Link to home
Start Free TrialLog in
Avatar of Schoolware
Schoolware

asked on

Fighting Hackers on MSN Chatrooms

I desperately need someones help! For the last 9 months I have been running !!!! Advice Room for Teens in the MSN Chat Rooms, We have a team of 12 Hosts and deal with about 300 teen guests and their problems a week. Three times last week we have been attacked by hackers with 'bots' which flood the room with up to 30 multiple copies of themselves flooding the screen with messages and making the room impossible to run for hours at a time.
They use a loophole in MSN software that enables them to create eg Guest_2D-D12 etc
Question 1: How do they introduce their code to run in the Chat rooms?
Question 2: Anyone here clever enough and willing to write an anti-hacker 'bot'?
Meanwhile a lot of desperate teens are not gettin any help
Avatar of Beluga
Beluga

Hi,

I'm afraid I don't know the answer, but try posting a zero-point question in the Security topic with a link back here. There's plenty of anti-hacking knowledge over there.

The sad fact is that the "hackers" who are invading your site are probably the ones who need help the most....
Avatar of Schoolware

ASKER

Thanx Beluga - will try that. Yer - agree they are sick peeps . But i just got his email addy so im lodging complaints with MSN and his ISP - and a lot of good that'll do :(
0) Recalling, Yahoo was going to share with Microsoft, then bowed out claiming Microsoft was making it too insecure. We were forewarned. But expect that.

1) If we knew how-to, it would be less than appropriate to broadcast that here. So let's reduce to Microsoft should respond to that, with one of their announcements of patches after another

2) Anti.. since you've done the legwork to identify ISP, perhaps individual, then you have near term solution. Get your firewall to ban the IP, if fixed, and ban the ISP if it will not comply with your request. Granted, that will likely lose a percent of your audience, but they can possibly switch to ISP that is more favorable. Consider this another chat topic, to let your audience in on it.

Send him simple eMail, simply asking what is wanted. Follow with another stating your intentions. Intentions may include being more public in identification, as well as leading to removal from 'net. Note, that the eMail address may have been purloined or highjacked from another, so be wary of pointing fingers too early. A good ISP would do the verify here, and handle the disconnection formalities.

In old days, software would require time to elapse between events such as human keystrokes, logonID requests, and transmission requests, and allow for balance.

EE has even had its share. With some wares you can kill bad IDs, later clock ranges, either based on common format or source ID. Helps to have code or at least support for site admin. Sounds like you have little support, and may just want to go shopping again, with eyes more attentive to supplemental needs.

How about simply eye-balling accounts/lists, and having a 'freeze' on allowing newbie interactivity during your critical time until a passing of human review? 300 is not really that much to monitor 'just enough'. Rename file for account creation if you have to.
Thanx Sunbow for yr thoughtful comments. We stick to MSN Chat Rooms rather than restricted communities because of the exposure to casual users looking for help - and we are easily found.
This means we have no control over who comes into the room. We tried shunting them from there into a 'secure' room, but we lost too many on the way
As you surmise, support from MSN is non-existent. "It is up to the Hosts to control the behaviour in their own rooms" Regardless that MSN software wont let us.
We have informed FreeServe, the ISP of the hacker, and await results. We have written with threats to the email addy of the hacker.
Would Yahoo be a better place for our room?
Any luck? I'm interested to hear if you got any response from the hacker or the ISP.

Thanx for yr interest Beluga! MSN actually came up with a 'human' reponse, and said the prob had been passed to their products Team - followed by a long silence. There is a flood of other room managers with similar complaints - but no action.
I emailed FreeServe but no reponse. I emailed hacker and told him wot we were doing - several contacts verified it was his genuine addy.
He left us in peace for a few weeks, but as no-one took any action he's back again.
Not much help here then?  First time ever Ive not had a solution from the Experts! :(
Which e-mail address did you use for Freeserve?

Try: webmaster@freeserve.com and abuse@freeserve.net

If still no luck, you can try Planet Internet in the UK, who I believe are still the hosts for Freeserve, and run their infrastructure.

See their abuse page at http://www.abuse.theplanet.net/integrity/integrityfr.htm . You can either e-mail abuse@energis-squared.com , or phone them on (+44) 113 234 5100.

I emailed comment@freserve.co.uk
They certainly dont make it easy to find the right addy to complain on do they. I wonder y???
Thanx for response
We'll try the others
Knowing how similar ISP's work, the "comment" mailbox will probably be read by someone in marketing or sales who may not understand the problem.

"webmaster" accounts usually go through to Technical Support people, and "abuse" accounts often go to a dedicated anti-hacking team.

