Hacked!

For those how hadn’t heard, my home server (which hosts this Chunderblog) was hacked shortly after the new year.

Not to sound Cold War paranoid, but I suspect the Russians. Mainly because my server logs all access attempts and the vast majority of the IP addresses are either Russian or Ukrainian in origin, with a smattering from Italy, Germany, and Turkey. The hackers wiped out the WordPress databases, and left a ransom note for me to pay some bitcoins to get them back.

Fortunately, I have backups. And backups of backups. And just the week before this happened, I additionally backed up all of the photos to a cloud storage (Amazon Drive).

Just to be on the safe side, I completely formatted and reinstalled the entire server, and restored all of the media files. I installed WordPress fresh, and added a lot of security measures to the whole thing.

In retrospect, this was all my fault. I had left the database manager in the default location with the default admin user name and the default admin password. So it was akin to leaving the front door unlocked. And wide open. And leaving the key in the unlocked front door. And placing a sign in the yard stating that the door is open.

Lessons learned.