Thread: Server Downtime--Take 2
View Single Post
  #1  
Unread 01-17-2019, 01:36 PM
Alex Pepple Alex Pepple is offline
Administrator
  
Join Date: Dec 1999
Location: San Jose, CA
Posts: 4,930
Blog Entries: 142
Default Server Downtime--Take 2
Dear Eratosphereans,

We’d just been hacked. Again!

After I restored the server, I was gun-shy about setting up the security measures that had crashed it until I could set up an external backup. But it looks like the hackers wasted no time to hack the site and when I first saw how things looked, they looked BAD! (And it must have been easier for them with none of the stronger security measures I was gun-shy about in place!). It was so bad that I couldn’t even login to the server and it looked like the hackers had managed to lock me out of it, and worse, it looked like they’d managed to wipe out everything on the server and there would be nothing to restore even if I could get in.

Eventually, I was able to check through a back door (even though it seems the hackers locked me out from the root account, which is the only place where the system allows changes/restores, etc), and it seemed the files were probably still there.

After that—it took them a while—but I was able to get the tech support of the server's hosting company to reset the root password. So, at least, I could log back in to the server’s root account and determine what mess was left behind by the hackers. It was encouraging then that it seemed all the data files were still there (I didn't go in depth to the folders, but from a high level--so, I still was concerned that there might be crucial things missing when I looked closer!). But overall, it was a good first step in my effort to fix everything, if possible,

Further looking around, and work on it, got me far less concerned--it wasn't as bad and hopeless as I'd feared. Indeed, this time, I restored things a bit quicker than the last since it seemed the user data and other important configuration were still in place and not irreparably tampered with. So, it took me only hours this time (instead of the days of last time) to get things back up and running again … and we’re back up again without any data loss (as far as I can determine). Thanks all, again, for your patience and support!

(And hopefully, this is the last bad server, bad hacker news I'd be reporting to you--and that I'll have to work and work on--for quite a long while!)

Cheers,
Alex
Reply With Quote