Following on from my past two posts about risk and security, it’s probably a good idea to identify a few techniques which might help you to recover your systems following an attack.
Remember that most attacks succeed on systems that haven’t been kept up-to-date. You can mitigate a lot of risk just by ensuring you have the most recent version of the software installed on your servers (assuming you’re using software that gets updated regularly).
There are a lot of attacks taking place at the moment on popular open-source applications like WordPress and B2evolution. L&D teams across the world are starting to embrace these types of easy-to-use content management systems. They are extremely simple to install, and also to modify – using plugins, with very little technical expertise required.
But this simplicity makes them vulnerable. Administrators will need to ensure that the modifications they make, as well as the core system, are maintained. If you have an old WordPress installation, that’s no longer used, but is sitting on the same server as your other systems, then that puts everything at risk.
The most usual means to find out that your system has been attacked are:
If Google or your web-host are involved, they should hopefully be able to give you some pointers as to what type of attack you’ve suffered. Two typical ones are:
Both of those situations can be resolved by finding the appropriate bits of code and clearing them out. If a lot of files are involved, then it’s possible to write a “script” that runs through and checks each file in turn. But take care that you don’t cause more damage than the original attacker!
If a hacker has chosen to damage your files or your database, as well as add code to it, then the usual way to recover is to restore from a recent backup – losing everything that has been saved in the meantime.
Once you’ve recovered your system, then you will need to spend some time trying to ensure that the attacker can’t get back in again. This will involve:
Posted: 17 May 2014
Tags: Technology