Web Server Hacked

My company was recieving free hosting for a fairly large project we have been working on for the past 5 months. Several times we have had threats of people planning to hack into our server and delete everything.
Only 48 hours ago I sent an email to the hosting company about the threats of hacking. They told me that everything was secure, backed up and that I shouldn't worry about anything. If I still wanted peice of mind I had the option of applying for a username and password change, which I did.
About 12 hours ago, it came to my attention that our server had been hacked and everything had been deleted.
I spoke briefly to someone I knew from the hosting company and he said that the hackers had found our username and password then logged in normaly, so they cannot do anything about it.
Anything else he said after that sounded like bull**** because he was saying things like "It will cost us $7000 USD to have your data recovered" and "Theres a 1 in 39 chances of you getting any of you data back."

I really don't know what I should do or what I can do...this is very important.
Can someone make any suggestions as to what I should do?


Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

What's wrong with this picture?
You had been threatened with hacking.
Someone "found" administrative credentials to a production system.
You were relying on someone else to backup 5 months worth of work without any knowledge of their practices or local copies?
You didn't have any sort of version control in place?

I can sympathize with your having been hacked, but there doesn't seem much you can do now, except to try to gather up whatever the developers have locally. If you had some sort of contractual relationship with the hosting organisation (and if it was truly free you don't) you could pursue a damage claim. If they have any sort of syslogging you may be able to trace the origin of the attack and pursue remedies there.

The best thing that will come out of this is that someone else may read this and put some disaster recovery procedures in place.
OBCTAuthor Commented:
>Someone "found" administrative credentials to a production system.

Do you think theres a possibility that someone with the server security codes could have been involved??
How many avenues of discovering this information are there OUTSIDE of your organization?
Does the hosting organization log logins? the IP's?
They'd have to have a pretty poor authentication system for someone to crack into it.

Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

OBCTAuthor Commented:
We did have everything backed up except for our sql database.
I don't know enough about sever security to know about the ip logs, and that sort of stuff but the server company isn't telling me much either so I'm not 100% sure what is going on.
We had the hosting totally free so we can't make a damage claim.
What are the chances of someone using a trojan or keylogger? Is there anyway to find out how this person who ever it may be got our passwords?
>What are the chances of someone using a trojan or keylogger?
It would still be there, they don'y evaporate.

>Is there anyway to find out how this person who ever it may be got our passwords?
If the hosting company isn't forthcoming perhaps not.
It seems the kind of thing someone would brag about though, as there was probably no finiancial motive.
OBCTAuthor Commented:
I have been sent two images of someone in a msn conversation where someone is boasting about closing us down but I didn't think it would change anything because it would never hold up in court.
I've emailed the hoster company saying that letting someone get away with this is totally unacceptable, and I'm still waiting for a reply.
We've put all our data onto a new server and we're going to get another server to run as a backup.
Just before I give you the points, do you have any suggestions as to how I can prevent such a thing happening in the future?
Getting to the bottom of how the authentication data was compromised is the first step.
What motive does this person have?
Why you?
The backup server's a good idea, and a disaster recovery plan that includes ALL your data is another.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
OBCTAuthor Commented:
Thanks for your help :)


It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.