On Monday morning we noticed the website was compromised and we shortly shut down the website to make sure nothing malacious was being sent out. It took a bit of time, but we discovered that the form software was compromised via some recent vulnerabilities that are not covered by any patch in the major version we are using. We decided to do a restore on the website just to be safe as we didn't want to have anything left behind that could be causing problems. We have a normal daily backup process of key data and databases offsite for longer term storage so it seemed like the sound solution at the time.

After the server was reinstalled and the backup data pushed over to the server we found that the database backup we had wasn't a full backup of everything due to a failure to dump one of the databases in the process, resulting in some data loss that included recent forum information. The last valid full dump we had of the other databases was back from June. Unfortunately, we didn't have much of an option beyond this but to restore with partial data. This is a process that has been used quite often to dump databases and move them including our migration earlier in the year. The result is a data loss of forum accounts and forms between June 16 and Sept 16.

Register to read more ...