I just want to warn you that they also hack the SQL-databases.
I have some customers that use a Synology NAS. On that NAS you van install MariaDB.
That is working fine, and is a low cost server solution.
Yesterday a client contacted me tha my prograg give an error at startup.
I logged-in remotely, and to my suprice, if I open te SQL-database with HeidiSQL, my database was gone and an othe database was created, called PLEASE_READ_ME_XMG
In that that thatbase is 1 record with a field containing the text:
- Code: Select all Expand view RUN
- To recover your lost data : Send 0.045 BTC to our BitCoin Address and Contact us by eMail with your server IP Address or Domain Name and a Proof of Payment. Any eMail without your server IP Address or Domain Name and a Proof of Payment together will be ignored. Your File and DataBase is downloaded and backed up on our servers. If we dont receive your payment,we will delete your databases
Luckely the sustomer made a backup the day before, so I could restore the database.
Does anyone els had this problem?
How can I protect myself to that attact again? It's very strange, the didn't deleted or crypted the files on the NAS, only the SQL-data.
I googled the problem,and found:
https://draculaservers.com/tutorials/update-secure-phpmyadmin/
So probably a problem with phpMyAdmin, otherwise thay had to hack the password of the NAS, and the password of the database. If they had the password of the NAS, the would dhave deleted also the other files