Forum Moderators: phranque
On WhoIs it shows that the domain name is owned by a guy in Oregon. He appears to have his own server, so it is pointless to notify the IPS.
Is there any action that can be taken to shut this guy down? Or at the very least make his life a living hell?
The domain name is registered at registry-dot-com. Are they able to take any action?
How about contacting the Attorney General of Oregon?
The law isn't broken until you actually start using bulk email methods to people who have not opt-in for them.
You don't know if the persons who's emails' he is offering have opted in to his list on the promise that they will receive info from non-profit groups.
Also you don't know what a group would do with those emails. They could conceivably contact each person one at a time and and attempt to start a personal dialog with them.
I know these examples are a little far fetched but any good lawyer would use them to show that this guy hasn't broken any laws.
Want to make his life hell? Try slashdotting his site.
[edited by: Demaestro at 9:14 pm (utc) on May 25, 2007]
He hacked the site and sent the email as if it was being sent from my site.
I'll be surprised if that is legal.
I would start with your server logs and see if you can find the "put" action that got that file into your directory. If there is an IP associated to that transfer then see if you can trace the IP to a service provider. Maybe they would be willing to turn off his service or at least offer to give more info to the authorities.
I don't know how it works in your state but there should be some Internet Crime commission or some governing body that would at least look at it.
I'd be gone from a host in an hour if they allowed such files to be posted on their servers without the Webmasters' permission. Or perhaps you've installed scripts that are not secure, and allow system command injections, etc.
Revenge is a luxury you may not yet have time for.
Jim
Maybe it is irrational, but I'm willing to spend all the time necessary to take this guy down. If he's doing it to me he's also doing it to others. At the very least I'm going to contact the AG and give him what materials I have--they may (hopefully) be building a case against him.
And yes, I've pulled everything down for security reasons.
"La vengeance est un plat qui se mange froid"
-Pierre Ambroise Francois Choderlos de La Clos-
or approximately, in English, "Revenge is a dish best served up cold."
Take care of your own security vulnerabilities first, then the legal stuff (if any agencies are cooperative and interested), and *then* worry about getting even. There may indeed be other sites involved; If you try to take revenge before pursuing legal solutions, then you tip him off that he's been discovered, and endanger any on-going investigations.
A cool head will result in a better plan -- and outcome. For us all.
Jim
