What's a fitting punishment for virus creators and illegal hackers?

Peter,

Not sure what you have against sharks...

Why not have those scumbags strapped to a chair and make them watch endless hours of "The View" (or the European equivalent) all the while a Michael Bolton CD is playing in the background on 10.

Of course, when they finally can't take that punishment anymore (and who could) just feed them feet first into a brush chipper up to the knees.

Then it's back to the "The View" and MB until they bleed to death.

Or worse yet...have them spend 24 hours with my ex-wife.

KJ

Peter - half of my main website was chewed up so badly by one of those Russian JS redirect virus hackers that we aren't being able to restore it - after 3 damned years of work. Will probably be moving the surviving part to a new server and just starting over on the rest when this hosting is up in July. Redoing rest of site right now and updating.

These *******s wasted 4 months hacking in just to be able to redirect for a few hours. 4 years of learning, blood, sweat, and major amounts of PR all wasted.


Those hackers have so much tech savvy and could build some awesome businesses yet chose to just be a plague on the planet instead. How do we react to plagues? Yep - eradicate them.

BTW - be real careful. What we found is that these *******s built doors all over the place so they could get back in at will. It took forever just to stop up all the holes - their bots were coming in as fast as we could close up their doorways. But then we were working on a thousand pages or so, too. Still......just sayin' .

Jeez Sal, is there anything you don't know how to do or not interested in? Rocks and minerals, language expert, computer expert... just for fun you took a bunch of strangers and started a dream experiment.

I've wasted so much time when I think about what you've achieved and learned.

LOL - Computer expert? ROTFLLMAO -- where the hell did you get that idea? If I were an expert my site would still be in one piece. I have partners who do most of the techincal stuff- and did enough of it that it's a nightmare for them to fix. I just found out a pay button didn't work on my SalsSecrets site and it's taken me days to figure it out - someone else finally got tired of explaining it to me and wrote the damned code for me - which I actually have enough knowledge to cut and paste on my page by myself. Hahahahahahaahaha

I'm sure if you look at your repertoire of what you know as objectively as you look at areas of expertise of others you will find you have a much more full background than you realize. Crap, look at that multiplayer video game you made. You have worlds of expertise working in that one production alone.

If my background sounds like a lot - it's majorly just a mix of Linguistics, Philosophy, and Earth Sciences. The fields cover a lot of territory. I do one major amount of continued study because I do a major amount of writing. And I travel a lot because I love to go new places - especially to rock hunt and all of that ties in to my income now. I don't have kids or any stationary obligations so I get out more and have more time for what I want to do than most people.

I've been a rockhound for around 25 years - it involves you very deeply in earth sciences.
My formal education was in Ethno-linguistics, which I had to study all the pre-rec's (soc, philosophy, logic, cognitive sci) to get there. When I apply it it's not new stuff - still the same stuff (<shameless plug for upcoming WSO>
I also studied canine linguistic comprehension and acquisition while in classes - because I like my dogs smart (doing a WSO report on dog training now). </shameless plug>


So - anyway my point is........you have a world of expertise that you put your time into that I don't have. I've no more than you - just different from yours. While you are building scripts that I don't have clue one how to do, I am picking up gemstones in the wild.
What your post sounds like to me is that you are bored because it's getting to be summer and most of your expert fields
are applied indoors. Just apply them outdoors for a change - hiking can be relevant to building video games if you stop and think about it........so get that backpack and cooler of yours that you dream about out and go think of some new game strategies in the mountains or at a lake somewhere, dude.

Lethal Injection by Hanging from fingernails.

Prison and lawsuits smack him upside his head, while he is waiting to die.

Hi there Peter. It sounds like you've had a rough old time of it. Yeah, dropping them into the shark-infested waters sounds like a good idea, although I'm not sure about shackling them; it's the sound and motion of prey that attracts a shark's attention.

I'm hoping that when I suggest this, I don't sound like a particular Harry Enfield character (see below) -- but is it possible that you could switch to an operating system other than Windows to avoid all of these Windows viruses?

Lemme at em. I'd like to beat em with a whip then drop them in waters with sharks and piranhas.

they should be forced to get a brazillian wax once a day for life.

Good to see there's not a wuss amongst us!

Do you think it's possible to include all forms of torture and slow deaths that have been mentioned? And I'd like to add one, a quite appropriate and fitting end with more than a subtle level of irony... infect them with a flesh-eating disease, a virus, preferable one that attacks the nether regions first and is relentless in it's destruction of all the vital organs.

I can only feel even more resolute in my convictions as to the fate of these 'people' as I found myself dreaming about the bloody thing last night.

