You've been hacked - Ten Important Steps to take for Recovery - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

You've been hacked - Ten Important Steps to take for Recovery

Below are ideas that might help on "what to do" if your web servers are compromised:

1. Isolate immediately to prevent further damage (unplug servers from Internet)
2. Identify the intruder (based on Firewall logs)
3. Preserve any evidence (swap out hard drives or take a good backup)
4. Report to authorities (usually starting with local police or FBI)
5. Identify vulnerability (why did this happen)
6. Assess potential damage (e.g., accounts, altered web pages, data compromised, perform a thorough AV scan, etc.)
7. Always Rebuild the system from scratch
8. Change all passwords and thoroughly assess file shares and security permissions
9. Return systems back to operation
10. Closely monitor the returned web environment (as crackers or hackerss may try to return - but usually don't once discovered)

Posted: Oct 20 2006, 03:30 PM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.