This is what I get when I go to tunamart.com

anyone know how to get in touch with him to let him know?

http://imgur.com/yaJHs.png

Tunaman5 at comcast dot net

He's hit the big time :p

Pretty bold of them to commit a felony and put a name and email address on there.

What's sad is that it doesn't even matter...they'll still probably get away scott free. That's our wonder department of homeland security for you.

Hacked by a muslim extremest. Guess he's preparing for the paintball Jihad- Pretty sure if it comes to it we got this one...

I think Tuna has been hacked in the past, but he knew who did it. Doesn't look like the last time.

500 bucks to anyone who can provide me with the info needed for arrest and conviction of these scumbags...

500 bucks to anyone who can provide me with the info needed for arrest and conviction of these scumbags...

Do you have any enemies? People who would want to screw around with you this way?

Dollars to Donuts that it's a random hack from China or Russia.

There has got to be SOMEONE we can hire that is smart enough to find out who these bastards are...

There has got to be SOMEONE we can hire that is smart enough to find out who these bastards are...

I attend a training class by these people, http://www.foundstone.com

If you really want to catch them the key is not to touch anything and let Foundstone do an Incident Response. The number one thing is document everything that is done to the computer after it has been hacked. When it gets to be court time the perp will get off if every step of the incident response was not documented.

In the event of an Incident, Foundstone did not even want the servers to be turned off or unplugged from the network. the only way to find rootkits is to look in the memory of the system and once the system is powered off valuable forensics information is lost.

Here's a good book that will demonstrate everything in a Incident Response.
http://www.amazon.com/Incident-Response-Computer-Forensics-Second/dp/007222696X/ref=tmm_pap_title_0

But realistically this is probably from over seas and there won't be a GD thing you can do about it.

You server probably has a root kit installed by now so do not reuse the OS. You will need to completely rebuild the server but only after you have had an Incident Response done or decided not to do one.

Good Luck and Unless you are loosing thousands/millions of dollars an hour in sales it really is not worth it. Wipe your system and start over.

500 bucks to anyone who can provide me with the info needed for arrest and conviction of these scumbags...


Arrest? how about we dig a few holes out by the Meadowlands?

When you search for ahmadso on google theres quite a few references to a muslim extremest hacker. I'm guessing the problem is not from the USA and not likely to end in a favorable outcome. Either way I hope that things get back on track soon.

If you need a place to dig a hole or dispose of a rather large flimsy garbage wrapped package I've got a few places no-one would ever look. :ninja:

I would STRONGLY encourage you not to waste any money attempting to track down a vanity hack. You'll spend a fortune on computer forensics far in excess of the damages incurred. If law enforcement is willing to take the case, work with them, but I don't think I'd pay money out of my own pocket to track down some dude half a world away.

Looks like you're back up and running now, but hopefully you were able to preserve things like security logs and such. Work with your local law enforcement first, they'll direct you to the correct agency where you'll probably be ignored completely because your website name wasn't Amazon or Ebay.

They'll ask you for things like log files, maybe the physical hard drives if you have them.

Definitely make sure that you don't just "fix" the issue to bring the site back online. If you got rooted there's nasty stuff lurking below.

Restoring the data isn't good enough, you need to wipe the OS clean, rebuild with current security patches, etc...then restore your data from backups. If your host does image-level backups of your site this gets even easier. You can restore the full system to its pre-hack state and then apply security patches and stuff.

The question will also be whether your database was hacked as well. If they run on the same machine, assume that they were. If not, check security logs (or have your hosting people do it) to see if any connections from the same IP address were made to the database server.

Arrest? how about we dig a few holes out by the Meadowlands?
Use them as bait in some crab pots, and then no shovel work is needed. :cool: :argh:

That's our wonder department of homeland security for you

LOL - homeland security is suppose to protect small private businesses from website hackers? Do you want to nationalize our network infrastructure?

Anyway - glad Tuna is back up. I'd spent the $ on site security going forward instead of chasing down the guys in hindsight.

You need a minimum of $5000 of damages to have the feds be interested. They post their info because they hide behind foreign proxies which do not hold access records. You are SOL you wont recover anything or get prosecution on anything.