There's a good FAQ at:
http://ddi.digital.net/~gandalf/spamfaq.html
that gives the e-mail addresses of many popular ISP's, together with more general advice on tracing the source of rogue postings and e-mails. It may help now or in the future.
Thanx Beluga for yr regular suggestions! I am amazed no-one else is interested in this discussion :(
Well, Exchange Server probably isn't the best topic for this question. But it's also gotten quieter because of the summer holidays. :o(

Did you try my earlier suggestion to post a link in the Security topic? Ask a new question in the Security topic, assign it zero points, and title it something like "300 points - Hackers on MSN Chatrooms". In the text, just copy and paste the URL:
https://www.experts-exchange.com/jsp/qShow.jsp?ta=exchangesvr&qid=20140851

You might also want to try the same in the Internet Service Providers/ISP's topic.

That'll direct more people in here. You may get more help, you may not, but it's worth a shot. :o)


Schoolware,

I saw this Q was still open, so wondered if you managed to resolve the problem (still happy to help if not).

I'm also curious as to how well the various ISPs handled your query!
Well done Beluga for yr persistence! I wish that was shared more by others!
I tried several of yr suggestions, including re-posting in Security and got a nil response. Like wise contact with Freeserve webmaster a nil response
However . . .
Maybe MSN did listen, because several months later the 'Guest' facility in Chatrooms was removed, which is where most of the 'bots' were introduced anonymously.
After a peaceful month or two, hackers have come back with some new 'bots'. Some attack individual users computers. but after installing myself a better firewall, i have had no more. But they can still flood the room with phony IDs
As this rarely happens, Im afraid Ive given up actually fighting them :(
But many thanx for yr continued interest.
Perhaps I ought to clos off this Quest??
Dave
Avatar of Asta Cu
Hopefully you've already been helped with this question, but thought you'd appreciate knowing this.  It would be great if you could bring this question to a conclusion, awarding the experts above who helped you with points or a comment to them on your status today.

Re. WindowsUpdate and the .net environment. More here  http://www.microsoft.com/net/

The .NET topic is being considered for addition to our All Topics link soon, so this may interest you as well:
https://www.experts-exchange.com/newtopics/Q.20276589.html

EXPERTS POINTS are waiting to be claimed here:  https://www.experts-exchange.com/commspt/Q.20277028.html

":0)
Asta


ASKER CERTIFIED SOLUTION
Avatar of Beluga
Beluga

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thank you, Asta, for trying to revive these old and forgotten questions and adding some value in the process.

Perhaps you would benefit by posting a zero point question in the topic area representing your Operating System if you still have not gotten what you need, include the link here to point to it.

Question(s) below appears to have been abandoned. Your options are:
 
1. Accept a Comment As Answer (use the button next to the Expert's name).
2. Close the question if the information was not useful to you, but may help others. You must tell the participants why you wish to do this, and allow for Expert response.  This choice will include a refund to you, and will move this question to our PAQ (Previously Asked Question) database.  If you found information outside this question thread, please add it.
3. Ask Community Support to help split points between participating experts, or just comment here with details and we'll respond with the process.
4. Delete the question (if it has no potential value for others).
   --> Post comments for expert of your intention to delete and why
   --> YOU CANNOT DELETE A QUESTION with comments; special handling by a Moderator is required.

For special handling needs, please post a zero point question in the link below and include the URL (question QID/link) that it regards with details.
https://www.experts-exchange.com/jsp/qList.jsp?ta=commspt
 
Please click this link for Help Desk, Guidelines/Member Agreement and the Question/Answer process.  https://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp

Click you Member Profile to view your question history and please keep them updated. If you are a KnowledgePro user, use the Power Search option to find them.  

Questions which are LOCKED with a Proposed Answer but do not help you, should be rejected with comments added.  When you grade the question less than an A, please comment as to why.  This helps all involved, as well as others who may access this item in the future.  PLEASE DO NOT AWARD POINTS TO ME.

To view your open questions, please click the following link(s) and keep them all current with updates.
https://www.experts-exchange.com/questions/Q.20143273.html
https://www.experts-exchange.com/questions/Q.20140851.html




*****  E X P E R T S    P L E A S E  ******  Leave your closing recommendations if this item remains inactive another seven (7) days.  If you are interested in the cleanup effort, please click this link https://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=commspt&qid=20274643 
POINTS FOR EXPERTS awaiting comments are listed here -> https://www.experts-exchange.com/commspt/Q.20277028.html
 
Moderators will finalize this question if in @7 days Asker has not responded.  This will be moved to the PAQ (Previously Asked Questions) at zero points, deleted or awarded.
 
Thank you everyone.
 
Moondancer
Moderator @ Experts Exchange
Zero response, finalized.
Moondancer - EE Moderator