On Mon, 6 Aug 2001, Nathan E Norman wrote: > I have to agree with John ... using a security hole in someone else's > server for good or evil is probably not a good idea legally. I'd > advise against it.
In states with "Good Samaritan" laws you are likely to be shielded from liability as long as any action you take is clearly intended as help. Considering the fact that tens of thousands of malicious security attacks per year go unprosecuted, I doubt that anything non-malicious would be a big risk. Unless you have deep pockets. That said, it's traditional to send the admin a message using the root account when a hole is found, but it isn't at all necessary. Just send the relevant excerpt from your log that shows they are attacking you to several good guesses at the relevant account ([EMAIL PROTECTED], [EMAIL PROTECTED], etc.) and leave it at that.
