As you are aware, we had our technical person at the Network Operating Center most of yesterday.
TOPOLOGY:
GREEN Server: Library and Email Server
PURPLE Server: Web Site and Forum server
White Server: Oflfline and powered down standby server
NAS: Network Accessible Servers connected to PURPLE
SUMMARY:
Ran mirror image of GREEN. Twenty one gigs of data mirrored.
Ran mirror image of PURPLE. No mirror created (see below).
Using Acronis Partition recovery tool:
Ran partition recovery on GREEN. All but two partitions recovered (/root and /home)
Ran partition reconvery on PURPLE. No partitions recovered.
Checked NAS; all disks shown as good and operating. Unable to determine if data is corrupted at this time.
DISCUSSION:
As can be seen from the results on PURPLE, we can confirm that PURPLE was hacked into oblivion. The disk appears to have been wiped. We will be removing the disk and sending it out for forensic analysis with the intent to recover the log files and any other traces of the individual or individuals who did this and to recover as much data as possible.
GREEN appears to have suffered the same attack, but because of a bad sector, the hacker could not get beyond that point to do a complete wipe of the disk. In other words, data exists there to recover and determine whether there are finger prints to track.
NAS disks are working fine, but have we were not been able to determine yesterday whether data integrity is there. Will determine that later this week.
White has been brought back online and reformatted with new OS.
All systems remain unplugged from the net pending reconstruction and security / configuration / and backup strategy implementation.
Okay, now what does all that mean? Well, it means we are not dead in the water. At least not yet. We were definitly sabotaged and we are looking to recover footprints on all of the servers and disks that we have at our disposal to provide the facts to substantiate legal actions being taken against the perpetrator(s). More importantly, we want to recover all the data on PURPLE to put back in place the forum as it existed at 2145 on 13 May. We may be able to recover that data from other locals in our NAS and PURPLE however, and we are investigating that.
We are pretty confident that we will be able to retrieve and rebuild the library. We are still working that.
How are your contributions to AVSIM helping us get to being back online?
We have brought a second, AVSIM experienced, technical support person into the mix. John Binner. We will be flying John up to work with Stan. John will principly be involved in the hardware side of the recovery / rebuild aspect of this effort.
Second, we are pricing out a variety of new hardware and replacement disks for the existing GREEN and PURPLE servers. We are looking at a BLADE SERVER array as our primary system for the new topology at AVSIM. The contributions by the community allow us to consider this technology and in doing so, it enables us to implement capability that we could not have had on the existing PURPLE/GREEN hardware. It will then allow us to use those two older servers for a variety of things, including mirroring and daily back ups OFF the NET and isolated by some pretty serious impediments to further hacking.
In short, your contributions to the AVSIM recovery are already being put to use in bringing this community back on line and on its feet. Thank you again for your support and understanding.
_________________
Tom Allensworth
AVSIM Online
Facebook
Twitter