#1 Posted by expensiveham (291 posts) -

Me and my friend have spent a few weeks working on a file hosting site for a school project. Despite the site being early in development and not very secure yet we had a build up and running live online.

Yesterday we saw that someone had been uploading and attempting to run encoded files on the site with the hope of obtaining information on the server, site and eventually user data. It does not look like he has had any successes though.

We quickly banned his ip address and found out who is and where he lives. I have his full real name, address, Facebook, steam and email account. I also found his Dads phone number.

Should i call up the Dad and let him know what his son has been doing? The kid is 16 by the way.

#2 Edited by Demoskinos (14835 posts) -

I say why not.

#3 Posted by Dagbiker (6976 posts) -

No. The only reason you would call would be to get back at him, and you would only be met with resistance. My suggestion is, if you cant secure peoples information, then you need to not store it.

#4 Posted by DelroyLindo (387 posts) -

certainly should.

#5 Posted by Morningstar (2161 posts) -

Send a formal letter.

#6 Posted by Tylea002 (2295 posts) -

If you're polite about it, I don't see why not.

#7 Posted by expensiveham (291 posts) -

@dagbiker said:

No. The only reason you would call would be to get back at him, and you would only be met with resistance. My suggestion is, if you cant secure peoples information, then you need to not store it.

He did not get any data and even if he did sensitive data like passwords are encrypted.

#8 Edited by SexyToad (2760 posts) -

Yes call the dad. Teach that kid who's boss!

#9 Posted by The_Laughing_Man (13629 posts) -

@dagbiker said:

No. The only reason you would call would be to get back at him, and you would only be met with resistance. My suggestion is, if you cant secure peoples information, then you need to not store it.

He did not get any data and even if he did sensitive data like passwords are encrypted.

Dag is still right. Its your job to make sure this does not happen. I mean..this happens to every other hosting site. I doubt they call up the parents of the hackers and report them. Its part of the job dude.

#10 Posted by psylah (2177 posts) -

No, for the kid to be 16 and to be a script kiddie, he's got a hobby that will hopefully lead to him going into a decent career path. If his dad takes away his computer, he'll be forced to go outside and play football, he'll join the team at school, and when he graduates he'll be pumping gas for minimum wage.

You'll ruin his life.

#11 Posted by Demoskinos (14835 posts) -

@expensiveham said:

@dagbiker said:

No. The only reason you would call would be to get back at him, and you would only be met with resistance. My suggestion is, if you cant secure peoples information, then you need to not store it.

He did not get any data and even if he did sensitive data like passwords are encrypted.

Dag is still right. Its your job to make sure this does not happen. I mean..this happens to every other hosting site. I doubt they call up the parents of the hackers and report them. Its part of the job dude.

Even the biggest networks in the world with the best security gets breached from time to time. This shit happens and nothing is secure. What matters is that you figure out how to minimize damage when this DOES happen which it sounds like that is exactly what happened.

#12 Posted by TobbRobb (4652 posts) -

As long as you are polite, go for it. It's the parents job to make sure he doesn't pull shit like that in the first place.

#13 Posted by expensiveham (291 posts) -

@demoskinos said:

@the_laughing_man said:

@expensiveham said:

@dagbiker said:

No. The only reason you would call would be to get back at him, and you would only be met with resistance. My suggestion is, if you cant secure peoples information, then you need to not store it.

He did not get any data and even if he did sensitive data like passwords are encrypted.

Dag is still right. Its your job to make sure this does not happen. I mean..this happens to every other hosting site. I doubt they call up the parents of the hackers and report them. Its part of the job dude.

Even the biggest networks in the world with the best security gets breached from time to time. This shit happens and nothing is secure. What matters is that you figure out how to minimize damage when this DOES happen which it sounds like that is exactly what happened.

In case it was not clear, he accomplished nothing and failed at what he was doing. But it is obvious that he has a malicious intent even if he just is a script kiddie. And the information in the database (that he did not get access to) is useless anyway as it is encrypted and contains just a few test accounts me and my friends have made. We only made the site to improve and use our skills in php, sql, css and javascript and its not like we have a large userbase. We have a total of 8 accounts on the site.

#14 Posted by Soap (3592 posts) -

@psylah said:

No, for the kid to be 16 and to be a script kiddie, he's got a hobby that will hopefully lead to him going into a decent career path. If his dad takes away his computer, he'll be forced to go outside and play football, he'll join the team at school, and when he graduates he'll be pumping gas for minimum wage.

You'll ruin his life.

.....do it.

#15 Edited by Sergio (2128 posts) -

Yes. People are correct that it's your responsibility to maintain security of the site. However, under normal circumstances, these types of breaches would also be prosecuted. Just because a web site is responsible for the security of user information, it doesn't mean they ignore information regarding hackers once known. You're doing the kid a favor by informing his dad. The kid could get in more serious trouble if he tries this with someone else.

#16 Posted by The_Laughing_Man (13629 posts) -

@demoskinos said:

@the_laughing_man said:

@expensiveham said:

@dagbiker said:

No. The only reason you would call would be to get back at him, and you would only be met with resistance. My suggestion is, if you cant secure peoples information, then you need to not store it.

He did not get any data and even if he did sensitive data like passwords are encrypted.

Dag is still right. Its your job to make sure this does not happen. I mean..this happens to every other hosting site. I doubt they call up the parents of the hackers and report them. Its part of the job dude.