Since Tuna deals in AGD stuff, I'll bet it was a hit planned by the Gardners....or maybe I am just being silly :tard:

It is sad when people use their talents to harm instead of do good, and seriously, to a paintball site? Why not a something larger or more important (not that tunamart isn't, as I have spent hundreds of dollars on tuna's stuff)?

That's our wonder department of homeland security for you

LOL - homeland security is suppose to protect small private businesses from website hackers? Do you want to nationalize our network infrastructure?

Anyway - glad Tuna is back up. I'd spent the $ on site security going forward instead of chasing down the guys in hindsight.

Its not their job to protect private websites...I just think it's DHS that is in charge of investigating hacking attempts because they were classified as national security issues.

For a while it was the secret service, then it was passed onto the FBI. I'm pretty sure after the PATRIOT act it went to DHS. I could be wrong though, it might depend on different factors.

I do know that people whose websites have been hacked rarely get any satisfaction from law enforcement. THere's thousands of these happening a day. Most of them are automated. This guy was probably scanning IP addresses, found a web server, checked it for known security holes and launched an automated attack.

It's illegal, but since most of these come from over seas it's almost impossible to track them down to prosecute.

That's our wonder department of homeland security for you

LOL - homeland security is suppose to protect small private businesses from website hackers? Do you want to nationalize our network infrastructure?

Anyway - glad Tuna is back up. I'd spent the $ on site security going forward instead of chasing down the guys in hindsight.

You've got it all wrong, their job is to help create a police state where people are regularly searched and asked for "papers" without due cause.

Sorry Tuna. I hope you get everything working without any issues. I'll be sending you that package this week to work on.

Tuna don't waste your money on a partial incident response. $500 would only get the process started. And if you have brought the server back online, you have probably done irreparable damage to the evidence. Unless you yanked the drives and rebuilt the server on new drives, then you may have some stuff.

It's really not worth it in any case. Use it as a learning experience.

Some things to keep in mind:

Patch early and patch often. Regular patching gets you a lot of bang for the buck, so to speak. There is always a chance a patch will break something, but staying up to data on security patches should be a priority.

Probably the next best thing is to send the logs off the same server so if the web server is compromised, the log server has the log data safe.

If possible a restrictive firewall ruleset in front of the server is a good idea. Thing like not allowing anything other than tcp 80 and 443 in from the world. Also not allowing anything out (unless needed).

Beyond that you can start to spend real money for minimal gains. IDS, IPS, WebAppFW, audits, pen tests... They all have their place, but are not really worth it for a small site.


One major thing WRT recovery: make sure the server was rebuilt from scratch from trusted media. Make sure any user access stored in a database or flatfile has been checked for extra accounts. Make sure to change ALL passwords for all accounts on the system.

hmm seems to be this ahmadso is notorious for hacking websites i googled his name and found other sites he took down by hacking them the email is also verified to be 100% legit and working to.

Spent the last 4 nights browsing the mart.. over and over and over... You know, like those lost children in a toy store... Then bam... Eggs.

I thought Tuna was doing an upgrade or something...

Damn man, good luck with getting this sorted out... mostly cause I want to get lost again. :)

I have seen that same thing or very similar dozens of times on the internet. Its nothing specific to tunaman. They use programs that just search the internet for websites with weak spots, and hack them. I think the whole muslim extremist thing is just something the creators thought would create a big stir, expecting people to actually believe it. but ive seen this same thing for years now. happened to a counter strike forum I use to belong to, also happened to a racing forum I was on.

Whole point is to just cause people trouble.

happened to our 6th Fallschirmjaeger Oklahoma D-Day forum early this year.

Tuna is back! I am happy again :D

Thank you Dave Roselle of Roselle Communications. These guys work fast and very efficient. If anyone needs Hostiing Services for a great price and great service please check them out.

I can't imagine someone spending thier free time hacking websites, modern warfare is much more fun if you're just trying to blow off a few hours

You've got it all wrong, their job is to help create a police state where people are regularly searched and asked for "papers" without due cause.

Breaking the law is due cause. So much paranoia.