日期
12 April 2019 Friday. 09:23:21 UTC
文本
We got the same message reported by other people about our database being deleted and having to pay bitcoin to get it back.
It seems they got in by guessing a phpmyadmin password (I found hundreds of POST requests to it in my apache log). I also found timeout error messages in the same log shortly after they guessed correct, from the import/export endpoint of pypmyadmin, indicating they failed to properly back up our database. Fortunately I was able to restore from backup and I have added extra security to the phpmyadmin backend. If your database is smaller the perpetrators between these attacks may have actually downloaded and secured your data, but I wouldn't bet on it.