I guess this is a terrible way to start a Monday, my database got hacked this morning, and the hacker wiped all the data leave a message in the database:

Your Database is downloaded and backed up on our secured servers. To recover your lost data: Send 0.2 BTC to our BitCoin Address and Contact us by eMail with your server IP Address and a Proof of Payment. Any eMail without your server IP Address and a Proof of Payment together will be ignored. You are welcome!

Why this happen?

Not setting a password

I am a lazy bum because I try to solve things the easiest way (All the programmers are lazy). So, I open up a port for my database for my own entry without setting a password. I was busy developing stuff but I don't take security as my first priority.

Accidentally push my server IP to github

Then, I accidentally push the database IP into github, with the port that connected to the database. I am so lazy that I just patch it with another commit without reverting the push file. Since GitHub is open up for everyone to check, it could be that the hacker went into there and get the server IP.

Not backing up

I plan to back up the data when I am free, not taking this issue seriously. So, the data got wiped out by the hacker and nothing is left.

Fixing it

I spend the whole morning creating a new server and setting up the bot all over again. This time, I closed up the port and setup admin user for my database.

If I take security into consideration, it would take me less than 30 minutes, rather than my whole database got wiped and the whole morning fixing.

I guess I learnt it the hard way because I was ignorant about security and saving backups.

Thanks for reading, STEEM-ON!

_{Animated Banner Created By @zord189}