Kid attempts to hack my site, should i call up his dad?

Me and my friend have spent a few weeks working on a file hosting site for a school project. Despite the site being early in development and not very secure yet we had a build up and running live online.

Yesterday we saw that someone had been uploading and attempting to run encoded files on the site with the hope of obtaining information on the server, site and eventually user data. It does not look like he has had any successes though.

We quickly banned his ip address and found out who is and where he lives. I have his full real name, address, Facebook, steam and email account. I also found his Dads phone number.

Should i call up the Dad and let him know what his son has been doing? The kid is 16 by the way.

I say why not.

No. The only reason you would call would be to get back at him, and you would only be met with resistance. My suggestion is, if you cant secure peoples information, then you need to not store it.

certainly should.

Send a formal letter.

If you're polite about it, I don't see why not.

@dagbiker said:

He did not get any data and even if he did sensitive data like passwords are encrypted.

Yes call the dad. Teach that kid who's boss!

Dag is still right. Its your job to make sure this does not happen. I mean..this happens to every other hosting site. I doubt they call up the parents of the hackers and report them. Its part of the job dude.

No, for the kid to be 16 and to be a script kiddie, he's got a hobby that will hopefully lead to him going into a decent career path. If his dad takes away his computer, he'll be forced to go outside and play football, he'll join the team at school, and when he graduates he'll be pumping gas for minimum wage.

You'll ruin his life.

Even the biggest networks in the world with the best security gets breached from time to time. This shit happens and nothing is secure. What matters is that you figure out how to minimize damage when this DOES happen which it sounds like that is exactly what happened.

As long as you are polite, go for it. It's the parents job to make sure he doesn't pull shit like that in the first place.

@demoskinos said:

In case it was not clear, he accomplished nothing and failed at what he was doing. But it is obvious that he has a malicious intent even if he just is a script kiddie. And the information in the database (that he did not get access to) is useless anyway as it is encrypted and contains just a few test accounts me and my friends have made. We only made the site to improve and use our skills in php, sql, css and javascript and its not like we have a large userbase. We have a total of 8 accounts on the site.

.....do it.

Yes. People are correct that it's your responsibility to maintain security of the site. However, under normal circumstances, these types of breaches would also be prosecuted. Just because a web site is responsible for the security of user information, it doesn't mean they ignore information regarding hackers once known. You're doing the kid a favor by informing his dad. The kid could get in more serious trouble if he tries this with someone else.

Then use this to also improve your security.

@expensiveham:

Yup, do it. Put the scare in the kid early that he can easily be found out by fucking around. More than likely he wont be so arrogant to think he'll be more sneaky next time and leave that shit alone. Maybe tell his dad to not take the computer away but warn that he can be put in jail and fined for what he did and that he should concentrate on contributing to society instead of fucking it up.

Then have the dad whip his ass with a belt.

@the_laughing_man said:

I have already made changes to stop it from happening again.

I am not doing this to fuck with him and try to get him in trouble. From what i've learned looking him up he seems like a smart kid (he has a game up on google play for example) and i think his technical interest is something that should be encouraged but using security exploits to fuck with someones site and try to get server information is not the right way.

@expensiveham: Just fucking do it already.

.

What that gif^ says.

Bring the hammer down! (thats code for call his dad!)

yes- 100% do it. if he's going to behave like a child, call him out on it.

This sounds like a fine reason to call that boy's father.

Call the father, and just start making up stuff about all these laws his son broke, but since he's under 18 and using his father's internet connection, that the father is liable and will soon be contacted by a lawyer.

At the very least you can waste some of his money by scaring him into a legal consult over nothing.

If you have his FB, maybe just make a polite post on his wall asking him to stop messing with your site. If he knows someone's onto him, he might get scared off.

If not, then call his dad.

Alternatively, calling his dad and explaining things could help him get into a summer internship that might help him focus these interests in a more productive way before he does this to the wrong site and police get involved. You never know what this kid is looking for. Maybe he's trying to steal and sell credit card info which is going to land him in a lot more trouble than his dad taking away his computer.

His dad probably doesn't know what the internet even is.

I would say inform daddy w/ a strong hint of his son applying his talent in a nondistructive way. If that is possible. Especially if this misguided bs of making other ppl's lives miserable can be reoriented into a job.

So how do you know the father won't call up the police on you for obtaining contact information without permission? Yes, I know the kid committed a crime, but "he's just a kid" might fly and get him off for far less or even nothing.

It's also a little worrisome that this kid has a game published on Google Play and is also trying to steal information. That could come back and bite him in the ass if he ever tries to make a living selling games.