Red Squirrel
No Lifer
The database folder on my game server mysteriously vanished, so this morning when the server did it's scheduled reboot, it never came back.
I restored a backup and all is good, but I can't just stop here, I need to figure out what happened. I might of got hacked, maybe a script went wacky, or maybe I even accidentally dragged it off who knows where. I'm hoping its just user error on my part, but I'd like to be able to confirm what happened, if its even possible.
This server has a SSL FTP which accepts only my IP (Cerberus FTP server) as well as RDP wide open (I know, thats bad, no other way as I have no physical access, and no way to setup SSH with tunneling or anything) and windows firewall blocks all the other ports.
So if I got hacked it was mostly through RDP. I was checking audit logs, and I see lot of account log ons, but from sound of it, thats just scripts running and such that have to authenticate. They're all at fixed times, like 7:00 etc.
I restored a backup and all is good, but I can't just stop here, I need to figure out what happened. I might of got hacked, maybe a script went wacky, or maybe I even accidentally dragged it off who knows where. I'm hoping its just user error on my part, but I'd like to be able to confirm what happened, if its even possible.
This server has a SSL FTP which accepts only my IP (Cerberus FTP server) as well as RDP wide open (I know, thats bad, no other way as I have no physical access, and no way to setup SSH with tunneling or anything) and windows firewall blocks all the other ports.
So if I got hacked it was mostly through RDP. I was checking audit logs, and I see lot of account log ons, but from sound of it, thats just scripts running and such that have to authenticate. They're all at fixed times, like 7:00 etc.
