HellllliiiiiI would like to update everyone on what the hell has been going

1. Hellllliiiii
2.  
3. I would like to update everyone on what the hell has been going on over the last 48-72 hours. Just wanna clear up some drama and spill some tea on what’s gone down. Let's begin at the start. So, on the morning of the 15th, our server box with OVH was due to run out. We had a 3 month subscription at 170 a month, with it increasing to over 300 a month after this 3 month period (390 I believe). Therefore my first priority was making sure I was no charged that price for another month of a mediocre box. I begun with backing up every server before the server closed and I bought another server box on the 13th of this month that is hosted in Dallas. This server box is much much better, but, unfortunately, our default DDOS protection was rather low. Anyway, at the start of yesterday I receive many alerts that someone has accessed my google account and is requesting a 2fa code that is sent via text to my mobile phone. I didn't think TOO much of it although I was rather worried as it was obvious someone was trying to hack me, but I thought they clearly did not get in due to google's security. Progress a few hours down the track, I log in and Arion and I work on setting up the server box. During this process, the discord server is botted and hundreds of new members join, sending hundreds of messages per second causing extreme lag and spam. It's clear in discord's TOS that any bot presence in servers is reason for a deletion of server, therefore our first priority was securing the discord and removing the bots from the server.
4.  
5. A link was then sent to a staff member by the person behind the bot attack, who passed this link on to me. The link was masked as a discord link with just a slight accent on the O in discord (i believe it was - discörd.com) from clicking the link, the sender was able to gain full access to my computer and access all my accounts that were saved via my google passwords. I was unaware at this point of the intrusion, and subsequently fell asleep hours later after setting up the servers entirely. During this time, they entered the newly setup server under my login and deleted a bunch of players islands on Skyblock and wreaked other havoc over the server. Arion quickly turned the servers off before any more harm could be done. Our first priority was patching the UUID spoof so that they could no longer access the server. Though, they had already used their access to gain the token to my discord bot the "RisenCloud Discord Bot" that sends chat messages to #🖥server-chat, which they used to attempt to destroy the discord (mainly just made thousands of new roles called “new role” as the permissions of this bot are rather limited). I immediately reset the bot token and I thought our issues were then over. Not even an hour later, our whole network gets shut off due to a very large DDOS attack targeted towards our number IP (which had begun being utilised literally THAT DAY) at 250 GB per second, this attack is very large and when reported to our hosting company immediately they were shocked by the scale of the attack. They were unable to bring the server back online, and our limited DDOS protection was not able to withstand the incoming attack. We were offline for hours, which is why we then switched the risencloud.net domain back to the survival server and looked into upgrading our available ddos protection.
6.  
7. We decided to spend $25 a month on changing our main IP to a ddos protected IP that would withstand attacks double the size of the one currently being executed. The support team with the hosting company promised no data would be lost during the IP change and that it would be instant. We proceeded to pay them and tell them to do the conversion, which took them over 4 hours to complete… (instant my ass), they also stated after not long that when attempting to reboot the server box it failed to start due to a corrupted /boot file, meaning the server box was unable to start up and all of our 40-50+ GB of files were no longer able to be accessed. 2 different support teams attempted to fix the corrupted file and both failed to do so, so they said the only viable solution is to take out our hard drive, reset the box, put the hard drive back in and transfer over the files to the new database. This was all well and good, so we decided to proceed. They then did the procedure and when replying for the last time, they stated that the size of our original hard drive was 19mb (meaning it had 19mb of files), which is bogus as it had the files from every server on RisenCloud. They clearly either used the wrong box or wiped all of our data. We replied like “wtf where is our shit”, didn’t hear back for HOURS so decided to just start over YET again as we were sick of having the server offline.
8.  
9. So around 1am last night we are setting up panel and Arion uses TeamViewer to upload the files from my computer to the server while I sleep. Each server has about 10 mins left to download. I wake up to a bunch of texts, yet again from google about getting codes to log in to accounts. I then have an Apple verification thing pop up on my phone which states “Someone is trying to log into your account, click allow or do not allow”, I clicked do not allow promptly which closed the window. I then received an email from iCloud stating my computer was being WIPED. Yes, WIPED. Turns out, all you need to do is access someone’s iCloud account, you don’t even need 2fa (even if they have it SET UP) to access Find My (as you wouldn’t have access to 2fa without a phone, common use for Find My). With this Find My access that was shut behind ONE password and email saved in my google passwords, they were able to remotely wipe every file from my computer from the LITERAL other side of the planet. My computer instantly turned off, while uploading the ONLY copies of the backups we had access to, and every file was deleted from the hard drive. After this, I had a mental breakdown and smoked many consecutive bongs unsure of what to make of my life. 

