I decided to outline the nature of my hack primarily to get others to tighten their security up but also to serve as, with the input of others and edits, a comprehensive guide to protecting yourself from hacks and also what to do if it happens to YOU.
Im currently digging out of a hack that started with my wordpress site. I blacklisted the IP that used a Cent OS print command to login. Blacklisted. DNS records for my site had been severely altered. Old subdomains were now populated with worm-creating databases. GREAT. I deleted the databases, changed all passwords, and removed any accounts other than root. Next day Im suddenly locked out of everything but the hosting company site. No FTP access, SSH for my VPS, my databases and all website data deleted. The home page was turned into a convenient cpanel access for this individual.
Side note, my site was to be a compilation of how tos, guides, etc and the only entry I had was an exhaustive guide on how to apply for Social Security Disability. I have complex PTSD thats kept me from working for a long time and the process is ABSURD. I wanted to help others sift through the BS process and offer my case management services/document proofing/submissions for a lowely fee. I worked my ass off but still was gettting no traffic. I ended up getting 8 volunteers from HubStaff to help me with my site in all regards- generate traffic, proofread, double check my SEO, create a live chat for free Q/A, a new theme, you name it people were signed up to help out with it. At the peak of voluteer assistance came this downfall. Clearly, this guy is not on disability...
Anyway, the hosting company did absolutely nothing to help me with inability to do anything besides login. I ventured again but was locked out again. I admitted defeat and even though I was under PIA VPN on a killswitched dd-wrt router, i unplugged ethernet cables and rebooted my computer to find that none of the three bootable drives in my DAS/server would start up. Jump drives that were in the ports changed permissions to write only. My server's bios was corrupted. Every OS on all 6 PCs/laptops as well as 6 devices were completely fried. Windows services were created to further serve the nefarious databases. All passwords were comprimised. Exploit traps were EVERYWHERE, my Keypass ring turned out to be an exploited version. My seedbox account FTP was suddenely ridden w garbage. All FTP accounts were because my Filezilla info was copied. Seedbox is currently unusable as a Plex server bc of God knows what is going on in there now.
Im very much still digging my way out of this. Before I start listing all that Ive done and what I intend to do to make for a totally secure relaunch of my home network then eventually my website and ftp accounts, I wanted to get some of yalls input as to how you would handle this situation as it now stands on paper. What would you do if you couldnt stay safe behind your vpn and every piece of your OS and drives were owned, you see reverse DNS lookups on wireshark bc hes LOOKING AT THE SITES YOU VISIT??? Currently there are 45 IP addresses bouncing off one of my laptops and services have been created to further the purposes of SQL databases that are technically MINE... This has been a nightmare but i refuse to stay asleep to it. Ill regain what is mine, but with great caution. What would you do if you were me? Ill check back tonight and add what Ive done so far and hopefully integrate suggestions that I receive via comments. Please, do share your thoughts we can together make this a posting devoted to helping others prevent or recover from similar disasters. Thanks!