Adrian Bridgett wrote:
> One thing I've not seen people mention:
>
> Expect it to be hacked - or at least _plan_ for it (especially with
> if PHP is involved).
>
> Backups (tested).
> HIDS (I use osiris) - tells you _when_ the box has been hacked.
> Chkrootkit (ditto).
>
This is very true. I always update my main site software but forgot
about an old Moodle install. There was an exploit which meant they
managed to prepend a hex line to all .php files and took down my site. I
backed up the hacked site and restored a week old archive. Once I found
the exploit, I wrote a script to find and remove all the lines so was an
easy fix, then put the original site back.
I backup daily, weekly and monthly as you cannot be sure how long the
hacked site has been compromised (mine was 6 days).
John.
--
--------------------------------------------------------------
Discover Linux - Open Source Solutions to Business and Schools
http://discoverlinux.co.uk
--------------------------------------------------------------
