H
H
Hint2011-05-30 21:10:24
Burglary protection
Hint, 2011-05-30 21:10:24

Is it ethical to scam your own site?

I found an order on antichat to dump the database of my own site with a budget of $1000. I found it through Google, but the name of the project has already been erased on the forum and the author suggests contacting him in ICQ for details. He offers to provide him with the hashes of several accounts as evidence (after that he transfers 1000 WMZ).

What would you do in my place? You can simply forget about the existence of the request, or you can throw (teach) the attacker, "earning" $ 1000.

Answer the question

In order to leave comments, you need to log in

21 answer(s)
Y
Yaraife, 2011-05-30
@Yaraife

The activity itself is illegal, i.e. this whole deal.
This means that the buyer is not protected by law.
Take care of anonymity, and, of course, throw it away.
1) Since the customer is trying to steal your data, he can be considered an enemy for you, and you should definitely try to weaken him, for example, by throwing him for money. (he will not be able to repeat the operation)
2) He is not protected by law, so he will not be able to do anything, say, sue.
Amazing care for a site owner.
I see no reason not to throw the customer for money, unless these few user hashes are a serious threat to you.

N
Nicholas, 2011-05-30
@pnick

The burglar, in any case, must be punished. If there is a legal way to do this, then you must follow the law. If you don't have it, drop it, of course.

N
Nicholas, 2011-05-30
@pnick

The main thing is that the same customer does not read this post (:

M
Monca, 2011-05-30
@Monca

Punish - yes, but spend the money on donations and at least to the project that is used on your site. Money is bad, crazy. And you still earn.

D
Denis Domansky, 2011-05-31
@Doman

I would not. Intimidate, talk - yes, you can. But throwing 30,000 rubles, real rubles, is ... This is not right. Moreover, the customer has not done anything yet.
In fact, you're throwing $1,000 at a person who has (so far) done nothing wrong. And you did by throwing it. As a result, the innocent suffered, and you, under the pretext of world justice, were enriched by $ 1,000.
And in general, will your upbringing and worldview allow you to throw a person? Even a potential attacker? I couldn't. I would also ask here, but the question would be formulated as follows: “How to punish a potential hacker of my site?”.

S
Shirixae, 2011-05-30
@Shirixae

Um ... even I’m reading it for the sixth time and I don’t understand who demands money from whom, for what, and how you want to appropriate it.

S
Sergey, 2011-05-30
@bondbig

I would have sneered. But I wouldn’t throw money at it, at least not for serious ones.

M
mihavxc, 2011-05-30
@mihavxc

It's definitely worth a lesson :)
I wonder how many of these database buyers are now nervous after reading this post?))

M
MrCrock, 2011-05-31
@MrCrock

Replace passwords for user accounts immediately and try to find and fix the vulnerability through which the information leaked. Only then take action against the burglar.

4
4twilight, 2011-05-31
@4twilight

1. contact the zak
2. justify the difficulty of the task
3. trade at least up to $1.5-$2k
4. don't come back after receiving the money
5. ????
6. PROFIT
I do not see anything shameful in punishing such people - if robbers climb into your apartment, you will ask - do they rob and climb into the right apartment?

R
rharunzade, 2011-05-31
@rharunzade

Punish the person, and give at least half of the money to the orphanage. The attacker's money will go to a good cause. I wanted to do something nasty, but it turned out good =)

D
Daminion, 2011-05-31
@Daminion

Stealing from a thief is not considered a crime

F
frobo7, 2011-06-01
@frobo7

Throwing an asshole - it certainly does not hurt. If you do it carefully, and so that users do not suffer.
But, in my opinion, a more important question is who is the customer, and why does he need a dump of your database.

I
Igor, 2011-05-30
@admhome

What prevents you from partially copying (duplicate with some changes) any accounts or creating new ones to provide to the customer? This is the database of your project, you have full access to it, and you have the cards in your hands.

C
ChemAli, 2011-05-31
@ChemAli

Punish, and direct the money to improve the security of the site.

A
Alexander, 2011-05-31
@Alexx_ps

Of course punish.

M
make_luv, 2011-05-31
@make_luv

I see no moral barriers to throw someone who wants to rob you. That is to say, preventive measures. There will be science.

I
Ivan Trofimov, 2011-05-31
@cbone

This is the same as posting a notice at the entrance: “I am looking for a robber who is ready to take out all the equipment from the N-th apartment of this entrance. Budget: $1000. To verify the professionalism of the robber, provide the iPad and HTC from this apartment, after which we can cooperate with you.”
If I saw such an announcement on my house, I would be very angry and I would punish such a person very severely. The same should be done with the website. Planning such a negative activity is already a criminal activity.
My opinion: DEFINITELY PUNISH!

B
Backspace, 2011-06-01
@Backspace

I don’t know about you, but here (in Ukraine) it’s quite easy to find a common language with law enforcement agencies in such situations. It's almost done. Pros: a clear conscience, experience in similar cases for the future, a beautiful piece of paper / history, useful contacts; cons: $1000 :)

I
impass, 2011-06-01
@impass

what is your site so valuable?

M
mifa, 2011-06-04
@mifa

To the question "Is it ethical to throw ..." the answer is no, it does not matter how the sentence ends, because throwing is not ethical. Another thing is that this is probably not the situation when you need to think first of all about ethics.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question