Quote:
|
Originally Posted by Big John
Where was the flaw in their security? It's quite possible, even probable, that the other hacked site/server was also running a dodgy script. Without details of how the hack happened you can't attribute blame. It's remains quite possibly your fault.
Even the backup thing you cannot blame the host for as you get what you pay for. A server with decent backup usually costs just a few more bucks and oddly few people want to pay it.
|
However, there is a major caveat which the sense of security backups give you - if you don't know
where the exploit came from, and
when, restoring from backup to a fresh install could leave you wide open again!
lets say it's some cgi script with a dodgy bit of coding - if you restore to a fresh system, that dodgy cgi script isstill there, leaving you wide open to another hacked session.
Also, lets say the hack occurred 2 weeks ago, but the hacked system was only exploited yesterday - there are lots of hackers that lie dormant for a good feww weeks/months, so that when you restore from your backup a week ago, you are effectively restoring the backdoor.....
It is absolutely essential that you know
how the system was exploited, so that it won't happen again....