What to Do When Hacked
If your network is hacked, you must take swift action to assess damage, limit further damage, and preserve evidence, which can potentially be used to press charges against the perpetrators. If your system is compromised, here is what to do:
Immediately remove the system from the network.
Take a disk image of the server immediately after it was hacked.
Check with your software and hardware vendors to determine what vulnerability was exploited and how to prevent it from happening again.
Check log files for evidence.
Change passwords for any affected systems; social engineering attacks (as popularized by the Iloveyou virus) are startlingly common, and effective.
Document what you learned and develop an incident response plan. ...
Get Microsoft® Windows Server 2003: Administrator’s Companion now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
