Our website (https://betteraviationjobs.com) experienced a series of cyberattacks on 3rd & 4th December 2020 midnight (GMT +8).
On 3rd December midnight, our server reported CPU usage been continuously running 90% for more than 5 minutes, our protection system immediately shut down server for few minutes. After restart, it run normally.
On 4th December midnight, again our server reported CPU usage is running high, it only occurred few minutes, our site is redirect to others website (spam, selling ads, phishing, etc…).
After hours of troubleshooting, we found out:
- 4419 SQL scripts been hacked/ attacks (change content to force redirect our website to others website).
- More than 1700 Media Files been hacked/ attacks (at media description, force redirect our website to others website).
- More than 1800 back-end source code files been hacked/ attacks (at source code file, change few code to execute redirect).
- DDOS attacks being detected on 3rd & 4th December 2020 midnight.
After hours of troubleshooting, we notice the timing we trying to fix our website is not even manage to catchup the speed of hacker to hack our website.
Therefore, we have no choice, we MUST migrate our website to new server (abandon and rebuild), to stop this bleeding.
With immediate action taken, we initiated migrate our website to new server on 4th December 2020 noon.
After hours of spending, we successfully migrate our website to new server, we managed to stop this cyberattacks, we also managed to migrate the most important data Job Listing Data to the new server. Unfortunately, not all the pages is able to migrate to new server.
We DO NOT keep user data in our website, therefore no user data has been leak due to this cyberattacks incident.
At the moment, still some pages is missing or not display as expected. Top menu of our website is still yet to fixed. Current website layout is not finalised. Normal browsing any Job Listing is running smooth.
We will continue try our best to restore everything it could. It might take some time to fix everything.
We apologies for any inconvenience caused.
If you have any question/ concern regarding this cyberattack incident, you may contact us at firstname.lastname@example.org
Last update: 04th December 2020 | 1500 UTC