General And we start again...

    Nobody is reading this thread right now.
What just happened?
Earlier this week i reported that the server the site is on was hacked by a turkish group and files deleted. They requested a ransom via crypto to get it operational again. Restoring it back was pretty easy. It was my understanding that they had gotten through my server account, so password was changed.

On late thursday night, the came back in again and deleted the files and then trawled through configuration files and found the access to the website's database. The database essentially is everything that has ever been posted, contains all users account information etc. They deleted the database, and requested ransom again.

The site routinely contracts developers to help with development of new and existing functionality. An account was created specifically on the server to provide to these said developers who had enough previledges to do the work on the server if they needed. The person who we contract out to do security checked and found that they got in through that developer account. That account has now been deleted.

TLDR; The site was hacked.

What now?
In short, it pains me to say we will be starting from scratch. So users will need to create new accounts. All content that was on this site, may not be recoverable. And there is security issues if we just imported it all back in again if a suitable backup can be found. All content created by the community over the past 20 years is gone. A lot of work that has been put on the site visible and non visible has been wiped out.

How can we all help?
You can help by creating your accounts (as i see people doing right now) and creating the threads and discussing. I will work on creating structure again. So if you want to talk about Dean Bell or Mt Smart Stadium, please just create the thread for it for now. Theres a lot to still be setup but that can be managed.

Sorry guys.
Is there any chance that once they realise we won't pay they just release it back? Or is the damage already done?
It doesnt work like that. They want payment first, but then they usually want more and more before giving stuff in drabs. Also the stuff they give back can have backdoors for them to get back in. Not falling for that. Id rather start from scratch rather than condone those practices.
Excuse all the questions, but how much money do they demand?

And thanks to the Tajhay and team for getting us back.

I agree, never pay extortionists, never allow these bastards to profit off you.
Gutted that we have lost a lot of work that Mt Wellington and others have put into recording player information, jersey lore, etc.
Really sorry for Tahjay and the other mods, considering everything they give to this forum. I guess the best way to honor all that work is for us to just keep on keeping on and talking a lot of crap every day.. I'm guessing we won't struggle.
On a serious note do the hackers now have our info like our passwords?
Actually good point i should address.

there have some info i.e. your email address, your location, your post history etc. They have your password, but it is encrypted so i think that should be safe. Judging by the logs they didnt take a copy of the database but rather just deleted all the data via a script.
tajhay tajhay does this new forum have the ability to stop more hacking? If they see us use a new forum won't they just keep on doing it? Pissing everyone off in the process?
The account they used to get in has been disabled. It was a generic developer account that i could share with developers who the site contracts out to work on features where they need server access so the password was actually simple. It was made so i could monitor if they did something dodgy. However because it was needed to be shared it had a super easy password as well rather than going back and forth esp with different timezones. Anyway it wasnt any of the developers who have worked on the site. It was bruteforced.

I will work with a security expert i use for the site in UK to tighten the measures around that further. Oh and more importantly, start a process of retaining database backups.
Is there any chance that once they realise we won't pay they just release it back? Or is the damage already done?
Highly unlikely.

They will more than likely just move on and target someone else to see if they can get a ransom.

The thing with ransomware your at the mercy of the attacker as it's not like purchasing off a verified individual. They may unencrypt the data or they may just take your money and move on.