So far, I think my sites have been clean for about 48 hours - I'm more hopeful as the days go by. I've been thinking about HeySal's experience and that is VERY worrying.

John suggests we'd be more secure if we ditched Windows. That could be true John but that would mean we've given in to them - they'd have won. Not going to happen.

I read that the Hamster King, Kevin Riley, caught a trojan on his PC that found its way onto his server and attacked his sites very recently. He employed the services of fellow Warrior Craig Desorcy. I've bought Craig's "Blog Lock Down" yesterday and it's brilliant for helping to prevent such attacks. It's well worth getting and I commend this to the House!

Peter

'Fraid to say, I spoke too soon - they're back!

*******S !

I may just have to cut my losses and wipe everything from the sites and start over. I'm a tad upset just at the moment.

This really isn't funny anymore - come to think of it, it never was.

Wish me luck.

Peter

Jail, its an attack that costs millions of dollars every year. If your system is affected then you have no mercy for the people who create viruses.

Peter - you might have to do what we did on my site - we had to ditch everything that wasn't html. Indy and I are working on switching some of the stuff we had on mysql to html -
ANYTHING AND EVERYTHING PHP IS VULNERABLE.

If you have free reports, ebooks, et al on your site - take em down and delete them, and don't put up a fresh copy until you are sure you're clean. Your host might have to
delete some of THEIR files and put fresh ones up for you.
Ditch your forums or your WP - keep nothing but the text - and build them back on clean completely updated versions. Turn off webforms.
Robots could not penetrate my site - it was a live member sign up - we were able to trace down the member - he was there 4 months before they let go of whatever, and we had some very high security running on it. We had so much shut off already it was running skeletal. Comments off, webforms, nonexistent, 15 character passwords, you name it.

The virus is mostly in the Java, Paul. It looks almost completely correct, but will be off by a character or two just like the maud.sys virus is.
It loves to pose as a yahoo counter. Check a real yahoo counter against the code on yours if you have one.

My only hope is that the Russian authorities will start taking this as serious as we are and will roast the perps alive when they catch them.

I'm really wondering how these guys are making their choices of who to attack, since they are live attacks and not robots.

A while back my Paypal/Ebay identity was cracked.
There is no feeling like it when it happens to you.

It's not about prevention this time, Peter. My tech is a world class security expert - has worked on Gov computers. He estimates that it took several months for them to hack into RHS1.

Anything php is vunerable. There is no real defense at the time. Sometime at the end of last year gov computers were hacked -shouldn't have been possible. About the same time my tech's computer was hacked -- at the bios level.

Of course, prevention helps hold them off awhile, but that's about it for right now. I'm rebuilding what I can in html and just looking for alternatives to php that will still allow some interaction for my main site. No telling how long it will be until some sort of defense is created. The hackers are Russian, that much I know. They have built a monster this time around.

How about have Sasha Cohen come land on their faces with his bare buttox in front of a room full of people.
Oh, wait he already did that to Eminem

Hi Pete

I think what is happening to you is very distressing and anyone else that it happens to, as well. I feel quite sick thinking about it actually

They are the scurge of humanity and as such deserve nothing less than scurge deserve and I believe that your poll should be changed to include 'Necrotising Fasciitis' that would fit them to a 'T'.

They should be left to rot to pieces or rot in hell would be another term. They don't deserve to have a life as they don't respect other peoples lives, the ones who live them with respect for their fellow humans.

If only we could send this flesh eating virus back to them in their 'redirects'!

Best of luck in restoring your sites.

Viv

How did they get in? do you actually know for sure how they were able to get in?

I ask because log files can easily be changed to look like they got in a particular way but in actual fact they may have used the default apache login to penetrate another service.

Here is a good way to trick/slow down hackers. I did this for 6 years while I ran my web hosting business amongst other things and never had one hack in all that time, there were attempts though.

Change all the version information on your services. When a hacker plans an attack, they have scripts that go looking for a particular server, Linux running Apache 2 with PHP 5 etc.

When they do a request on what servcies your server is running and your server responds that it is running JoeBlogs Server, and Tickerbell preprosessor, they will move on.

It's a very simple but very effective solution.

Of course, you will need to have your own server to do this and understand how to re-compile the services such as apache and php with your own version information, or you can pay someone about $80 and they will do it for you.

AF - I think that is part of the problem...my server. It's no cut rate operation. Host Excellence is the name of it. But after this when my hosting is up in July I'm going to be changing to Servage who is a bit more attentive. I am under the impression that had my server been better equipped these guys wouldn't have gotten in on my site. And their attitude about helping to get straightened out was less than it should have been considering the mess.