dgcov

Hold on.

I’m not suggesting that ICANN will line them up against a wall and shoot them (although the idea does have a certain appeal).

Without an IP, you can’t access the internet. The technology already exists to ensure some measure of compliance to standards.

I would say that it should be in an ISP’s own interest to make sure that their clients are protected and I can’t see why simple measures can’t be implemented to offer some level of protection.

I really think we are finding excuses for not doing anything about the problem when the technology should make the solution relatively easy.

These issues are not insurmountable; the technology is there to solve them.

Obviously a US court would have no jurisdiction in South Sudan.

However, the network is controlled by ICANN, and I’m sure that they could apply some sort of sanction on a South Sudanese ISP if it were needed. I don’t doubt that, if the US requires information on a South Sudanese IP user, they know how to go about it.

First of all I have taken note of the warning above that this isn’t a WordPress topic and had resolved not to reply to it further.

However, there are a couple of points I’d like to raise on, so if I can beg your indulgence?

I believe that most of the objections to any action being taken against the hackers or crackers can be addressed fairly easily by the technology. It’s all very well to say that everybody has a responsibility to lock down their sites and that the onus is on them to do so, but not everyone has the understanding or technical knowhow required and there are plenty of sites which are vulnerable.

I would like a solution to be found to discourage the hacking and defacing of sites by these destructive individuals.

ISPs already carry records of which subscriber was using which IP at any given time, so implementing a system whereby the individual concerned may be alerted to the fact that he has been identified may be enough. Or, if it’s a compromised machine, then the ISP should feel obligated to help that person, in the interests of conserving bandwidth, if nothing else.

Yes, I understand that there have been scams whereby scammers attempt to extort money through bogus reports of infections and similar. Indeed, there can be very few people that haven’t received a phone call from India informing them that their Microsoft computer has errors (I use Linux almost exclusively), but I can’t think that there wouldn’t be ways of alerting compromised users through some sort of trusted body like the ISP themselves. Surely it would be in their own interests?

I appreciate that.

It’s a sensitive issue, obviously, but there must be ways of working around it.

You may object to being on that sort of database, but your ISP currently has that information already, even if it’s a dynamic IP.

And if countries don’t want to comply, yes there’s nothing you can really do about it, but hopefully enough might join up to make a difference.

Implementing a system which eliminates duplicates shouldn’t be hard so you grandmother doesn’t get thousands of emails saying “Fix it or else”, but rather just one which might say something like.

“Please note that this computer has been identified as having been used in a hacking attack. If you are not the originator of the attack and you suspect that your computer has been compromised, please contact XYZ agency who will advise you on how to regain control of your computer.”

How about some sort of database of username/ip address entries?

If you are being attacked, you could email or contact the user using that IP. Then if they are themselves are hacked they would have a headsup that their machine is compromised and if they were the originating attacker, then they would know that they have been rumbled and (hopefully) desist.

I realise this is very sensitive but currently law enforcement agencies have the capability to access that sort of information.

Obviously, we wouldn’t want a situation where private citizens can access the contact details of other online users, but isn’t there a case to set up a system whereby one can send a message to an IP address and that message sent on without that sort of information being necessarily public?

Sorry, there is obviously a problem with my code: the Admin user also does not have the page rendered.

Please ignore.

Sorry, it’s a derivative of the plugin I’m using: Chronoforms.

But, yes, you’ve cracked it: thanks very much!

The wp_insert_user() function was in a separate function and it didn’t have the $form->data scope in it’s namespace.

Thanks again!

Dunno how that got past me. :blush:

Yes, that’s an issue, the server’s IP is not necessarily the IP of the originator of the attack.

There must be some way of establishing a trail back to the hacker.

Some sort of coordinated database of IP addresses that we could report would be a start to finding the perpetrators behind these attacks.

I’m not necessarily advocating that we string them up and flay them alive (although, it’s a nice thought), I just feel that they should appreciate the consequences of their actions.

Yes, I’m a very small operation and I’m just doing a few sites.

Clearly, just banning them is hardly any sort of sanction.

They need to be held to account and forced to pay reparation for the damage that they do and the lives that they ruin.

almost no one to care, and even less to act on it.

That’s the point I’m making. Why not?

Frankly, any revenue generated from the hacking of the site is miniscule in comparison with the damage done to the person’s business, but because it carries no penalty for the abuser, he can do it as much as he likes and ruin many people’s livelihoods in the process. There’s no penalty for him, so why should he care?

My own sites are all now hardened with Sucuri, but I’m getting between 5 and 20 reports a day of hackers trying to log on.

By removing each item on the form, I finally tracked down what was causing the problem: my “submit” button was nested within a container.

Once I had the button on the root level of the form, it behaved normally.

I’ve done a lot: what should I be looking for?

Hi Ross, cheers.

This is for a plugin I’m developing.

The user might not have registered his menus either.

Thanks!

In my defence, isn’t that a little counter intuitive?

I would expect to wind on the post after I’d accessed the content rather than before.

But it’s a minor gripe, so long as it works! And I’m sure it’s tripped up others besides myself.

??

Thanks again.

Thanks.

So simple!