CHAPTER 9

Hack Recovery

When a server or website has been hacked, the impact of the dastardly deed is similar in nature to a criminal breaking and entering into your building. It has a tendency to leave you with an unsettled feeling that your security is bad, and that you are vulnerable to attack.

Although a criminal breaking in to your building is not likely to leave behind a bug to listen in on your private conversations, a hacker might. A hacker has many reasons to break into a computer, and leaving behind something like a Trojan horse or key logger to steal passwords is very common.

Dealing with a hacked machine or website is a time-consuming and potentially frustrating venture. In cases such as a theft of credit card information, a hack can also be very costly. The level of frustration, and the cost associated with the hack, can vary, depending on the type of attack. Consider these examples:

• In the event of a kiddie-scripter, who attacks and places some well-known malicious code on the server, dealing with the attack may simply be a matter of cleaning up the malware and patching the code used to get in.
• The placement of a rootkit package on your server means you have a lot of work ahead of you getting rid of the virus and fixing the damage.
• As time goes forward, your Joomla!, Drupal, Plone, or WordPress site may targeted to become a zombie, a growing cyber threat.
• As this chapter is being written, a new malware called Stuxnet has worked its way into the control systems for ...