Skip navigation


Don’t know whether you are aware the disaster  happened to Distribute I.T .Pty Ltd. This poor site hosting company got hacked 6 days ago and completed lost 4,800 domain sites data including backup and snapshots!!

Let’s check out few posts from their website.


MONDAY, 13 JUNE 2011

Notice – Service Disruptions

Dear Valued Client,
As most of you are aware, Distribute IT’s systems are currently offline due to a deliberate, premeditated and targeted attack on our Network.
The extent of the attack is quite broad and recovery efforts have been underway since the Network was locked down Saturday evening (11/6/11). This attack was a deliberate aim at the Company and our clients and as a valued client you should know the facts.


The following shared servers remain down:

  • Hurricane
  • Drought
  • Blizzard
  • Cyclone

Data Recovery process are still proceeding on these servers. Unfortunately we are unable to offer an ETA at this point. We hope to be able to advise an ETA as the day proceeds.



Update, Shared Hosting Clients – 21st June 2011

Our Data Recovery teams have been working around the clock in an attempt to recover data from the affected servers shared Servers. At this time, We regret to inform that the data, sites and emails that were hosted on Drought, Hurricane, Blizzard and Cyclone can be considered by all the experts to be unrecoverable. While every effort will be made to continue to gain access to the lost information from those hosting servers, it seems unlikely that any usable data will can be salvaged from these platforms. In assessing the situation, our greatest fears have been confirmed that not only was the production data erased during the attack, but also key backups, snapshots and other information that would allow us to reconstruct these Servers from the remaining data.
We have been advised by the team and the storage & capacity managers that we no longer have sufficient resources within the platform to transfer the 4,800 domains and accounts to other parts of the platform, and at this point we cannot undertake further provisioning of servers & accounts on the current infrastructure. This leaves us little choice but to assist you in any way possible to transfer your hosting and email needs to other hosting providers. We would like to thank those loyal customers who have stuck by us during this difficult time and elected to have their hosting remain on our servers. Your thoughts, consideration and kindness will not be easily forgotten. Much soul-searching and thought has gone into taking this course of action, but at this time we cannot see any alternatives for the affected servers.
When setting up Hosting with another Provider please email the new Nameserver settings which will be obtained from them to and we’ll make the changes as soon as possible.
The team will continue to try to recover the information from the affected servers; however at this time we have been advised by the recovery teams that the chances for recovery beyond the data and files so far retrieved are slim. The overall magnitude of the tragedy and the loss of our information and yours is simply incalculable; and we are distressed by the actions of the parties responsible for this reprehensible act.

so Personally, I think it is possible that one of ex-employees did this job and destroy the data on the hard disk in the san and also trashed DR site and delete snapshots. If that hacker can easily destroy data so completely, I don’t think he would leave any traces to lead to that person. One can easily remote to one PC in China and one PC in States and link back to Australia. No way this can be traced.

While we clearly know there is no chance to find the criminal, but I wonder how come a host company would run without backup tapes. There are no way the hacker could damage tapes. 

I don’t know exactly the infrastructure of that company, but I would boldly guess they don’t have backup tapes which sit in the offsite while they are busy on duplicating data between production site and DR site.

This case strongly proves Cloud is perfect and DR site is not fully backup solution. Backup tapes are critical for restoring data. 


P.S: Geee, I also wonder why the admin of DIT name his servers like

  • Hurricane
  • Drought
  • Blizzard
  • Cyclone
  • …. … so please don’t do that to your servers either……



    One Trackback/Pingback

    1. […] So how many IT administrators are need to shut down the whole company? The answer is 1 (“one”) and in this scenario snapshots, snapshots replication, on-line data replication, DR systems, backups to NFSv3, clones and everything else that is out there – if they are not properly secured by WORM-kind of protection are not backups in traditional sense. Now go and fight with hole storage sales industry! […]

    Leave a Reply

    Fill in your details below or click an icon to log in: Logo

    You are commenting using your account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s

    %d bloggers like this: