I guess this is a terrible way to start a Monday, my database got hacked this morning, and the hacker wiped all the data leave a message in the database:
Your Database is downloaded and backed up on our secured servers. To recover your lost data: Send 0.2 BTC to our BitCoin Address and Contact us by eMail with your server IP Address and a Proof of Payment. Any eMail without your server IP Address and a Proof of Payment together will be ignored. You are welcome!
Why this happen?
Not setting a password
I am a lazy bum because I try to solve things the easiest way (All the programmers are lazy). So, I open up a port for my database for my own entry without setting a password. I was busy developing stuff but I don't take security as my first priority.
Accidentally push my server IP to github
Then, I accidentally push the database IP into github, with the port that connected to the database. I am so lazy that I just patch it with another commit without reverting the push file. Since GitHub is open up for everyone to check, it could be that the hacker went into there and get the server IP.
Not backing up
I plan to back up the data when I am free, not taking this issue seriously. So, the data got wiped out by the hacker and nothing is left.
Fixing it
I spend the whole morning creating a new server and setting up the bot all over again. This time, I closed up the port and setup admin user for my database.
If I take security into consideration, it would take me less than 30 minutes, rather than my whole database got wiped and the whole morning fixing.
I guess I learnt it the hard way because I was ignorant about security and saving backups.
Thanks for reading, STEEM-ON!
Animated Banner Created By @zord189
Sry to hear about it mate! But feels good to hear how fast you recovered from it and kept moving
Thanks man. I guess I learn from the mistakes haha
I have been there before so I understand the pain.... we are with you...
I was a bit ignorant about security, first time being hack LOL
@superoo7 Omg, you got hacked bro? Hmm, we need to be extremely careful with our own passwords...
The problem is I din setup password
oh no, that's a worst fear of mine to accidentally publish my password!! hope everything turns out ok.
I guess everything is fine, just that the data are lost π
No worries. It's good that it happen now than later. Thank you for your fast recovery on the bot.
Although I don't understand this, but I am glad everything is under control. So moral of this event is, don't be lazy, anything can happen. Need to be extra careful too.
Haha, Thanks for stopping by. Yea I am lazy and ignorant about security. So, always put security first β
I am lazy too. So mommy @elizacheng will scold me for being too lazy. π
hack them back
Ouch! Sorry it caused you so much grief... :(
But you got back on your feet pronto, which is a good thing! Cheer up, no worries, we are all behind you!! πͺ
Thanks haha, luckily I am not losing much
Oh dear...no wonder the bot is down. Glad that you managed to plug the leak and immediately rectify it. You are doing a great job of powering our bots and balancing it with your studies. Let this incident be a valuable lesson and not stop you from being more vigilant in future.
Thanks @karinzdailygrind , appreciate it π
adui, guess i have to careful what i upload to github
Facepalm myself, haha
Learn it the hard way π
I can revoke the push actually, but lazy to check the documentation, so I patch it. π
Silly bugger! Well at least you know better now XD Hope you didn't lose anything sensitive or too major :)
Yeap learn it the hard way haha
Same as me lazy to set password even thou got password also its a simple password. After ur case, i better change my password to more secure type. Dangerous yo!
haha, the main security issue is that people are lazy
Thank you for sharing your posts with us. This post was curated by TeamMalaysia as part of our community support. Looking forward for more posts from you.
To support the growth of TeamMalaysia Follow our upvotes by using steemauto.com and follow trail of @myach
Vote TeamMalaysia witness bitrocker2020 using this link vote bitrocker2020 witness
Sorry you had to feel that pain, these hackers are super sharp today, good lessons to be shared @superoo
Thanks for stopping by, I guess I have learn it the hard way haha.
Sorry to hear that @superoo7 but glad you got it sorted. It's so easy to not heed the warnings . . . until it happens to you!
Yeap, as simple as setting up a password. Never thought I would get hacked this way.
Oh no, that is terrible! Hopefully now that you have taken more security measures with the new database you won't have this problem again!
Yeap, I shifted the server and close the loophole. So, I guess it is fine
All well that ends well, Thankfully you fixed your problem. It's a big lesson for all of don't be lazy on our work. Some people learn from their mistake and other people learn from people mistake. Thanks for Caring about this community to share information on this important topic. It is wise to take advantage of other mistake. keep sharing @superoo7. Best of luck
Thanks for your support @kamchore, really appreciate it.
well and i was already paranoid about getting ping calls.. u seem quite fine for loosing a database :D
This I call a true monday.
Not really fine, haha. It caused a bit of trouble, I guess I manage to sorted it out.
Oh my. That was a painful thing to learn. But I'm glad to know it is fixed @superoo7 :) On the other hand, love the GIFs you used in this post, Hehe!
Thanks @happycrazycon, I guess GIF helps to make the article looks for fun instead of all the technical terms that I use.
Agree that GIFs is fun and I think they cheer people up being a tad bit funny. Thanks for doing so much for #teammalaysia and all on this platform! Great day ahead!
That would be painful, but seems you were able to recover. The lesson is an important one. You won't make that mistake again, will you?
I guess I wont do it again? π
Ahhh man! What a bummer news so sorry to hear about that, hope u recover well and next time u hack them!
lol that's not how hacking work haha. Thanks!
lol I knowz, speedy recov!
thanks for fixing the problem gor gor @superoo7!
Sorry to hear mate, I guess we all underestimate bad people at times.
This post is sponsored by @appreciator in collaboration with #steemitbloggers. Keep up the good work
Where is your db hosted? Are you typically on the run && ip rules would be a hassle? You also can store your db connection info in a file locally so you dont have to type it in (like .pgpass)
Hey, I am not using shared hosting. My database is hosted on VPS (Digital Ocean) , so I open up a port for development purpose.
Oooops! Nice to read about fellow coder struggles, also I must go and check my servers now....lol
Programmer are Lazy bum, I guess security is top priority.
i have heard more of these stories in recent times lol...as a matter of fact heard some tech geeks on https://venomthreads.com are the best when it terms gaining, revoking and recovering access into a database and with a certification to show for it. i also have the believe too that it's only people with profound tech knowledge that can pull off stuffs like database hacks.