First, thanks for everyone's replies with suggestions and helpful tips and dirty tricks. I thought it might be helpful if I recap in detail the incident. Maybe it will help foster more thinking both technically and also the more complex issues of policies. (I am not sure of the word I want to use but I choose policies.) This incident came about because a rivalry between 2 message boards and escalated because the big guy, besides being a general jerk, has the resources to keep kicking it up a notch. My friend and I use that term loosely because I only know her from the message board is 17, lives in Israel, and has vBulletin running on a Pentium III Desktop with Microsoft Windows 2000 Server. She has a dedicated 1 MB DLS connection to the Internet. She runs Zone Alarm Pro on the Server and this is behind a Linksys Router. For her, the board is a hobby and she is savvy enough to make it work pretty well but doesn't have technical skills for situation like this past Sunday. She also doesn't have $$$ to do anything that costs money. She isn't making money doing this and isn't in a position to bring legal action against someone in the US. The "Big Guy" also has a Php based vBulletin forum running along with several business sites that are making him enough cash to have his own enterprise servers in a major collocation facility. He used his forum along with many of his business sites to launch the inline frame attack against the other forum. The situation finally resolved itself when he deiced his sites were being slowed down to the point of people noticing his sites loading slowly and when my friend agreed to publicly say she was "owned" by him. She didn't like the position but felt that it was in the best interest of everyone to take the "hit" and move on. I also contacted the collocation facility on several fronts about the attack but have heard nothing other than a tech in one of their chat rooms saying they won't do anything without the logs from the attacked site. The "Big Guy" has put up a hate site attacking my friend (and her family) personally and people of Jewish heritage. It is quite offensive but he claims it is parody and protected. The collocation facility also has done nothing about this site when contacted. To combat the issues for now, we have used a JavaScript to break out of a frame and "trump" any page that has an inline frame to the site. We applied the filter to protected against hot linking images from the server as that was done recently too by him. Everything is quiet at this point in time. As more and more people decide to have web server at home for business or personal use, this issue could become a major problem with no real solution. Hopefully this is the last of it for my friend. Jim Hunt ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Oct 30 2002 - 13:22:31 PST