Back up your system. Now. Automate your backup process.
That is all.
How do you handle that? I mean, your server has to be able to write to the backup server - so the attacker can also.
It would need to be some sort of append only filesystem, and who does that?
I use ssh to copy the tar to a different server - remotely distant. Which I thought was enough, for fires in the datacenter, or going out of business without notice. But who protects backups from an attacker? With ssh they can attack the remote machine easily and remove the files.
Maybe I should add a cron on the remote machines to chown the files away (and hope that server also isn't vulnerable).
With tarsnap you can create a write-only key file (that is, a key file which only has the authentication and encryption keys for creating archives); if you do this, you can run unattended backups from a server and someone who breaks into the server won't be able to read or delete your backups. (Tarsnap doesn't have any concept of modifying existing archives, so being able to create an archive doesn't allow you to overwrite existing data.)
"Unfortunately, we backed up the servers between our
two servers."
Besides, all it takes is burning the backups to DVD once every blue moon to prevent massive data loss.
They had some backups yes, but there is great room for improvement here.
There are many good solutions mentioned to this problem, whether it be backing up to physical media once a month, or using tarsnap. I feel though that this could have been easily prevented by running a dedicated backup server, instead of one that was probably vulnerable in the same way as the main server was. In my experiences, vandals usually aren't the most brilliant bunch and usually won't go deeper into your others servers unless it's related to the original exploit, or possibly easier. Of course this could have been more than vandalism, maybe a personal vendetta or something.
If I don't wear a seatbelt and am thrown from the car in a crash, that is my fault. The crash itself and injuries I would have sustained anyway might be someone else's fault, but anything resulting from the difference between wearing a seatbelt and not wearing a seatbelt is my fault. I'm negligent from the instant I put myself in a position where I could conceivably have a crash without having put a seatbelt in place.
its main focus was on Microsoft's Flight Simulator. So this was a game review site, I had initially thought it was a place where you physically go (the false cockpit kind of training place).
Lesson: "Some have asked whether or not we had back ups. Yes, we dutifully backed up our servers every day. Unfortunately, we backed up the servers between our two servers. "The hacker took out both servers, destroying our ability to use one or the other back up to remedy the situation."