trying to hack with his ip and other details they will take care of it. if he can access details then its a potential threat to your hosting company too..

regards
 
D

DON

New Member
Well how did he get in? Either you have a unsecure server or a mod installed on vB, which has an exploit in it.
 
A

aaa

New Member
telling a hacker to fuck off will get you no where do what he says mean time change your members password and email them about it and back your site up, i will help out by tracking the ip and reporting him to ic3.gov for you.
 
G

Grinderhand

New Member
Like Don says, check your site logs, look for his IP and see what he's been up to. It may point out a security hole you didn't know about.
 
A

aaa

New Member
ya his ip was untraceable however i did find his nameservers which i handed off to my friend (Have no clue what hes going to do to them) and im handing the ip to my other friend who is 1 of the top hackers so i wuldnt worry about him for much longer
 
A

Ab.Nath

New Member
Thanks all of you

For helping me
really i am crying in here

my forum was only of 6 months old , it had over 10 K members and 40K posts
the forum was doing great

now i am just crying , just crying
what can i say

he just fucked up my site stole my datbase

and how do i gethim out of my site

Grinderhand said:
Like Don says, check your site logs, look for his IP and see what he's been up to. It may point out a security hole you didn't know about.
Click to expand...


From Cpanel na , Raw Access Logs that will tell me what he was upto to
i have done one thing i have add his ip to my denied ip list

what should i do more .. please help
really how did he get it don't know
 
A

Ab.Nath

New Member
what he is doing : - is that for now

he is sending emails to other users and saying that my site have been moved to that new domain iDesishare

What should i do about it really i am helpless in here anything that i can do
 
B

bulletin

New Member
Ab.Nath said:
what he is doing : - is that for now

he is sending emails to other users and saying that my site have been moved to that new domain iDesishare

What should i do about it really i am helpless in here anything that i can do
Click to expand...

Well first thing i want to ask you are you using 3.7.3 version of vb? If yes, then its most important that you upgrade your vb software from 3.7.3 to 3.7.5 or 3.8.1 as its the latest version of vb. 3.7.3 has exploits that is the reason i think he was able to screw your forum database, its always important that you upgrade and use latest version of vb.

So here is the steps i will tell you to do to secure your site.

1) Upgrade to 3.7.5 version.
2) Take backup of your database aswell as forum root folder.
3) Change your admincp and modcp folder name to any other name, so that hacker cannot have access to admincp and modcp.
4) Make your forum registration invitation based only, and invite only those members whom you trust.
5) Ban hacker username and ip permanently.
6) See all those mods you have installed, do search in vbulletin.org to see if any of those mods have exploits or not, if they have exploits, remove them immediately, if they dont have exploits keep it as it is.
7) Most important you need to keep your admincp folder password protected so that nobody can access your admin control panel, except you.
8) According to that hackers ip, you need to ban that ip to have access on your site, that hackers ip range is from
76.16.0.0 - 76.31.255.255
Click to expand...
put this ip range in ip deniy in your cpanel account.
9) Now after this, email all your site members and tell them that your site has been hacked and you have deleted all members account and also tell your members to re-signup again with new email id, this time keep your site only on invitation based.
10) Final step, delete all members account, forums posts keep it in archive forum category or in trash forum category, and take database backup again.

This should help you to get your site safe.
 
A

Ab.Nath

New Member
i have previously updated to the latest vb which is 3.8.1
so now what can i do

i can email to persons but removing all of their account will be bad

I have added that IP in my deny Ip Lists
i have taken a full backup yesterday

and i have banned that ip from my site and the user

Any other thing can i do , he might be access to my site through any other means
 
T

techiekaran

New Member
the quickest way and the best way will be to contact your host manager and vbulletin officials (only if you own a license).
no need to delete your members, just the ip denial is all..and as bulletin said keep a invitation system only as your forum is now a bid one.
 
B

bulletin

New Member
Ab.Nath said:
i have previously updated to the latest vb which is 3.8.1
so now what can i do

i can email to persons but removing all of their account will be bad

I have added that IP in my deny Ip Lists
i have taken a full backup yesterday

and i have banned that ip from my site and the user

Any other thing can i do , he might be access to my site through any other means
Click to expand...

Well the guy who hacked your database is using 3.7.3 and if you had updated to 3.8.1 then you need to update with the patch that is 3.8.1 Patch 1, probably this was the reason for suspecting your database, as there was a hole in 3.8.1 version, you will get patch 1 in vb 3.8.x section in this site.

Next, if you do not remove your members, there will be a high risk of your site database can be hacked again. So you have two option either delete all members or email your members to change there password, username aswell as email address, if they do this, then you dont have to delete there accounts.

Next, just do not block ip, infact block complete ip range that i have provided, that ip range is dynamic version, you need to block ip range because his ip is dynamic and can change every time after clearing cookies, blocking ip ranges, will help you to block him completely from your site.

Next, do not allow any members to signup as name hackers, block some usernames that can be suspected as hackers and they will have no access to your site.

Next, block proxy ips as much as possible, if you know any proxy sites that are popular and can be used for visiting your site, then block those proxy ips.

Next, do not allow any new signups from nowonwards, now only let your site members invite others to join your site, and tell them to invite only trusted friends, this way you dont have to worry about your site.

Next, do not load your site with all unwanted mods, remove them if its not useful to you.

Next, do not give access to any mods for guest users and also do not allow guest to view your forum, give permission to guest as not to view forum, in this way guest cannot hack your site.

Next, follow other procedures that i had mentioned in my previous post, this will fully secure your forum and no hackers can actually hack your site.


techiekaran said:
the quickest way and the best way will be to contact your host manager and vbulletin officials (only if you own a license).
no need to delete your members, just the ip denial is all..and as bulletin said keep a invitation system only as your forum is now a bid one.
Click to expand...

Host manager cannot do anything in this matter, its not his duty to take care of his customer's site. Contacting host owner, would be waste of time as he will not be able to give support, untill unless hackers get access on the root server.
 
You must log in or register to reply here.
Top