The short version. Our database server was hacked. The databases were deleted. Our only option ended up being a restore of the backup from when we switched machines two weeks ago.
We feel terrible about it.

The longer version. Our database has been connectable on the Internet for many years. We had some software that connected remotely. We've had a pretty good password. That said, there is apparently a cottage industry with well crafted hacking scripts for hacking MySQL databases. We were hit. We woke up to this message in the only table left in the database: "To recover your lost data : Send 0.055 BTC to our BitCoin Address and Contact us by eMail with your server IP Address or Domain Name and a Proof of Payment. Any eMail without your server IP Address or Domain Name and a Proof of Payment together will be ignored. Your File and DataBase is downloaded and backed up on our servers. If we dont (sic) receive your payment,we will delete your databases."

We love your new content, but we're not gambling that the $250 payment gets anything back.

As part of the new machine and setup, we receive eVault nightly back-ups of the databases. We should have been all ready to go -- except that there has been a lot of changes going on with our hosting provider and the eVault backups weren't going yet.

So, at this point in time. The eVault backups are going in, but in the meantime, we have enough disk now to do a rotating month of backups locally. I've got that started. We've closed the external access hole, so the DB is not accessible on the Net anymore.

Thanks for your patience -- as if you had a choice.


Edited by R. Schiffman (04-04-2019 19:32:38)