Jump to content
Guidelines - Read before posting!

A Scamming Company Dilemma

Token

By Token
in Chit Chat

 Share

Recommended Posts

aener Too Much Spare Time

aener

Posted
Posted

Yer not relating you to that at all. Just I know for a fact that guy has no reason to do that to me and potentially could have royally f**ked over a lot of work, just to get his name on a site that only gets 200 visitors a day anyway.

But yer I guess I can't really talk, as it is a bit like internet graffiti.

I doubt it's to do with publicity. I'd wager your site was only used as a honing of his skills.

If they want to get good at hacking, they have to start small. Adding a tag is proof to their 1337 friends that they've done it.

Gotta hack small websites like yours before they can take on Sony :P

The fact he only left a tag and didn't screw stuff up for you kind of implies he's not in it for malice.

Link to comment
Share on other sites
Max Quinn Too Much Spare Time

Max Quinn

Posted
Posted

I doubt it's to do with publicity. I'd wager your site was only used as a honing of his skills.

If they want to get good at hacking, they have to start small. Adding a tag is proof to their 1337 friends that they've done it.

Gotta hack small websites like yours before they can take on Sony :P

The fact he only left a tag and didn't screw stuff up for you kind of implies he's not in it for malice.

He deleted EVERYTHING. I was backed up, but still had to spend a while redoing formatting etc.

Link to comment
Share on other sites
Token Too Much Spare Time

Token

Posted
  • Author
Posted

Okay so I'm still not any closer to backing up all the data from all 23,000+ users.

The only way I've managed to do it would be to go through every single of the 2300 pages and do a 'Save Page As HTML' in Firefox, which would take a very long time. If any one can help it'd be more than appreciated?

Also on the note of trying to get the money back attempted to use this:

https://www.moneyclaim.gov.uk - Money Claim Online (MCOL) is HM Courts & Tribunals Service Internet based service for claimants and defendants.

However they charge £25 for any claim under £300, so that'd be extra £25 that I'd probably never see again. Seriously, is it that easy for people to scam and get away with it?

Link to comment
Share on other sites
JDâ„¢ Post Whore

JDâ„¢

Posted
Posted

I think you're looking from a SQL point of view when that's not actually what you're doing - if you were in the SQL database itself you could just run the query I mentioned earlier and it'd give you them all.

What I'd do, if the only thing you've really got is that web address, is create a script that loaded each page in turn, searched for the email address, and added it to a text file. Relatively simple to do, depending on what sort of language you'd use (so I'll do an example in plain english):

do

   open browser with address "/Customer_Search_Result1.asp?CurrentPage=" + n + "&vadsid=&cname=%20&email=&postcode=&telephone=&mobile=&user_status=live"

   find email (search for @ symbol, then take the text to and from the surrounding spaces)

   add email to text file

   close browser

   n = n+1

until n = 2300

There may well be a simpler way, but that's the basic theory of it.

Feel free to PM me some more details and I'll have some fun helping out (Y)

  • Like 2
Link to comment
Share on other sites
tomturd Thats Enough Now Tart

tomturd

Posted
Posted

Here ye go,

Login to any linux box. Create this in a file called 'scrape.sh', run 'sh scrape.sh'.



#!/bin/bash


x=1

while [ $x -le 2300 ]

do

	echo URL/Customer_Search_Result1.asp?CurrentPage=$x

	wget -qO- URL/Customer_Search_Result1.asp?CurrentPage=$x | grep -Eioh '([[:alnum:]_.]+@[[:alnum:]_]+?\.[[:alpha:].]{2,6})' >> emails.txt

	x=$(( $x + 1 ))

done

[/code]
 



All the addresses will be in emails.txt in the same directory.
  • Like 3
Link to comment
Share on other sites
Token Too Much Spare Time

Token

Posted
  • Author
Posted

Here ye go,

Login to any linux box. Create this in a file called 'scrape.sh', run 'sh scrape.sh'.


#!/bin/bash


x=1

while [ $x -le 2300 ]

do

	echo URL/Customer_Search_Result1.asp?CurrentPage=$x

	wget -qO- URL/Customer_Search_Result1.asp?CurrentPage=$x | grep -Eioh '([[:alnum:]_.]+@[[:alnum:]_]+?\.[[:alpha:].]{2,6})' >> emails.txt

	x=$(( $x + 1 ))

done

All the addresses will be in emails.txt in the same directory.

Thanks for that Tom, I'll let you know how I get on, I think JDs going to give me a hand getting all the details and then I'll see where to go from there.

Link to comment
Share on other sites
Token Too Much Spare Time

Token

Posted
  • Author
Posted

I hope your covering your back whilst doing this. In terms of proxy chains etc...

I probably wont use a proxy when I actually run the script properly but I'll do it on a laptop where I can change the mac address and I'll be on a wifi network that isn't mine. Bearing in mind that these guys have a pretty shoddy looking website and are apparently based somewhere in Cyprus and have potentially scammed 23,000 people, I doubt they're going to make a massive effort in reporting me to the police.

Link to comment
Share on other sites
Muel Post Whore

Muel

Posted
Posted

He deleted EVERYTHING. I was backed up, but still had to spend a while redoing formatting etc.

This kind of behavior really f**ks me off, he could have had the same effect just adding this at the top of your home page.


<?php

echo "Haha, hackz0r3d you trolololol";

exit();

?>

There's just no need. I do have some sympathy for "ethical" hacking. Just getting in for the sake of it, telling you how they did it and then leaving you to mend the hole, but deleting everything from the server simply isn't cool.

Link to comment
Share on other sites
Tony Harrison Too Much Spare Time

Tony Harrison

Posted
Posted

Presumably they get a sense of power from it.

Someone hacked my friends webhosting account and just used it to set up a phishing website, send out emails, etc. Once we got control back, cleared out the c99 scripts, etc, it was easy to restore the websites.

As for the OP's situation here, does sound interesting. As a minimum you should probably scrape everything you possibly can just so you have it, then decide what to do next. You could send it anonymously to the cops, etc.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...