Patching after a Security Breach
Chapter 9 discusses in detail the topic of being hacked. This brief discussion of the topic is meant to introduce you to a number of concerns should you need to apply a patch after being hacked. Here you will learn about some often-overlooked issues after a hack.
As mentioned earlier in this chapter, you are less likely to get hacked if you follow a timely patching routine, but it can still happen. There are times when you can do everything absolutely right and get hacked through an undisclosed vulnerability or a zero-day exploit. A zero-day exploit is an attack that seeks out an unpublished vulnerability. Usually, a hacker finds it and uses it for his or her gain to attack on wide scale. Often, the hacker will write an exploit and either sell it or deploy it. Fortunately, not many zero-day exploits and vulnerabilities occur. However, when they happen, they are devastating.
More than likely, you will be faced with patching after you were hacked, because you didn't patch, and thus were hacked. It's plain and simple: Not patching is a poor administrative practice, and it will make you a target.
Issues and Concerns
After you have been hacked, you must check a number of things. The list is long, but some areas of concern might be viruses, Trojan horses, Remote administration Trojan horse applications (RATs), ports open that should be closed, data copied off to unauthorized persons, tampered code, eavesdropping tools, and more.
Of course, the first step ...
Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.