I wanted to thank everyone for their support and words of advice, we have read all your posts and are so grateful to you for taking the time to help us.
I would also like to give you an update, explain a few things that were mentioned in the replies to my initial post and then explain what we decided to do and what the outcome has been so far (it may be long winded, i'm sorry).
This kid came to our network looking for trouble, he pushed and threatened the IRCops, and he was initially ignored, we felt that was the best way to deal with him, it wasn't until we *really* felt our users were at risk that we took action. That action was to remove him from our support channel (not the network) and this was followed by an explanation of the ban to him in private. This is when he demanded we lift the ban and show him some respect or he would attack us, catch 22? Do we lift the ban and allow him to do what ever he wants? or we maintain the ban and prepare to be attacked?
We've worked hard on our rules, we've trained our opers not just in commands, but in communicating with users, we looked for "people" people for our staff. Respect plays a huge part in our network, for each other and for our users, we work on an open and honest policy where we share feedback and we take it on the chin, we want to learn and grow and develop. Our user base respects that, and to allow someone to come along and blackmail us would make a mockery of our philosophies.
Please also note that he has access to thousands of compromised machines, we ban him and 20 seconds later he's back on a new proxy and so on. We do have is real ip, when he's using the bots for the
attacks he can't use them to connect, and he likes to check if we are still around, so he uses his real ip :)
ok, so we tried a number of your suggestions;
We contacted the FBI, they asked us to contact our local Law Enforcement Agency. I'm a Brit, so that meant the Metropolitan Computer Crimes Unit. I spoke to a really great guy there, he gave us good advice, and asked us to forward any information we had to him. The problem here is, our server is in the states, so he is limited to what he can do, but just having someone take us seriously helped a
We spoke to friends on other networks, some other IRCops and.. ta da.. one has a folder on this kid, he attacks other networks too, so we have a support network now, a few of us working together to gather and collate information.
At this point he was still attacking us heavily each night, he didn't come onto the network like usual to gloat about it, he just did it.
I think we wanted to believe that there was some good in this kid and that we could reason with him and make him understand what he was doing and how it affected people, not some big corporation, just
normal users, 1600 people who called our Network home.
Last night he logged on, now please imagine, this guy has the ability to destroy something you feel sooooo strongly about, when we see him arrive everyone is tense, we can't help it.
Two of us talked to him, he listened, we *thought* he listened. 10 minutes later it all started again.
We rallied. Enough, we'd done enough now to try and appeal to his sense of right and wrong, we worked on contingency, brought up some other servers, secured them, did what we could to keep him out. We also updated our website, stating enough is enough, calling him a terrorist and explaining to our users (and him) that the next step was the authorities, we also indirectly implied we may call his parents, he didn't say another bad word after that.
Guess what he did? He came back onto our network a few hours later, into our main support channel and in front of fuming users and staff he apologised and promised not to do it again (i am almost tempted to paste the log!), he even said he would make it up to us. There was silence, no one was quite knew what to do.
This hasn't stopped him attacking other networks, we have no idea if he really means he will stop attacking us, but, it doesn't matter now, we have pulled together as a community and as a team, we are not ready to give up.
Moving forward, we are still working on ontingency servers, we have lost a lot of users. People used our network to host national help and advice channels along with other more general chat rooms, but, as much as webmasters want to support us (and we know they do from the emails and comments we have received), they need a stable network. So we are trying to host a few servers ourselves until we can find more sponsors.
We are obtaining isps from the IP's used in the attacks and we plan to e mail as many as possible, as well as trying to educate our users on security, running public training sessions that will include computer security.
Personally, i learnt you can't change everyone, that sometimes you have to make a stance, suffer the short term loss, use it as a learning experience and be more prepared for the next kiddiot that comes along, because, this is irc, and we really do have a kickass Network, an amazing community, and *someone* is always going to want to wreck that.
It's hard work doing this, but yanno what?, right now, sitting in a channel with users who are offering us support every step of the way, reading your comments on here, receiving email after email of support, watching our sponsor fight against this kid, listening to the network staff debating how we can make our network even better, not losing hope for one moment, watching them appease angry users, users who really want to scream at this kid, and keeping their cool when secretly, they want to do the same, makes it worth all this hassle and stress. If i have learnt anything from
this, it's that there are a bloody lot of people out there that really give a damn.