My server was hacked on december 23st. A nice little christmas present from some brazilian hackers.
From the remains of the harddisk I can see that they might have tried to deface the sites on the server with some anti-american propaganda. But during the break-in I think something went wrong because they had deleted all the home-directories and the Linux kernel. And then the machine went dead.
Luckily I’d taken a daily backup of the MySQL database and - through sheer luck - saved it on a part of the disk that they hadn’t erased. So I haven’t lost any updates to the database. But some updates to the sites have been lost.
I was running Redhat 8 on the server. It was the best Linux distribution out there when I set the server up. But since then Redhat stopped supporting it and I found it hard to keep it up-to-date with security patches. So it has probably been a pretty easy target.
By now it is almost up and running again. None of my clients have lost anything but I think I have lost about a weeks work on scripts and stuff like that. Plus of course all the time I’ve used on setting up the machine again.
So be careful out there. Do off-site backups and patch any holes that are found in the software you run.
