We were hacked and lost 2 weeks of posts - IMPORTANT

Posted by: R. Schiffman

We were hacked and lost 2 weeks of posts - IMPORTANT - 04-04-2019 19:30:20

The short version. Our database server was hacked. The databases were deleted. Our only option ended up being a restore of the backup from when we switched machines two weeks ago.
We feel terrible about it.

The longer version. Our database has been connectable on the Internet for many years. We had some software that connected remotely. We've had a pretty good password. That said, there is apparently a cottage industry with well crafted hacking scripts for hacking MySQL databases. We were hit. We woke up to this message in the only table left in the database: "To recover your lost data : Send 0.055 BTC to our BitCoin Address and Contact us by eMail with your server IP Address or Domain Name and a Proof of Payment. Any eMail without your server IP Address or Domain Name and a Proof of Payment together will be ignored. Your File and DataBase is downloaded and backed up on our servers. If we dont (sic) receive your payment,we will delete your databases."

We love your new content, but we're not gambling that the $250 payment gets anything back.

As part of the new machine and setup, we receive eVault nightly back-ups of the databases. We should have been all ready to go -- except that there has been a lot of changes going on with our hosting provider and the eVault backups weren't going yet.

So, at this point in time. The eVault backups are going in, but in the meantime, we have enough disk now to do a rotating month of backups locally. I've got that started. We've closed the external access hole, so the DB is not accessible on the Net anymore.

Thanks for your patience -- as if you had a choice.
Posted by: Brad Harrington

Sorry, we got re-hacked again - 04-11-2019 15:47:50

We didn't have the site tightened down quite enough. We made sure that there were no areas that could be manually exploited with the old password and had to go back to a version of the site that was before the hacking began.

We have gone a few days now without a third incident, so I believe we stopped them. I know it is probably frustrating but I do believe we are good now.