What would you do?

[woopwoop]

Ok so the story begins by me buying a niche forum/website back in 2009 with some loyal members, lots of uvs and some pretty great content (especially user uploaded (and created) files for download).

Over the next few years I let the site slip, it made money through adverse, but became spammy. Today I received this email:

Some time ago, in 2009/2010 ####my website name#### has been sold, but their new admin isnt active, he only want make money with google adsence. Its bad ####person's name#### sold this website!

The site was getting full of spammers and losing good users. Slowly began to die!

In April 2011, the system of registers and logins no longer work properly. Furthermore, the ####my website name#### platform, phpNUKE started to be the victim of attacks that destroyed a large part of database.

In january 2012, I started trying to recover the ####my website name####, first started to save all files to download. Then I started to build a new community, with a more secure and safe platform. After several months of work, we have the new site open to public.

I still managed to recover forum/users/pms until 2009. If you have an account in the old ####my website name#### registed until 2009, you can use it in our new website. If you do not remenber the password/username, you can email me at: ############ (website email form)

Our new site only have 3 months but in this time our members released great projects like ######################### (types of user software/games) and other great add-ins!

It is with great joy that we have come to invite our old members to return to join us.

Our new website is avaliable at: ######

Best Regards, #####
Name of company LLC
Full address
Lisbon
Portugal

So I receive this and I'm passed. The guys domain is similar (but different) to mine, but he has somehow got the old forum user list, PMs, he downloaded all the download files (that members had previously uploaded) - again these were legal, user created files/software...

Either the guy got them from the person I bought the software from, or he hacked the site.

I only have my phone to work with for a few days while I'm on a trip (so tough to fully investigate this) but I'm furious - though I'm glad the guy also included me on his mailing list where he explained the wrongs he had done!

He has an LLC in Portugal with the name of his venture. He has broken privacy laws, database+copyright infringement... Also if the seller (who I think was based in Australia) has given him all the 2009 files, then that is also a huge problem (i bought the site through Sedo).

What would you do in this situation? A mess and not one that I want to throw money at, but one I feel he has just shot himself in the foot by giving me evidence of what he did and his plan.

 

[woopwoop]

Thx for comments - i did let the site slip and so your advice is probably decent.

I am taking screenshots of his website and just went to my website (to see how bad it is...) and guess what? It now forwards to his website....

I had ###.com and ###.org both going to my website and now they go to his. I immediately checked the whois and both of these domains are still registered to me but the f-er has hacked them to forward to his.

I searched my email for the guys name and he offered me $55 for the domain back in January! I paid $700 for the .org and site in 2009 (later catching the .com)

This is seriously f-ed up... I don't even want to change anything about the redirects until I figure out the best move.

 

[WealdDomains]

As a general method, it may be worth doing something like this :

- list the various parties (people/companies/organisations) involved
- step back and consider their own individual commercial and emotional viewpoints
- identify the formal legal and contractual linkages
- consider the jurisdictions (countries) of the parties and the laws
- consider what evidence you have access to (eg his email offer, notifications of settings changes from your hosting company or registrar that you may have missed)
- work out what outcome you personally want to achieve and how much effort and elapsed time you are willing to devote to it
- select which aspect(s) to attack

For example, do you want a long-term ongoing relationship with the community or do you want financial redress or do you want him in handcuffs or do want to be proven rightly morally ?

The parties sound like you, him, the previous owner, your community, his community (overlapping), your hosting company, your registrar, his hosting company, his registrar and the registry (plus any company structures for you, him and the previous owner).

As examples, the outcome of your analysis may be a complaint to his current hosting company that he has breached their T&Cs by publishing copyright material (which may mean they take his site down immediately pending investigation) or may be alerting your hosting company that your account has been hacked (which may also mean he has physically commited a criminal offence under data legislation in Portugal (another EU member state)).

David

 

[Blossom]

As examples, the outcome of your analysis may be a complaint to his current hosting company that he has breached their T&Cs by publishing copyright material (which may mean they take his site down immediately pending investigation) or may be alerting your hosting company that your account has been hacked (which may also mean he has physically commited a criminal offence under data legislation in Portugal (another EU member state)).

Totally agree with this. Report him to his host for copyright infringement and his site should go down very quickly.

Whilst it's kind of sad you let the site slip, if he was really that concerned about it he probably wouldn't have sold it in the first place?

There's also the possibility that he could be trying to build up a similar site to sell on as before. If he resells the content you purchased and a similar site, it's going to get very messy.

Don't forget to change all your account details for your domains.

 

[Edwin]

The fact that he has the PM content (or claims he does) up to 2009 but not later suggests that he has secured a copy of the old site's database from the previous owner. If he'd hacked your server why wouldn't he have all the data right up to the present? Still wrong, of course, but a "different kind of wrong" from hacking.

 

[woopwoop]

Thanks all for replies so far - I have contacted his host and also him. I'm still posses that he put redirects in the access and stated a 301 permanent redirect in the forum index page to his website (in finding all kinds of nasty brute force and other scripts on my server). I'm away from backups at the moment so could only stop the redirect but not put back the original index page that this guy has deleted.

@edwin - I think that he may have got a back up of the website that was saved on the server, he claims on his website that the database was corrupt after a certain date because of spammers/hackers. I am starting to think that maybe the old owner isn't involved because his posts on the 'new' site are dated back a few years (i originally thought his posts were very recent).

If the old owner was involved I was even thinking about contacting sedo and the bank any trying to do a chargeback, but I did escrow and it's been too long (but I don't think that he is involved now)