What is your plan for when you get hacked?

Discussion in 'Security and Legal' started by Abomination, Jun 4, 2009.

  1. Abomination

    Abomination Zealot

    Joined:
    Jun 1, 2009
    Messages:
    1,514
    Likes Received:
    102
    Assuming that anything is possible, pretend your site got hacked and the database and all back up copies are considered suspect, in addition to the other files on that hosting account.



    What would you do?
     
  2. Tom

    Tom Regular Member

    Joined:
    May 27, 2009
    Messages:
    153
    Likes Received:
    18
    Location:
    New York
    I'd cry. :lol:

    Seriously, though, I don't like to think negatively, though, I have an emergency plan for everything.

    In this case, I'd go to my "secret" place where I have ALL of my database back-ups.
     
  3. Abomination

    Abomination Zealot

    Joined:
    Jun 1, 2009
    Messages:
    1,514
    Likes Received:
    102
    Or if the hosting provider hit the delete key on all files, or they had a fire and lost all backups.
     
  4. Abomination

    Abomination Zealot

    Joined:
    Jun 1, 2009
    Messages:
    1,514
    Likes Received:
    102
    How often are those backups made? Are they made automatically?
     
  5. Tom

    Tom Regular Member

    Joined:
    May 27, 2009
    Messages:
    153
    Likes Received:
    18
    Location:
    New York
    I make one every other day. :)
     
  6. Chris

    Chris Regular Member

    Joined:
    Dec 27, 2007
    Messages:
    5,422
    Likes Received:
    86
    I generate three to four full backups on a daily basis - can never be too careful.
     
  7. Soliloquy

    Soliloquy Regular Member

    Joined:
    Jun 3, 2009
    Messages:
    2,402
    Likes Received:
    66
    Location:
    New York City
    Nuke it from orbit, upload and install the latest version of the software, and import your backup. (You did save a backup, didn't you?)
     
  8. kev

    kev Regular Member

    Joined:
    Mar 9, 2009
    Messages:
    1,224
    Likes Received:
    61
    Because I'am on a dedicated server, I would need to contact the hosting provider, let them know what happened and ask them to do a security audit on the server.

    Depending on how things go, the server might get wiped clean and either restored from backup or do a fresh install of the operating system.

    From there - was the server wiped clean and restored from backup - yes or no.

    No - just one account was compromised - delete that account and create a new account.

    Upload database to new account, install vbulletin - I'am backup and running with only the post and threads, all images and downloads are lost.

    I guess I need to backup my entire forum directory so I can keep all of the images, downloads and other "stuff".

    Once a dedicated server is compromised, its wise to wipe the whole system clean and retore from backup. You never know what "bugs" the hacker left behind. Look into the "honey pot" project and how they deal with servers that have been hacked.
     
  9. Lynne

    Lynne Regular Member

    Joined:
    May 26, 2009
    Messages:
    333
    Likes Received:
    32
    Location:
    Home Sweet Home!
    I'd probably have my server guy come in and wipe the servers and reinstall the OS before reinstalling vB. I keep backups on a remote site, so I'd have to then get them moved back in order to put the site back up. I might actually take the opportunity to do some hardware upgrades I've been thinking about first.
     
  10. Vekseid

    Vekseid Regular Member

    Joined:
    Jun 2, 2009
    Messages:
    393
    Likes Received:
    13
    All of my forums make daily backups on weekly rotation, which get downloaded to my personal machine daily. Although I have not actually purchased another server to properly implement it yet, I have set up a scheme where files first get encrypted before being sent to backup, and from there the backup process has access to -only- those encrypted files. None of this WHT nonsense where I get attacked through my backups...

    But yes, I have plenty of backups, and am familiar enough with SMF's database structure to know what to strip. I'd be devastated on a personal level, but that's a different matter.

    Since I'm on dedicated, if a meteor struck the data center, well, my members would certainly understand, and we'd move : /
     
  11. Abomination

    Abomination Zealot

    Joined:
    Jun 1, 2009
    Messages:
    1,514
    Likes Received:
    102
    I am considering FTPing the backups to another hosting account via a CRON job which is why I started this thread.

