It finally happened, my server was hacked. The attacker was on a path of destruction and simply destroyed all of my data and locked me out of the server. Fortunately, I keep good backups. Unfortunately, I’ve been busy with a new job so I haven’t been able to restore any of it until today
I believe this attack was initiated by a former co-worker, as the timing for the intrusion lines up directly with my leaving my old position. This leads me to believe that the server/sites were not necessarily mis-configured or vulnerable, rather a former manager / co-worker who knew some of my common passwords simply logged in and destroyed my data.
It also could have been a Steam phisher that I upset a few months back. He messaged me a link to his phishing page saying that I would receive a free game for logging in. I immediately knew what was going on and started taunting the phisher and then ddosed his phishing page. The attacker very well could be related.
However, this is no execuse. I broke one of the basic first rules of web security, use different passwords for everything. Now, all services and users have their own unique password….so far….so good.