Congratulations Timse on getting out of this mess safely

No offense, but you might not be so lucky next time around. The guys whose website you hacked seem to be nice guys who understand tat it's just a waste of your life if you are turned over to the feds. As you mentioned earlier, they are willing being non co-operative with the police on further investigations. They understand that curious teenagers sometimes try to hack into websites just out of curiosity and because of the obvious 'coolness' associated with it. They probably tried such stuff when they were in their teens. So I guess we all learned a lesson here.
I guess we should try to be the good hackers. The kind that don't destroy stuff or deface websites but just hack them out of curiosity, but leave everything intact. Of course with the law getting stricter by the day, you've probably committed an offense just by getting into their servers. Anyway, as long as we don't cause them trouble, I guess we're safe.

And one more thing...
Unless you're ABSOLUTELY sure your activities can't be traced back to you, DO NOT try such dangerous stuff. I think it's not possible to get your IP if you used TOR, but as afar as I know, TOR only anonymizes the connections that pass through it (usually the web browser) so if you used another tool (say a por­t scanner or something else) that didn't route it's traffic through TOR, you're giving yourself away.

So you first need to be intimately aware of the technology surrounding you. You need to know EVERYTHING about how it works. You need to think like the one getting hacked. If you were the one who was under attack, what would you do to get back at the hacker? I bet the first thing you'd look at will be the security logs. Many hackers either don't know how to erase the logs or don't bother with it at all. Big mistake! It could give a lot of information about the attacker. And if he's naive enough to attack the site from his own IP rather than from a chained IP link, well, that's practically asking for the site owners to throw you in jail.

There are a lot of books you can read to gain a deeper understanding of current technology and hacking techniques. I am currently reading Kevin Mitnick's The Art of Deception. I believe he's also written another book, The Art of Intrusion which would be an interesting read. And the first thing to read would probably be the excellent Hacking For Dummies.


Regards,
Xyberz09

I used TOR but still they got my ip...
They used a program called FLUP or FLUPP, I don't remember the name exactly.
I wonder how they got my ip...
Could it be through JavaScript?

First of all, read this:
> http://www.torproject.org/download.html.en#Warning

And while I scoured the web for interesting stuff on TOR, this is what I uncovered:

> http://blogs.zdnet.com/security/?p=114 (HD Moore himself )

> http://sla.ckers.org/forum/read.php?15,20720

> https://blog.torproject.org/blog/one-cell-enough

> http://www.downloadsquad.com/2006/10/18/tor-ip-anonymitity-compromised/

> http://dandies.org/files/e620eb97d7105d321ac2acd29fd6c140-7.html
(The SCARIEST of them all)



Well, according to the stuff I read, I think your identity can't be compromised unless your exit node (which is the last node in the sequence of nodes you connect through like a chain) is a sneaky one that logs your IP based on your activities or some keywords.
(see http://blogs.zdnet.com/security/?p=114)

Oh, and I tried looking up FLUP and FLUPP(which is an Open Source Flight Log Software!!) but I have no idea what they are :(


Finally, I found this interesting stuff:

HD Moore's DeCloak project:
http://decloak.net/
(Check if your real IP is shown here when you use TOR)




Aside: http://sites.Google.com/site/clickdeathsquad/Home/cds-torsetup

nice stuff xyberz09 you are helpful as usual

Very interesting thread. What exactly did you do to that site, by saying you "defaced" it? Also be very careful when doing such stuff from your own computer, especially if you got a static ip. Tor, as xyberz well said, will just mask your ip through browsers. In order to permanently mask your ip you should be using a pro­xy on your operating system's settings (aka a system-wide pro­xy). About security logs, except the ones that are generally the same (like in famous systems, apache etc) they aren't always the only thing the attacker needs to erase. Clever webmasters can have other ways of tracing what happens on their servers, and you'd practically have to know what you're looking for. We all liked (or like ) messing with other's work to find vulnerabilities or exploits - that's what computing is all about, finding something new everyday and improving what you already knew. Should i ever bother finding such an exploit (or whatever) to some other website, i would just leave a kind message to the web owner, pointing at the problem. I wouldn't like someone fucking up with my website (or anything else for that matter), so i wouldn't do that too (okay, there are some exemptions, basically websites of friends that i like to irritate ).

PS: xyberz said: "am currently reading Kevin Mitnick's The Art of Deception" +1 to that, definitely awesome book