Contact us
access@thebrightbyte.com

It Services

Back to blog
Notesline

We are H*cked

Vitaliy Zarubin
Written by Vitaliy Zarubin13 oct 2024

The nightmare of a server breach: How our game project almost crashed

We were working on an exciting web-based gaming project. Our infrastructure was cloud-based, a carefully integrated setup of CMS, Firebase and a web application that fed data into a larger mobile application. The exchange of data between all these components was serious. Every move, every user action - everything had to be synchronised in real time to give our users the best possible gaming experience.

Everything went well. The system was running smoothly, with data flowing between the Firebase backend, our CMS and the mobile app. We were excited to see the progress as users began to interact with the game.

Then came Friday night. The nightmare began. Firebase architecture

The sudden silence: The servers stopped responding

At around 8pm, our alert system alerted us - but not in a good way. Our servers had stopped responding. At first we thought it was a minor problem - a glitch in the cloud, perhaps, something that could be fixed with a simple reboot.

We tried rebooting the servers. Nothing. No response. No pings. Silence.

We scrambled to investigate. Logging into our cloud hosting provider, we discovered that the last database dump was from two days ago. Everything after that was gone. Gone.

But there was hope. Thank God for Firebase. We were able to pull the real-time data from Firebase and save our user data and activity logs. But the core infrastructure - the database, the CMS, the web application - was compromised.

The hacker's calling card: A ransom demand

Our security specialist dug deep into the system. What he found was chilling.

The hackers had infiltrated our server, wiped the entire database and left a new database in its place. There was a message in it. A message that made our stomachs sink: "Pay the ransom in Bitcoin if you want your data back." They even had the nerve to leave a contact on Signal.

We had been compromised. Everything we had worked for was now being held hostage by faceless attackers.

The server setup: Vulnerabilities we didn't see coming

Our server was configured with three containers: sail, MySQL and Redis. At first glance, everything seemed sound. But under the hood, we found the vulnerabilities that likely led to the attack.

  1. Redis was exposed with an open port and no password. It was practically an invitation.
  2. Sail was also open, intended to work through Nginx reverse proxy with HTTPS and Let's Encrypt certificates. But this setup may not have been as secure as we thought.
  3. MySQL was secure from the outside, limited to local access, but it didn't matter - the attackers found another way in.

The breach: How they got in

We checked the SSH access logs. No one had accessed the server via SSH. Our root password was complex enough to deter brute force attacks.

But there was a bigger problem. The Laravel application logs were empty at the time of the attack. This indicated that the hackers had wiped them clean after gaining access, leaving no trace of their movements.

With the Redis and Sail ports open, the attackers found a way in, exploited the system and gained access to the server's file system. From there, they were able to delete everything, including the database and logs.

What we did next: Emergency Recovery Mode

We went into emergency recovery mode. The first priority was to secure the system. Here's what we did:

  1. **Changed all passwords: Every password, from service accounts to containers, was updated to use complex, strong passwords.
  2. **Shut down external access: We immediately shut down all external access to the Redis and Sail containers. No more exposed ports. Everything locked down.
  3. **Set up automatic backups: We set up daily backups with a 5 day retention. That way, even if we were attacked again, we wouldn't lose everything.
  4. Migrated to a new server: We didn't want to take any chances with a possible backdoor. We migrated everything to a new server with an updated, hardened configuration.

Lessons learned: Protecting ourselves going forward

The incident was a wake-up call. It wasn't just about rebooting the server. We had to rethink our entire security infrastructure.

  • Continuous monitoring: We set up continuous monitoring of server and container activity to catch any suspicious behaviour early.
  • Logs and dumps: We configured logs and database dumps to be automatically backed up to external, secure storage to avoid losing logs if attackers delete them.
  • Redis and Sail: Redis was now protected by strong passwords and we closed the previously exposed ports. No more vulnerabilities in our container setup.
  • Security Policies: We enforced strict security policies across the board, including password management via Vaultwarden and SSH key-based authentication.

Final thoughts: A close call

This was a close call. Without Firebase and quick thinking, we could have lost even more. Our product and data were at risk, but we've come out stronger, more secure and with a renewed focus on data protection.

