HELP! data deleted from NAS overnight....

realBabelfish · 10 Jul 2012 at 10:00

Hi guys

i run the IT in a small company.

basically a NAS for data storage (buffalo) and then just a winxp machine for internet sharing and that runs our web apps (apache, mysql and php)

when i got in this morning the backup had stalled (we just backup the NAS to HDDs every night)

then i look on the NAS and the accounts, accounts data and live projects had all had stuff deleted or the folders were totally missing.

luckily the NAS copies files to trashbox folder rather than deleting. so i can copy them back. they had been deleted during the night at around 4am!

the thing is im worried that these are basically the 3 most important folders for us. so to me it looks like we got hacked (or its just very suspicious anyway)

we use MS security essentials as AV and just the windows firewall for firewall duties.

i guess we need to look at a firewall and maybe change the AV?

any suggestions on fw/av or tips as to how i can see who got in last night? i checked the logs and i cant see anything and to be honest im not sure which machine they maybe got in via anyway.

Avathar77 · 10 Jul 2012 at 10:04

more like a backup job problem for me1

realBabelfish · 10 Jul 2012 at 10:24

well.....

further inspecting i look at the failed backup and the folders were created at the same time as the ones were deleted. so, to me it looks like for some reason some of the stuff was copied and some was moved (i.e. deleted from source)

how the hell can that happen?

proper squeaky bum time for a while there!!!!

KIA · 10 Jul 2012 at 11:07

Don't use Buffalo products.

If you ever need to recover data from a NAS, have a look at http://www.runtime.org/nas-recovery.htm

realBabelfish · 10 Jul 2012 at 13:08

yeah. its 5 years old now but has been fine so far (crosses fingers)

seems to have been an issue with windows deciding to copy some stuff and move others! grrrr

welshdragon · 10 Jul 2012 at 16:12

KIA said:
Don't use Buffalo products.

If you ever need to recover data from a NAS, have a look at http://www.runtime.org/nas-recovery.htm

This. The buffalo products I have reviewed so far have been diabolical compared to the likes of Synology/Qnap. You definately get what you pay for and in a data critical environment why gamble your data just to save a few quid in the short term.

How much storage do you need? I would be looking at a Synology NAS for backups and then depending how far you want to go another nas backing up the nas or something.

If budget is an issue the Hp Microserver is a fantastic option to consider

realBabelfish · 10 Jul 2012 at 16:51

welshdragon said:
This. The buffalo products I have reviewed so far have been diabolical compared to the likes of Synology/Qnap. You definately get what you pay for and in a data critical environment why gamble your data just to save a few quid in the short term.

How much storage do you need? I would be looking at a Synology NAS for backups and then depending how far you want to go another nas backing up the nas or something.

If budget is an issue the Hp Microserver is a fantastic option to consider

yeah, maybe it needs updating but in 5 years we havent had an issue. as its a small company i need to drive costs down. usually i just backup the nas and my dev environment to 2 HDDs, i keep one in the car and swap daily.

i still dont know how some files were copied and some were moved. im guessing windows is at fault but i may well just get a better NAS (and this one can come live at home

)