    Good idea? Overkill? Bad idea?
     
  12. Vekseid

    Vekseid Regular Member

    Joined:
    Jun 2, 2009
    Messages:
    393
    Likes Received:
    13
    That is essentially what I do, except I use SCP instead of FTP : ) I don't permit ftp access to my server - scp only.
     
  13. Boss

    Boss Resident Silly Man

    Joined:
    May 23, 2009
    Messages:
    941
    Likes Received:
    23
    Location:
    California
    First Name:
    Alex
    I get direct service from a datacenter that insures my information. I think it's a 150K payout or something like that. I'm sure that employee will be sleeping with the fishes too.
     
  14. Soliloquy

    Soliloquy Regular Member

    Joined:
    Jun 3, 2009
    Messages:
    2,402
    Likes Received:
    66
    Location:
    New York City
    Wow, I'd call that motivation to keep your data safe. Of course, if you ran a big enough business, even $150K might not be enough to cover your data loss.
     
  15. Abomination

    Abomination Zealot

    Joined:
    Jun 1, 2009
    Messages:
    1,514
    Likes Received:
    102
    Or what if someone you banned made up a story and went to your hosting provider and they shut down the site while they were investigating the situation.




    Thanks. I'm trying to figure out how to set something like that up for a cron job. I'm quite confused at the moment, sftp, ncftp, mput. etc. I'll keep working on it.
     
  16. Wayne Luke

    Wayne Luke Regular Member

    Joined:
    Apr 2, 2009
    Messages:
    992
    Likes Received:
    276
    You should keep two backups of everything. One of those should be offsite in a secure area.

    At my house, there is a closet under the stairs. That is my secure location. It is where the safe, alarm system control panel and home server are located. Under the drywall is 1/2 inch plywood from floor to ceiling. The door itself is a solid core firedoor with a deadbolt that has 3 inch screws. The safe is fire rated to 3500 degree fahrenheit.

    I can back up my databases to re-writable DVDs and store them in the fire safe but the chances of losing the datacenter and the home server are pretty astronomical since the house is in California and my server is in Texas. If something happens to take them both out at the same time, I think I'll have other issues to deal with.
     
  17. Soliloquy

    Soliloquy Regular Member

    Joined:
    Jun 3, 2009
    Messages:
    2,402
    Likes Received:
    66
    Location:
    New York City
    I do have some backups on DVD, but I certainly don't have a set-up like yours Wayne Luke.
     
  18. Abomination

    Abomination Zealot

    Joined:
    Jun 1, 2009
    Messages:
    1,514
    Likes Received:
    102
    Thanks for replying! I was hoping for your input.

    Understood about the 2 different secure locations, and it certainly sounds like you have a great system. What do you think about having one of those locations be a completely separate hosting account and sending back ups over to that account periodically via a cron job?

    I would also make back ups at home, but I'm trying to set things up so things are done automatically because I might not be able to download backups on a regular basis.
     
  19. Wayne Luke

    Wayne Luke Regular Member

    Joined:
    Apr 2, 2009
    Messages:
    992
    Likes Received:
    276
    I wouldn't use a hosting account. Too expensive for the benefit. I would get an account at one of the cloud computing services like Amazon S3. It would probably be cheaper in the long run and since you don't need all the other bonuses of a hosting plan, why pay for them? You might even be able to use a service like Mozy.

    Any offsite location is good though.
     
  20. Abomination

    Abomination Zealot

    Joined:
    Jun 1, 2009
    Messages:
    1,514
    Likes Received:
    102
    Thanks Wayne!

    I'll continue to try to figure out how to write a cron job to automate that with a spare account I've got at the moment.

    I may have other uses for another account besides data storage, obviously if it was a live site that could be hacked into also, but probably not 2 accounts at the same time.

    Thanks for the links!
     

Share This Page