Yes, a can of worms... But general direction would be nice...
shane at hathawaymix.org
Thu Jul 16 15:15:23 MDT 2009
Sasha Pachev wrote:
> A) Tell him he's got it all wrong, he needs a sysadmin to run his
> system. Since he does not have a backup and who knows what his
> application does now after being hacked, he needs to re-install the OS
> on his dedicated server that is 1000 miles a way, and the application
> needs to be re-written from scratch to be sure.
> B) Find the offending code, remove it. Investigate the break-in, close
> the holes. Instruct him on how to make a backup and encourage him to
> do it regularly. Spend the rest of the time permitted by the client's
> budget securing the most vulnerable parts of the system.
The right answer is a more than B. This sysadmin should also put the
customer's application and configuration under version control and tell
the customer that a complete reinstall is still necessary sometime in
the next year or two. That will give the customer time to consider
alternate hosting setups that are easier to manage than dedicated servers.
> A real-life analogy to illustrate what I am talking about. Hwy 6 is
> dangerous, many people have lost their lives driving on it. When you
> go to Moab from Provo do you take I-15/I-70 route instead to avoid Hwy
> 6 just to be sure?
Our government spends a little extra money on highway 6 to make it
safer. So should the customer whose site was hacked.
More information about the PLUG