Hackers took my 8 year old community

[Coon]

Everything is gone including both databases, main homepage and forum.

PhotonVPS is the host.

They are telling me the data has been synced with what they have with backups. They do a weekly backup not incremental meaning what ever is on the system will sync to their remote storage.

They also said:

"As for your backups this has been stated your VPS data was compromised either by a hacker or by someone you know. .There is no logs within your VPS for me to determine the root cause but from what I can see only limit system files are present.

At the moment its best we rebuild the VPS and bring you online as soon as possible where you can get your data uploaded.

We perform the following backups which we have properly delivered.

1. Hardware raid which prevents from any data failures in an event of drive failure. This is stated on our site
2. Backups are done to another drive that is separate from raid to another drive to recover data failure that are to occur from raid. It does not protect against a hack issue or a data being deleted by the client. As stated the current state of your VPS has already been synced to our other location. We do not take incremental backups here is a brief overview of incremental - http://en.wikipedia.org/wiki/Incremental_backup

An incremental backup is a backup method in which multiple backups are kept (not just the last one). These backups will be incremental if each original piece of backed up information is stored only once, and then successive backups contain only the information that changed since a previous backup."

So there are no backups to restore from.

I am about to reinstall my forum from scratch.  They just rebuilt my VPS.  Anyone trustworthy that could lend me a hand?

[青山 素子]

We perform the following backups which we have properly delivered.

1. Hardware raid which prevents from any data failures in an event of drive failure. This is stated on our site
2. Backups are done to another drive that is separate from raid to another drive to recover data failure that are to occur from raid. It does not protect against a hack issue or a data being deleted by the client. As stated the current state of your VPS has already been synced to our other location. We do not take incremental backups here is a brief overview of incremental - http://en.wikipedia.org/wiki/Incremental_backup

Those aren't backups. If they're trying to pass those off as data backup procedures, they're either incompetent or lying. The first one is standard data-reliability procedures on a server. The second is essentially RAID-1 (mirror). Neither are proper backups.

I'd help you if I had the time, but unfortunately I do not right now. I'm sure one of the other community members would be happy to advise you on things.

Of course, if you get active help, be sure to watch what they do (don't need a backdoor in your site) and either give them their own temporary account or change passwords after they are done with their work. I'm not saying everyone here is a hacker, but it's prudent to do even if they are upstanding people - account compromises do happen.

[rd]

As the person already said, those aren't real backups and you shouldn't have trusted them from the beginning.

Was the VPS redone? Not that it would matter but it looks like your forum is gone for good.

1. No backups
2. Everything important deleted
3. Highly doubt the VPS provider will mail you their hardrive of your VPS because your not the only one using it, others are as well.
4. Even if you did get the hardrive, I don't think you can
undo the mess.

[Coon]

Do you think they might have messed this up on their end and are now playing it off as a hacking incident?

Everything is gone... even logs.  Really odd.

[Hj Ahmad Rasyid Hj Ismail]

It is very sad indeed. I will make this a lesson and reminder to myself too. I hope you will be able to rebuild your forum again, even if it means to start it again from a scratch. I know you can do it especially when you have all the knowledge and experience. They are something that you will never lose. I think many of us here is ever ready and willing to help you rebuild it again. Wishing you all the best.

[rd]

That's possiable... The server logs should be present unless a "hacker" got access to your VPS CP and reinstalled the OS or something, it's also possiable that they had a crash or something and is blaming it on you.

But hey, what can you do? They are the company, I'm not saying they did anything but even if they did... It wouldn't matter now. 

[青山 素子]

Do you think they might have messed this up on their end and are now playing it off as a hacking incident?

Everything is gone... even logs.  Really odd.

Potentially, but depending on the access that was got and if it was an "active" attempt by a human (rather than some script-kiddie or automated script), logs are one of the first things to get removed in an active penetration.

By the way, the other reason for taking backups yourself is for continuity. What if the host goes out of business suddenly taking your server out of their control? What if their data center is hit by some huge disaster and the contents of their backup vaults are damaged?

It's a sucky lesson, but hopefully you will now make your own backups going forward. Best of luck to you.

[Jakob Fel]

Edited by K@. Spamming.

[Coon]

Thanks for all the comments guys.  It's a lesson learned, that's for sure.

Is there anyone who has some free time and might be interested in helping me install the forum again and add some mods and themes?

[Sheepy]

I'm sorry to hear that Coon. Strictly speaking those are backups - they are hardware backups.

Googled a bit, doesn't look like they are playing it off.  What/how many mods and theme are you thinking?

[ɔɔɔɔɔɔuɥoɾ]

Thanks for all the comments guys.  It's a lesson learned, that's for sure.

Is there anyone who has some free time and might be interested in helping me install the forum again and add some mods and themes?

For at least the next several days, I would pursue getting that database backup too, as they should have a backup.

Anyone here will be able to help you with your smf installation

[Coon]

Actually, there IS a way to restore it, if the host really does have backups.

@OP - would you like me to contact the host on your behalf?

Yes, please... the email is [email protected].  PM me for more info.

[Coon]

Thanks for all the comments guys.  It's a lesson learned, that's for sure.

Is there anyone who has some free time and might be interested in helping me install the forum again and add some mods and themes?

For at least the next several days, I would pursue getting that database backup too, as they should have a backup.

Anyone here will be able to help you with your smf installation

Where would they have the database backed up?  I asked them several time and they don't seem to have anything left.  They said everything that was backed up was synched with the new stuff, or lack therefore.

I sent them another email anyways.

[Kill Em All]

Actually, there IS a way to restore it, if the host really does have backups.

@OP - would you like me to contact the host on your behalf?

Yes, please... the email is [email protected].  You can reference my email ***** and my site beyondfootball dot com.

If your host is anything like mine, they aren't just gonna simply talk to him just because he has your email address. And posting your email address on a public forum isn't a smart idea either.

[Coon]

Fair point - I edited my post.  Can you please edit your post by removing my email address and domain?

[Kill Em All]

done

[nend]

Matters on the VPS software. I used to run a VPS a long while back where the host did back ups plus I had and still have automated task that sync my data every night, so no big deal to me.

If it is the same like back then, the virtualization that is, then more than likely you don't have a database left. Maybe not even much of a VPS left. So that leaves them building your side of the VPS again.

I don't know your setup though, but if they are saying it is gone than it is gone. I am sure if there was anything left they would like to get it to you and keep their customer happy. But one thing though, You got to think if you want to rebuild on this or move on to a different company. If you need a host that keeps backups and don't want to miss with that stuff yourself than it may be safer to move.

[Coon]

POSITIVE UPDATE for everyone interested:

I found a dabatabase from September 2009 on my old host.  I have it up and running right now.  It's obviously not a recent database but it's alot better to have something than nothing.

Now I have to install some mods, get smilies back, and sort out my theme.  Main website is gone though.  I have that database as well but don't have the files that go with it.

Is anyone willing to help me install some of the more common mods?  I'd really appreciate it. 

[kat]

Please...

Remember to backup, won't you?

I think people would like to know which mods and themes, before they commit themselves.

Why not have a go, yourself, though?

As long as you backup, before installing each mod, you can't go far wrong, really.

[Coon]

Hah, sure will backup this time around! 

As far as the mods are concerned, I will need the advanced quick reply, youtube video embed, and a good ratings mod if there is one. A shoutbox and portal/sidebar would also be nice as I had those on my last forum.

I can try to do some of this myself but I know I can't do most of these as I've tried before and messed up.  I can try again though... if someone is interested in lending a hand though, please let me know.