Hello from Orain Staff! We wish the situation were better, and we wish we had been able to bring you this statement sooner, but we hope this will begin to answer some of the questions you may have.
As you are almost certainly aware by now, Orain was compromised by (an) unknown individual(s) on 16 September 2015. We don’t know who it is, nor do we have any evidence or strong indications about whom it might have been, and this is not the place for such speculation. We will investigate as best we can, and we may request the help of the appropriate law enforcement authorities in the matter, but until then, the perpetrator is unknown – and, in the end, their identity really is irrelevant.
Orain is, at this time, completely inoperative. It seems that the attacker used a social engineering attack of some kind in combination with a malicious alteration to our DNS MX records (which tell email servers where to send emails) to gain access to our CloudFlare and DigitalOcean accounts, allowing them to gain full access to our domain zone and full root access to all our servers.
The unfortunate reality of this is that all data Orain had should be considered compromised. This includes users’ email addresses and hashed passwords, as well as IP addresses and User-Agent data. We thus advise that anyone who used their Orain password on any other site to change their passwords immediately, even though it is unlikely that the attacker would be able to break the password hashes.
Further, one of our sysadmins, Addshore, was able to access a couple of our servers (though not all of them), and was able to confirm that, unfortunately, the database for All the Tropes Wiki, including all article data, has been deleted. Unfortunately, we can neither confirm nor deny the existence (or nonexistence) of any other Orain data, including the databases for all other wikis and file uploads for all wikis including All the Tropes. Dusti, one of Orain’s founders, is still working with DigitalOcean support to regain access to our old DigitalOcean account, and only if that happens will we be able to see the full scope of the damage.
Assuming the worst, though, we do have complete backups for all wikis that existed on 15 June 2015, and we will be happy to give those to people who request them. We are also examining the possibility of reviving Orain, though we will need more time to come up with a viable plan for this (or to decide against it). It is probably safe to say, though, that if Orain comes back, it will be a fresh start on a new host, with new infrastructure, and (of course) new security practices.
Speaking of security, among the lessons we’ve already learned is that using a self-hosted email server for critical parts of our infrastructure, like CloudFlare and DigitalOcean, is a terrible idea – we believe that the attacker was able to gain access to our DigitalOcean account because of this. Let this be a lesson that those who forget history will be doomed to repeat it.
In closing, we’d like to say that the decision to revive Orain will likely largely depend on the support of you, our users. We understand that this attack has been devastating to all of you; for what it’s worth, it has been very devastating to us as well. If you decide to leave Orain for other pastures, we will assist you in any way we can and we wish you well. But, if you decide to stay, your support will be greatly appreciated, and the more support we have, the easier it will be for us to pick up the pieces and start anew.
Thank you all for your patience and understanding. If you have any questions or comments, please feel free to leave them in the comments section below, and we will get back to you as soon as we can. Once again, we are all truly sorry that this happened. We will keep you informed with further posts to this blog as the situation changes or more information becomes available.
But until then, we wish all of you the best. Thank you for using Orain.
— Orain Staff
(This message edited collaboratively by Orain Staff and other trusted users assisting in the cleanup/planning efforts, and was copied to this blog by staff member FastLizard4.)
Orain Wikifarm Staff Blog 
Oh noes. This kind of stuff also happened on Orain. Sorry about that. Every time I see this type of notices I got sad; and I say “The people who does this kind of stuff are idiots without life. There’s nothing more to do than ruining everyone’s work and stealing it?”. I am really sad about this. I’ve seen Orain has been important to those people that haves a wiki here. And that’s a lot of people. In my opinion, Orain should get online again. Use that backup, it would be something to get back on. And if that happens, it would be nice to have more security for prevent this kind of stuff again. And I’ll hope the bests that guys find the guy(s) do this and do the necessary action. I wish all of yours the best, also. 🙂
–JeDa
LikeLike
Hi guys, despite I have lost important information if all you have is a backup from June, I’ll stick with you. Good luck!
LikeLike
Would be nice, if a new Orain would support own backups for users.
If you have an own homepage, you have have locally all files (*.html, *.php, *.gif, … etc) and you can then upload it to an server and synchronize them every time. The local files you can burn on CD or make otherwise backups.
The only disadvantage is, that it is then the own homepage, no other can make advantages on it.
On the other side, Wikis (like Orain) can be easiliy modified by others with history, rights management and so on. (“Easily” for the users of the wiki. Not the admins).
But on the other side, you can not so easy making usefull buckups of it.
All the pictures/images you have on your local computer, too.
But all other files are written in Wiki. You have to copy every wiki-text of every wiki-side and save it locally in an good named text-file, to have a good backup.
Saving generated html-pages of the wiki, helps not.
So, for wiki security, it would b e very helpfull, to create easily a backup of the own wiki-pages. But I think, that supports no wiki-software.
LikeLike
How about our IndieGoGo rewards? I never got mine and everybody I know is saying the same. What happened to the $2255 raised? Did Dustin Muniz just run off with the money because Orain doesn’t exist anymore?
LikeLike