It was 3am in the morning when this took place, I had had 2 hours of sleep so far and was keeping my partner up while going through this as I believed all files on my computer would be 100% unrecoverable, and due to me being so occupied with Uni the last few months I have failed to keep adequate backups (Currently, but soon won’t be, manual…) Good thing almost all of my University work is stored on the cloud. After they wiped my computer, I started receiving menacing messages from a “beandont30” with screenshots of his access to my google account. I immediately begun changing my passwords on everything important such as my bank, PayPal, Minecraft account and others I could think of (remember I’m doing this all from my phone at this point). He begins accessing other accounts such as my snapchat and University logins. He enters my enrolment page for my University and unenrols me from this year’s classes and deletes my already done application for next year… This password is impossible to change without contacting IT support from my University, and keep in mind many of these have all of my personal information stored including family members, address and more harmful/sensitive information.
10.  
11. At this point I begin to beg for mercy and really feel like this is the end. I had more bongs and went back to sleep with my computer still wiped, no OS, just because depression. When I awoke, I begun installation of the OS which was not possible at all. I tried 5 times to install it before I went into disk utility and realised they had also managed to corrupt my hard drive.. So, I had to erase it fully again and repartition it, reinstall OS and the computer is still as if it literally brand new except it aint. I had 500gb of files before the wipe, now I have less than 20gb. As for the server files, Arion asked when I had cancelled my subscription with OVH, and if I was still able to access my server box from the cloud panel. I was, which was a sign that the box was yet to be sold to another customer meaning the hard drive was yet to be wiped. They were able to reactivate the box for 24 hours thanks to OVH, and save the files from the server that were there right before migration begun. These files are currently stored at multiple undisclosed locations and will be kept as safe as possible. They are not stored locally on my computer.
12.  
13. Next, I called Apple and basically got mad because they allow people to bypass all security precautions setup by me and wipe my device remotely from the other side of the planet. The white guy on the other end wasn’t having a bar of it and basically said I need to get a time machine backup or iCloud files (which thankfully, apparently some files were storing in iCloud, no server files though.) I did let their security team know of the possibility of the wipe, so hopefully this issue is fixed soon otherwise we should ALL seriously consider moving to a diff company ;)
14. 
Next, I receive more alerts of sign ins on my google accounts, including notifications, emails and alerts. All 4 of my gmail accounts had had their passwords changed by someone else. They also attempted to change my University login but as mentioned previously, this is impossible. Next, they hack into the whole mee6 bot (like the WHOLE bot) just to enter into our server and delete half the discord channels and fuck with a bunch of other stuff. Arion reacted quickly and removed every bot from the discord to remove the possibility of future attacks. Again, discord backups have been another thing neglected by me while busy with University. 

As of late, Arion managed to expose the hacker’s nudes in the discord server, hacked into his snapchat account and sent his photos throughout the discord. Once they were sent to the hacker, he replied with “Fuck you” and asked to fight. He clearly was distressed which was the perfect vengeance. We all spilled a BUNCH of tea on this ugly and basically exposed him. He was so shook he left the discord and hopefully won’t be back to ruin our peaceful christian Minecraft server. 

I want to say I am very sorry for everything that has gone down, obviously I pride myself in trying to provide 100% uptime and have a stable server that isn’t hacked every day, and for the last few months that has been pretty good. It only takes one asshole to come along and teach you a lesson though, that lesson has been learnt :) Thanks for reading my essay have a great life.