You know it's not a good day wen you log on to you main rig to find your server's public hard drive is empty.

Especially when the night before there were website files and backups for over 70 users.

Last night my website got hacked, the hacker(s) left a signiture for the #io crew.

Does anyone know these people?

All the log files are empty, does anyone know where to start to report this or try and trace him/her?

ta for any help you can give.

search io crew on google is your best bet i guess

Determine the Extent of the Exposure. Determine the machines that have been attacked and list what was on the machines and deleted.

Preserve Evidence. If the machine does not provide critical services, consider removing it from the network. When removing the machine from the network, unplug the network cable, but do not turn off the power to the machine. In order to do a proper forensic analysis, it’s important to preserve the state of the computer’s memory, including what programs were running on the computer, and with what other computers it was talking with. Turning off the power can result in a loss of this data, which can be crucial both in determining the extent of the damage and in tracking down suspects.

Then get in contact with the police and ISP.

(taken from http://www.onlinesecurity.com/Community_Forum/Community_Forum_detail161.php)

If possible try imaging the system with Notron Ghost.

JS