Disaster Recovery

My Server’s been hacked – What do I do now? Pt 3.

Wednesday, March 14, 2018

Finally. Finishing up after Part 1 and Part 2, this is the end of my updated thoughts on an old Server Fault post with some final thoughts on reducing risks in the future. Reducing the risk in the future. The first thing you need to understand is that security is a process that you have to apply throughout the entire life-cycle of designing, deploying and maintaining an Internet-facing system, not something you can slap a few layers over your code afterwards like cheap paint.

Continue reading →

My Server's been hacked - What do I do now? Pt 2.

Wednesday, March 14, 2018

Following on from Part 1 of my revision of an old Server Fault post, we will continue on to look at remediation after an intrusion. (Part 3 available here) Understand the problem fully: Do NOT put the affected systems back online until this stage is fully complete, unless you want to be the person whose post was the tipping point for me actually deciding to write this article. I'm not going to link to that post so that people can get a cheap laugh, but the real tragedy is when people fail to learn from their mistakes.

Continue reading →