At 10:46 this morning some jerk at 41.249.20.138 ran a script called "aldhacker.php" that had somehow been uploaded to my incoming directory. I'm not sure how it got there, since it's supposed to rename anything with ".php" extension into something harmless, but apparently what this script did was delete everything apache had access to, including all my SVN repositories, my calendar entries, and probably a few other things. I hadn't committed new calendar entries for a while, and I'm not sure if that repository was backed up anyway, so that's pretty much a total loss. Fortunately most other things I had recently migrated to git repositories (which are backed up in at least 4 different places and are not writable by apache) or had backed up to other machines using svn-sync. So the lessons here are:
- Don't give apache write access to anything important.
- Make backups of everything regularly.