[BlueOnyx:25381] Re: been hacked
oldcabin webmaster
webmasterw117 at gmail.com
Thu Apr 14 01:59:19 -05 2022
I will send details of what they did tomorrow. I am getting vsite's back
one at a time as I type.
Whew
Thanks!
On Thu, Apr 14, 2022 at 1:18 AM Michael Stauber <mstauber at blueonyx.it>
wrote:
> Hi Tim,
>
> > One of my machines was hacked tonight
> >
> > I have all the databases from a backup today at 4:30 pm cst so I think I
> > am good there. They didn't get all my web files just databases
> >
> > They replaced my database was THEIR database with a ransomware note
> inside.
>
> Outch. I'm sorry to hear that. Any idea how they got in?
>
> > I think I can put humpty dumpty back together. Gulp
>
> That's good.
>
> > How do I shut down all http and http on my server till I figure out
> > what happened?
>
> On 5209R/5210R:
>
> systemctl stop httpd
> systemctl stop crond
>
> On anything older than that:
>
> /sbin/service httpd stop
> /sbin/service crond stop
>
> > When I do this "systemctl stop httpd.service" the web server seems comes
> > back to life after a while. I want to keep it off till I am ready
>
> Active Monitor (runs every 15 minutes) will restart any stopped or
> failed services that should be running. By stopping "crond" entirely you
> can prevent that from happening.
>
> Let me know if you need any further help or assistance.
>
> --
> With best regards
>
> Michael Stauber
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20220414/5228d08d/attachment.html>
More information about the Blueonyx
mailing list