A Crummy Day

Posted on by

So on Thursday morning I woke up like most mornings and on my way out the door, checked my email for a message from my wife on oatmail.org.  The server was replying with a message indicating “invalid username or password.”  This was funny.  I don’t have any password expiration policies set on oatmail accounts.

All day on Thursday I was up in Portland at a vendor event, and I wasn’t able to look into the errors at all. When I got home to my house in Eugene I discovered that all of our data had been deleted from my hosting providers’ storage.   This included the last 6 years of mail (for some users it was more like 9 years of email).  It also included all of our files and this blog that has chronicled our endeavors together since marriage.

When I discovered that all of our account data had suddenly gone missing, I contacted technical support immediately.  They claimed that the data had been deleted by me.  I’m the only person with direct login to the account and it turns out I use a unique password for the main account that nobody else knows or is used elsewhere on the web.  I also hadn’t logged into the account in over 5 weeks so this was a bit of a quandry for me.

I pushed the hosting company for logs or other data that could backup their accusation and they were unable to produce any information at all showing that anyone had accessed the account.  Despite this, they insisted that they did not delete our account data.  Because of their lack of explanation, I can only assume that our account was compromised and some disgruntled hacker decided to delete the last 9 years of our lives.  The hosting provider refuses to investigate the ticket as a security incident.

Adding to the insult, they had no backups of our account.  The data is gone.  I should have assumed that they wouldn’t take backups.  This is my bad, and a valuable less that I should have already learned.

I have re-created the blog, I’ll see if there is some magical way to restore the content from internet archives at a later date.  I’m sure Rachel will post something soon on the website, she is traveling in Japan at the moment.

In any case, sorry for those of you who couldn’t get in touch with us over the weekend, our email should be working again.  I have also changed some configuration options to remove access for “service accounts” that hostmonster creates by default, I have purchased SSL certificates for our email websites, and I am implementing online nightly backups of the website.  All of these things I should have done before.  I can’t help suspect though, that this was related to a mess-up by the hosting provider rather than an actual security compromise of our account.  Either way, I’ll never know.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>