Ask HN: How do/would you deal with your website being hacked?
I'm not super technical and it's not something I'll ever have to deal with but I'm curious; when a website is compromised how do you find out what they did and what data they took? Presumably the attacker will try and hide their tracks so I'm interested to know how you get a full understanding of what they did.
Additionally, is this something you prepare for, as part of a disaster recovery plan so to speak and what is your plan of action should an attack be carried out?
4 comments
[ 1.5 ms ] story [ 21.6 ms ] threadIf your site was only defaced, you need to patch or reconfigure your web stack so it doesn't happen again. And restore your content from known good backups.
If the OS was compromised, you must format and reinstall everything. This is because 'root kits' may be undetectable once they are installed by attackers.
Depending on the risk to other systems, if the OS is not open source I always format and reinstall.
If not, how do you know if backdoors were installed, if the databases were modified, if local (known or unknown) exploits were used to gain root or if private ssh keys were stolen or used to gain access to other servers?