Even the biggest networks in the world with the best security gets breached from time to time. This shit happens and nothing is secure. What matters is that you figure out how to minimize damage when this DOES happen which it sounds like that is exactly what happened.

In case it was not clear, he accomplished nothing and failed at what he was doing. But it is obvious that he has a malicious intent even if he just is a script kiddie. And the information in the database (that he did not get access to) is useless anyway as it is encrypted and contains just a few test accounts me and my friends have made. We only made the site to improve and use our skills in php, sql, css and javascript and its not like we have a large userbase. We have a total of 8 accounts on the site.

Then use this to also improve your security.

#17 Posted by Jams (2961 posts) -

@expensiveham:

@soap said:

@psylah said:

No, for the kid to be 16 and to be a script kiddie, he's got a hobby that will hopefully lead to him going into a decent career path. If his dad takes away his computer, he'll be forced to go outside and play football, he'll join the team at school, and when he graduates he'll be pumping gas for minimum wage.

You'll ruin his life.

.....do it.

Yup, do it. Put the scare in the kid early that he can easily be found out by fucking around. More than likely he wont be so arrogant to think he'll be more sneaky next time and leave that shit alone. Maybe tell his dad to not take the computer away but warn that he can be put in jail and fined for what he did and that he should concentrate on contributing to society instead of fucking it up.

Then have the dad whip his ass with a belt.

#18 Edited by expensiveham (291 posts) -

@the_laughing_man said:

Then use this to also improve your security.

I have already made changes to stop it from happening again.

@psylah said:

No, for the kid to be 16 and to be a script kiddie, he's got a hobby that will hopefully lead to him going into a decent career path. If his dad takes away his computer, he'll be forced to go outside and play football, he'll join the team at school, and when he graduates he'll be pumping gas for minimum wage.

You'll ruin his life.

I am not doing this to fuck with him and try to get him in trouble. From what i've learned looking him up he seems like a smart kid (he has a game up on google play for example) and i think his technical interest is something that should be encouraged but using security exploits to fuck with someones site and try to get server information is not the right way.

#19 Edited by Jrinswand (1709 posts) -
#20 Posted by Alexander (1721 posts) -

.

#21 Posted by Pr1mus (3911 posts) -

What that gif^ says.

#22 Posted by Sanity (1907 posts) -

Bring the hammer down! (thats code for call his dad!)

#23 Posted by mellotronrules (1192 posts) -

yes- 100% do it. if he's going to behave like a child, call him out on it.

#24 Posted by Nux (2360 posts) -

@psylah said:

No, for the kid to be 16 and to be a script kiddie, he's got a hobby that will hopefully lead to him going into a decent career path. If his dad takes away his computer, he'll be forced to go outside and play football, he'll join the team at school, and when he graduates he'll be pumping gas for minimum wage.

You'll ruin his life.

This sounds like a fine reason to call that boy's father.

#25 Edited by MikkaQ (10290 posts) -

Call the father, and just start making up stuff about all these laws his son broke, but since he's under 18 and using his father's internet connection, that the father is liable and will soon be contacted by a lawyer.

At the very least you can waste some of his money by scaring him into a legal consult over nothing.

#26 Posted by Ravenlight (8040 posts) -

If you have his FB, maybe just make a polite post on his wall asking him to stop messing with your site. If he knows someone's onto him, he might get scared off.

If not, then call his dad.

#27 Edited by louiedog (2335 posts) -

@psylah said:

No, for the kid to be 16 and to be a script kiddie, he's got a hobby that will hopefully lead to him going into a decent career path. If his dad takes away his computer, he'll be forced to go outside and play football, he'll join the team at school, and when he graduates he'll be pumping gas for minimum wage.

You'll ruin his life.

Alternatively, calling his dad and explaining things could help him get into a summer internship that might help him focus these interests in a more productive way before he does this to the wrong site and police get involved. You never know what this kid is looking for. Maybe he's trying to steal and sell credit card info which is going to land him in a lot more trouble than his dad taking away his computer.

#28 Edited by Max_Cherry (1133 posts) -

His dad probably doesn't know what the internet even is.

#29 Posted by bybeach (4831 posts) -

I would say inform daddy w/ a strong hint of his son applying his talent in a nondistructive way. If that is possible. Especially if this misguided bs of making other ppl's lives miserable can be reoriented into a job.

#30 Posted by believer258 (11913 posts) -

So how do you know the father won't call up the police on you for obtaining contact information without permission? Yes, I know the kid committed a crime, but "he's just a kid" might fly and get him off for far less or even nothing.

#31 Edited by Jams (2961 posts) -

@louiedog said:

@psylah said:

No, for the kid to be 16 and to be a script kiddie, he's got a hobby that will hopefully lead to him going into a decent career path. If his dad takes away his computer, he'll be forced to go outside and play football, he'll join the team at school, and when he graduates he'll be pumping gas for minimum wage.

You'll ruin his life.

Alternatively, calling his dad and explaining things could help him get into a summer internship that might help him focus these interests in a more productive way before he does this to the wrong site and police get involved. You never know what this kid is looking for. Maybe he's trying to steal and sell credit card info which is going to land him in a lot more trouble than his dad taking away his computer.

It's also a little worrisome that this kid has a game published on Google Play and is also trying to steal information. That could come back and bite him in the ass if he ever tries to make a living selling games.