Catch the thief

[COMANDER]

...and exactly what do you think you're gonna do when you actually find out who he is? You're on a pointless mission, you may as well just nuke him from orbit, it's the only way to be sure.

Well i'll tell you what i would do. If he is from my country or better my city i'll kick his ass. If he is from other country, then there is nothing left to do but ban the IP as soon as he find's out.

[imported_BigRed]

...and exactly what do you think you're gonna do when you actually find out who he is? You're on a pointless mission, you may as well just nuke him from orbit, it's the only way to be sure.

I think you may have watched Aliens a few too many times.......

[streaker69]

I think you may have watched Aliens a few too many times.......

If 133 times in one year is too many, then may be.

[-=Xploitz=-]

I have a scenario to solve. A slight problem, if you would...

Suppose you host a linux server with an apache webserver on it. The main website is a small forum where certain people come to discuss things. Now there is this guy that keeps coming back (also registers new accouns after being banned) and spams the forum over and over again. You have the apache the logs, but he is using an anonymizer to hide his real IP address or perhaps he connects to someone else's wireless and does it from there. Let's say you suspect that the person in question is in fact one of your internet "friends" or someone you know.

Any ideas on how to catch the criminal and proove he was involved?

About the only real way to "catch" him would be to go to into EVERY router he has accessed wireless-ly and see if his cards MAC address is in the log files. But then again, if he was smart when he did this, then he cloned or faked his MAC address with macchanger or another MAC changing soft. The IPs in the router logs probably won't matter, all they'll show is an local IP somewhere within in the range of the gateway the guy was on.

In a word, unless he changed his MAC addy,...theres not much you can have to go on to "prove" it was him. And its not illegal to ban evade..lol. I'm sure we have many here on our forums who have ban evaded successfully. Its just a pain in the ass to you to have to deal with this guy. Eventually, he'll bore with this little game and move on...and probably only "occasionally" jack with you.

[ShadowKill]

About the only real way to "cath" him would be to ............
.............
........
....
..
.

Holy flaming barrels of jesus juice, bat-girl!!!! He's ALIVE!!!!!!

[-=Xploitz=-]

Holy flaming barrels of jesus juice, bat-girl!!!! He's ALIVE!!!!!!

lol....

Hi ya ShadowKill. Yes, I'm still alive and kicking. Just been going through some pretty rough times lately. Just wanted to pop in and say my little piece to help this guy out.

Everyone doing well???

[ShadowKill]

lol....

Hi ya ShadowKill. Yes, I'm still alive and kicking. Just been going through some pretty rough times lately. Just wanted to pop in and say my little piece to help this guy out.

Everyone doing well???

I hear ya brother. You, me and a whole lot of other people as well. I'm just glad to see you're still around. We've missed ya.

If there's anything at all I can do to help, please please please don't hesitate to let me know. I'm working on some pretty big things right now and if you have any spare time, trust me I know it's hard to find any nowadays, shoot me a message and I'll fill you in.

[-=Xploitz=-]

I hear ya brother. You, me and a whole lot of other people as well. I'm just glad to see you're still around. We've missed ya.

If there's anything at all I can do to help, please please please don't hesitate to let me know. I'm working on some pretty big things right now and if you have any spare time, trust me I know it's hard to find any nowadays, shoot me a message and I'll fill you in.

I appreciate the sentiment ShadowKill. And I shall remember what you have said. Thanks.

[Shatter]

...and exactly what do you think you're gonna do when you actually find out who he is? You're on a pointless mission, you may as well just nuke him from orbit, it's the only way to be sure.

Maybe I will.

To be honest, I'd just like to know who he is and I'm betting 90% it's some script kiddie or a hacker wannabe. There is no assurance that the flash trick is going to work, but it's worth a try IMO. Maybe there's an alternate way to do it with javascript to bypass a client-side anonymizer tho most of these methods can be easily rendered useless by installing a plugin such as NoScript on your Firefox.

Also, I'm adding the anonymizer IP's to the banlist.

EDIT: Is there a good and recent IP banist for the popular proxies and anonymizers?

[Revelati]

Does he simply spam? Or does he actually respond to posts? If he has a grudge against you and you can get him to talk you could most likely social engineer a good bit of information out of him. Remember to use metadata, and mask your intentions ie.

Get him to brag about his hardware, chances are he is going to want to show you how big his "epeen" is, and reveal what kind of box he is using.

Get him to post a picture on an image hosting site or something and compare the ip address, he may slip up when not specifically trying to spam you.

Compare syntax, if you have a feeling that you know this person in a Jekyl/Hyde kinda way you may have all the proof you need. People tend to use similer sets of phrases or punctuate in ways that are discernible from others. Or use slang or colloquialisms specific to certain regions.

(My personal favorite) Create an account and help him spam your board a few times. Do something really "cool" like defacing the site that will impress him (easy since you are a mod) tell him that the mod pissed you off just like him and basically become his buddy long enough to give himself away. If you can get his icq/aim/email its game over, especially if you get him to do a direct connect file transfer.

I know its cliche, but sometimes you need to think outside the box, its amazing what you can talk people into revealing about themselves if you can do a little play-acting. I always have worked on the basis that no system is uncrackable and no person untraceable it all just depends on how much effort you are willing to put into it.

As for what you can do when you find him, once you have an ip its only a skip away from a phone number. Call the bastard up and tell him his own name, address, next of kin, social security number, then hang up. If he is using an anonymiser he will probably be scared ****less. Or if he is 12 and living with his parents (as i suspect) just tell his mommy that the next phone call you make is to the feds, see how quick he gets his puter taken away.