It's not just about having great features and a smooth user experience - security is everything. We learnt our lesson the hard way, but now we're better prepared.

Did you find this post interesting? Share it!

Featured

  • Data security
  • Infrastructure
  • Mobile App encryption
  • GDPR

Top 10 Information Security practices

Discover the top 10 key considerations for ensuring information security in custom digital product development. Learn about secure infrastructure, data encryption, and more

12 oct 2024
  • Custom development
  • No-Code
  • B2B
  • Mobile

Why custom development beats no-code every time

Bright Byte specializes in custom taxi app development on Flutter. We provide scalable and tailored solutions, focusing on cloud-based infrastructure, business processes, and long-term support for B2B and B2C markets

09 oct 2024
  • Product
  • Management
  • Business

The Paradox of Choice: How Too Many Features Can Kill Your Product

There's an old saying: Appetite comes with eating. This is especially true in software development. How many of us have started out wanting to implement a simple sorting function, only to end up with an overly complex system involving ElasticSearch algorithms, filters, tags, and even a system for favoriting content? It's a slippery slope that many development teams fall into, driven by the desire to add more features to make their product more appealing.

07 oct 2024
  • All

Enhance Your Loyalty Program: The Power of Gamification

The Bright Byte advocates for the transformative power of gamification in loyalty programs. Engaging and retaining people's attention can be achieved through three strategic pillars that play a crucial role in deep interaction.

22 mar 2024
  • Management

§ 2. How the Internet Works

This question is designed to understand how a person thinks.

21 mar 2024
  • Management

§ 6. How Programming Languages Are Chosen in Business

In the world of development, there are many programming languages, and their number is constantly growing

21 mar 2024
  • Management

§ 5. First Distribution, Then the Product

Ideas do not emerge in a vacuum. In large companies, there is an approach called "gemba.

14 mar 2024
  • Management

§ 3. How a Python Developer Becomes a Software Engineer

We have all encountered job titles like "Software Engineers," "Category V Specialists," and other engineering-specific titles.

14 mar 2024
  • Management

§ 4. Why Government Contracts Are Awarded to Friends and Relatives

We are all familiar with situations where a large company is serviced by a smaller one, headed by a friend or relative.

14 mar 2024
  • Sports

Revolution in Women's Sports with the Help of Artificial Intelligence

On July 20, 2023, the 9th Women's World Football Championship kicked off. It's no secret that women's sports are on the path to a historic breakthrough.

04 aug 2023
  • Sports

Interactive Platforms and Fan Engagement: New Approaches in the Sports Industry

Each year, the role of digital products in the sports sector becomes increasingly significant, offering new opportunities for athletes, managers, and fans alike.

03 aug 2023
  • IT

From Idea to Product: How Innovative Approaches in Custom Software Development Help Achieve Goals

Welcome to the world of custom software development! Creating a product from idea to implementation can be a lengthy and costly process.

14 may 2023
  • IT

Cross-Platform vs Native

First of all, it is important to define what each term means

04 apr 2023
  • IT

Project Manager vs. Product Manager

The responsibilities of Project Managers and Product Managers are often confused. Let's clarify once and for all who is who, how they work, and where they intersect.

04 apr 2023
  • IT

Why Do Companies Develop Their Own Chatbots on Telegram?

A chatbot on Telegram is no longer just a geeky story but a full-fledged service. With numerous features, a ready audience, and ease of use, let's find out how chatbots outperform mobile apps, their core algorithm, and how to create them.

04 apr 2023
  • IT

How to Choose a CRM?

How does this mysterious system work, why is it not a panacea for business, and how do you know if you need it or not? Today we will talk about CRM—its types, goals, and an old-school analog.

30 mar 2023
  • IT

Should You Hire Graduates from Online Schools in IT?

Almost all online education platforms have launched their programming courses. They promise, of course, a long and happy life, knowledge of languages, and the caring support of a mentor who will be proud of you no matter what. Let's figure out how this happens in reality, what the "righteous path of a true developer" is, and whether you will be hired or not.

30 mar 2023
  • Management

§ 1. The Art of Custom Development

As I enter the 15th year of my professional journey, reflecting on my experiences feels both nostalgic and enlightening.

13 mar 2023