The best way to punish hackers?

[Entreri]

Quote:

Originally posted by Alphawolf
Was hacked today. It was a good lesson.

In a way it was an ideal time to get hacked. Someone must have been running a sniffer on my forum and got my Admin account.

They stripped polls, and generally acted like a gremlin.

Deleted all but 1 photo gallery before I noticed this and changed the password.

The password is not a 'guessable' password, so it was some sort of 'sniffer'.

Unlike spazlabs, I wouldn't jump to the brute force conclusion. You possibly have an open window somewhere that let the intruder in. I mean, many of the scripts used by adult webmasters that I've seen around aren't hardened security-wise. How many adult (pay and content) sites have blatant vulnerabilities just by looking at the home page? Many.

I wouldn't redirect to a harmful site. At best, I'd logged the attempt and show the attacker that it has been logged. Or I'd send the attacker to a banner page or pop-up hell (for your benefit). Scare him if you want but _don't_ try to seek revenge.

There are two risks if you follow this dark path :

1. You might unwittingly give added incentive to try to mess you up.

2. You might punish an overly curious but innocent user.

My word of advice : Be cool and remain professional, but harden your site.

Entreri.

p.s. I've worked as software quality assurance for awhile (2-3 years) and specialized in web application testing, including penetration testing...