sometimes it hurts
but its better than not doing it and finding out later that your machine was compromised way back and has been the whole time
Best case scenario, they were a script kiddy with an automated DB finder that would do nothing more than grab the data and drop the ransom note.
Worst case, they got code across, and set up control software internally potentially compromising all connected machines. Depending on how the server was set up, you might be able to find out if this happened but not many people go to the effort to block all unused outgoing ports on a server before they connect it to the net.
Nightmare scenario if you have a lot of machines on the network.
@ Â So your âbest case scenarioâ is something hackable by any kid/teen? That reminds me of the âWargameâ movie 
More or less
No Professor Falken, the best case scenario is in terms of how far they got in, not how they got in.
Best case as in how much work you need to do to clean up house 
More less 
I always recommend to just log successfull access (logins f.e.). Itâs of little interest to know how they try to gain access. Why? Because even if you know how they try to gain access and try to do counter this, they can at anytime try it with very different techniques. âJustâ try to avoid any possible kind of entrypoint as good as you can and log successfull logins to reveal unwanted access.
[quote=439702:@Sascha S]More less 
[/quote]
A script kiddy could easily have found the right software to perform this attack and nothing more sophisticated like Julian mentioned
Thats not that unusual
Its unlikely to be anyone more sophisticated - but not impossible
[quote=439702:@Sascha S]
I always recommend to just log successfull access (logins f.e.). Itâs of little interest to know how they try to gain access. Why? Because even if you know how they try to gain access and try to do counter this, they can at anytime try it with very different techniques. âJustâ try to avoid any possible kind of entrypoint as good as you can and log successfull logins to reveal unwanted access. ;)[/quote]
I would expect @Travis Hill and @Greg OâLone would disagree as Xojo Cloud gets hammered all day every day and knowing the attacks that are tried helps them mitigate them
Great. So I might as well do nothing and hope for the best.
Iâve got about a dozen machines and wiping them all would not be trivial!
The âeasier said than doneâ technique I use is a fully automated setup script. Files are stored in a cloud provider and merely cached on the production server. The database uses both daily full backups and live hot backups. Website source files are stored in GitHub. The script sets up every piece, including creating user accounts, securing, recovering the database using the hot backups, getting certificates from letâs encrypt⊠everything. A server can be restored in about 15 minutes with no loss of data. And we test this process every six months.
The challenge is remembering to keep your setup script up to date with changes made to the server.
[quote=439703:@Norman Palardy]
I would expect @Travis Hill and @Greg OâLone would disagree as Xojo Cloud gets hammered all day every day and knowing the attacks that are tried helps them mitigate them[/quote]
Hammered is right. Iâve had a couple of bot-farms trying passwords on my systems, sometimes upwards of 100 per second.
It may be a simple âfailed loginâ, but it still takes a small amount of CPU to log.
Small amount done 100s per second results in a noticeable lag in response time.
When that happens, Iâll blacklist the IPs involved.
Since my VPS âserversâ are minimal cpu/ram, Iâd rather they be busy doing their job instead of logging some knuckleheads.
Oh sure it sucks up some resources - nothings free
Not knowing the attack vectors being tried means that you dont know until they succeed and by then its too late.
Like going out and locking your front door and leaving all your windows open thinking âwell my doors are lockedâ and the burglar comes in the window.
If you know the burglars are trying windows then youâd lock those too.
[quote=439719:@Neil Burkholder]Great. So I might as well do nothing and hope for the best.
Iâve got about a dozen machines and wiping them all would not be trivial![/quote]
âroll the dice and take your chancesâ
Not nice.