@Pagane,
Please ask if you want details.
Grids are attacked all the time, to clarify what I mean by all the time, F&I suffers multiple types of intrusion attempts every day. The server hosts DDOS attack messages come daily, typically multiple times per day.
Beyond that, there are more subtle attempts, usually exceeding 10k attempts per day. We do not have unnecessary ports open.
However in December due to a coding update mistake by myself, I left one of my own APIs open with only a password as protection rather than firewalled to my own servers. One of the brute force attacks above broke the password. That has since been fixed of course but the damage left behind has been awful. Mostly because when I restored, the region caches hid the extent of the damage. Resultingly after several months I couldn't go back and restore from a slightly earlier date.
The initial attack wiped all data under the user that runs opensim. Sadly they also ran my database backup script before wiping all the files. I didn't realise this back in December, and now its too late to try and restore an earlier backup.
The result is that I need to give residents time to clean their inventories and regions. Once they have had time, I will wipe the whole asset database, then restore it from OAR and IAR so the entire asset set is fresh.
Thank you nico for going to such lengths to help clean up the mess left behind.
Sara,
Fire and Ice Admin