With email admin enabled on the error.php I frequently get emails about My_eGallery/ paths or coppermine paths files not found. My question is when you get an error email that has the XSS URL, what can we do to this person that is attempting to hack my site. When I looked at the url's information, there lied the ftp location/username/password of the hacker. Very interesting, however, If I remove the XSS files on the hacker's server am I putting myself in legal jeopardy? What if I just rename the files so they don't work and make the person troubleshoot? Has anyone reported things like this? What authorities and how did you word your letter?

- MusOX

If they where stupid enough to put their FTP info in the hack attempt, then from my point of view you may completely empty his website and replace it with index.htm

Quote::

Site replaced by www.cybercrime.gov/ to get even with this lame hacker

and upload a .htaccess with

Code::

<filesmatch "\.(php|html|txt|inc)$"> deny from all </filesmatch>

But ofcourse this ISN'T legal !
However i would keep my logs and inform the host about his hack attempt and that i replaced his website due to his stupidity

Of course you should discuss legal options with a lawyer, which I'm not claiming in this regard.

However, if you are investigating your logs and in the process you come across this said hackers login information, then you certainly can use it, since he was kind enough to provide YOUR SERVER with the information. No court of law is going to say you broke in. However you are still responsible to follow any guidelines for USING the said hackers server, if they are in place. Most hackers servers I play with the rules are 'ANYTHING GOES, JUST DONT BLOW IT UP'.

So I'd be having some fun, but beware...some hackers do not have a sense of humor.

But adding a string to his XSS with this login info would be a little neat thing to do =)