1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Lost wordpress database

Discussion in 'Databases' started by rich1812, Jan 6, 2019.

  1. #1
    Hello, just this past two weeks or so, I noticed the wordpress keeps missing from my personal server. Even last night, I set up a database called wp_db, this morning I check in phpmyadmin, wp_db is no longer in the database, it added a database called PLEASE_READ_ME_XXS and a table titled WARNING, in it, it has this content:
    "To recover your lost
    data : Send 0.04 BTC to our BitCoin Address and Contact us by eMail with your server IP Address or Domain Name and a Proof of Payment. Any eMail without your server IP Address or Domain Name and a Proof of Payment together will be ignored. Your File and DataBase is downloaded and backed up on our secured servers$.If we dont receive your payment,we will leak your database. "
    SEMrush
    I had a similar message before but never pay much attention to it. What is this? A Ransomware, someone hacked into my computer? Does it happen to anyone else? Thanks.
     
    rich1812, Jan 6, 2019 IP
    SEMrush
  2. CenTex Hosting

    CenTex Hosting Member

    Messages:
    71
    Likes Received:
    9
    Best Answers:
    0
    Trophy Points:
    33
    #2
    yes the looks of what you posted the account was hacked. Did you have this setup on a personal computer at your house or did you have it with a web hosting company.
     
    CenTex Hosting, Jan 6, 2019 IP
  3. belablack

    belablack Well-Known Member

    Messages:
    145
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    180
    #3
    Hi, it appears your server isn't properly secured. Do you know how to review the server logs to determine where the activity originated? If the logs haven't rolled off yet, you should be able to narrow down where the attack originated.

    Your server was likely compromised by a botnet or a system that scans for vulnerable database servers. Once the scanner finds a vulnerable server like yours, it will install malware via injection or XSS exploits. A good way to avoid this is using non-conventional names, closing all unused ports, and using a scanner yourself to make sure your system is secure.

    If you search for wordpress ransomware btc you will see a great number of articles on this subject.
     
    belablack, Jan 6, 2019 IP
  4. rich1812

    rich1812 Peon

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #4
    Thank you for the reply.
    Is the source of the malware resides on my computer? I don't necessarily need to have wordpress on my server ( never like wordpress anyway). Is the malware only targets wordpress? If I delete wordpress, would it affect anything else? Or should I wipe out my drive clean, reinstall the OS?
     
    rich1812, Jan 7, 2019 IP
  5. belablack

    belablack Well-Known Member

    Messages:
    145
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    180
    #5
    No problem. If you want to continue running your own server you should do some research on security hardening. For example, changing the non-standard ports on the database server, not using the standard naming conventions like wp_db, instead use something more like domain_1000 and so on. There are online penetration or 'pen test' scanners and software you can install on your network to scan your server for vulnerabilities, open ports, etc.

    Wordpress can be vulnerable but so can many other software packages, including the operating system itself and the middleware. I run a lot of WP sites and I don't usually run into issues like this unless the software is out of date and I've not made sure my server was secure.
     
    belablack, Jan 7, 2019 IP
  6. rich1812

    rich1812 Peon

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #6
    The breach wasn't in wordpress, after all. I deleted wp, I still lost the database, so I investigate further, to my surprise, it is in phpmyadmin. The phpmyadmin login page is wide open, any John Does have access to it. I thought phpmyadmin is only accessible in localhost by default, guess I was wrong.
     
    rich1812, Jan 9, 2019 IP
  7. belablack

    belablack Well-Known Member

    Messages:
    145
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    180
    #7
    Glad you were able to figure out what was going on! Sucks you lost your database but it's awesome that you upp'd your skill level. Congrats <3
     
    belablack, Jan 9, 2019 IP
  8. MoldyHamwich

    MoldyHamwich Peon

    Messages:
    1
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #8
    Hey, sorry to hear you lost your data. The same thing just happened to me (which is how I found your post - I had the same message in my DB). In case you were considering paying the fee (and for anyone else who comes across this) I want to point out that from my server logs I KNOW that they did not actually backup the data they deleted. It's possible that the person who attacked your system did back up the data, but IMHO unlikely.

    I looked at the bitcoin wallet they wanted me to send money too (https://www.blockchain.com/btc/address/1Muhstiki6zNabTTsxvCwSNt4eHDQDYsQS) and it seems that ~2 people per day are actually paying them. Losing your data is bad enough, but losing your data and a few hundred bucks would really suck.
     
    MoldyHamwich, Jan 9, 2019 IP
  9. LuisParisien

    LuisParisien Peon

    Messages:
    1
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #9
    Something same did happen with my educational website. I had problems with receiving suspecting messages. I am still thinking that someone opened a wrong email.
    It's my website ( https://edubirdie.com/do-my-assignment ). Here you can check writing services.
     
    LuisParisien, Jan 22, 2019 IP
  10. AttaboyRoi

    AttaboyRoi Member

    Messages:
    19
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    33
    #10
    Did anyone in this thread get their data back? What countermeasures have you put in place to prevent this in the future?
     
    AttaboyRoi, Mar 1, 2019 IP
  11. Adrian Joele

    Adrian Joele Member

    Messages:
    4
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    43
    #11
    J had put up a website: www.exerciseprogram.net through Hostgator own website builder. I few weeks ago I suddenly lost it and got the message:"Unable to select database". Hostgator tried to retrieve the data by a backup but this didn't work. Can anyone tell me why this happens?
     
    Adrian Joele, Mar 10, 2019 IP
  12. AttaboyRoi

    AttaboyRoi Member

    Messages:
    19
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    33
    #12
    I don't see that the site is running wordpress. Are you having the same symptoms as the previous posters? If not, you should open a new thread and give some more details about what's running in the backend.
     
    AttaboyRoi, Mar 11, 2019 IP
  13. bountysite

    bountysite Member Premium Member

    Messages:
    38
    Likes Received:
    1
    Best Answers:
    1
    Trophy Points:
    33
    #13
    Hosting providers have backup retention of 7 or 14 days.
    One possible case is that you reported this late. So, when backup was restored, your oldest backup did not have the data.

    If you running website, ensure that you always have an offsite backup. Don't rely on hosting providers.
    Make sure your backup service, has long retention period.
     
    bountysite, Mar 11, 2019 IP