Reverse hacking with PHP

[goocharlton]

Ok here goes!

 

I have been hacked numerous times by the same hacker spamming my site. He uploads a file to a directory and then accesses the file through his browser which them edits files on my domain that he specifies. I have just fixed all the pages that were spammed on my site for the 3rd time and it will not happen again because I actually took the effort to close the hole in which he was entering by.

He(whether in person or from a scheduled program) returns daily to run the script that he had uploaded to re-spam my pages.

 

He is no noob because he runs it all from behind proxy's so I am unable to track him that I am aware of.

 

Because he runs this script everyday I am wondering if I can use that against him in some way.

As he is behind a proxy this will be much harder or impossible but where there is a will there is a way!

 

I need to know if there is any way to get details of a user through a proxy with php or is there some way I can trick him through it? I can edit the file that he runs off my server every day to whatever I want.

 

What do you think?

[ronnie88]

why don't you just chmod the file he uploads?? so it can't run. Or don't allow the extension he is uploading...thats why a lot of people only allow zips and such.

[JasonLewis]

Yeah what is the extension that he/she is uploading?

[goocharlton]

He is running a php extension.

 

You don't understand, I can easily stop him from running the script, the fact is that I don't want to stop him at this stage, I want to catch him!

[tibberous]

Probably not. If it is a browser based proxy, you can toss some ajax / iframe code in their to get his real browser to connect, but it's probably a real proxy.

[.josh]

what is the spam?

[cooldude832]

He is running a php extension.

 

You don't understand, I can easily stop him from running the script, the fact is that I don't want to stop him at this stage, I want to catch him!

 

You can't catch him easily unless you beef up your security measures.

 

To beat a hacker you must be a hacker you need to create a system that rejects the proxy site's cookiejar that forces him to directly access the site and then attach cookies and so forth to him to figure out where he is contact the ISP and then you can catch him.

 

Look on google cause I've never done it but that's not to be said it can't be done.

 

If he's hiding behind a proxy odds are you can't get him out of his hole by rejecting a proxy because a hacker is afraid of the big mouse trap you set up.

[Andy-H]

You could block proxies however, when you block proxies people using AOL also get blocked from your site. I don't have a solution; just thatught I'd say lol

[goocharlton]

Probably not. If it is a browser based proxy, you can toss some ajax / iframe code in their to get his real browser to connect, but it's probably a real proxy.

....go on. What were you saying about ajax/iframe code, can you explain more about this?

 

what is the spam?

Just viagra adds and crap like that.

 

You could block proxies however, when you block proxies people using AOL also get blocked from your site. I don't have a solution; just thatught I'd say lol

I'm not fussed with the fact that the hacker got in, I know how he got in and when he got in(nothing special I know) but I just want to try and track him down that's all.