Procedures for Containment
The following general areas should be considered as prime targets for an attack:
- Operating system breach
- Web applications or website breach
- FTP or Telnet breach
- E-mail services breach
Each of these areas is intertwined, and the sources of attack could be very difficult to track down.
As you work through a cleanup and restoration, document your steps. For example, if you update a plug-in on your WordPress site, then document it. If you remove a virus, then document what the virus was, where it was found, and the method used to remove it. This is vital, because you may forget or you may not have removed all portions of the attack. The author has worked on sites where the site owner “helped” by cleaning up the damage, and yet they were immediately attacked again – which was worse the second time. By not noting exactly what was changed, the author was unable to discern the original attack point. That particular hacked site took more than a week to clean up. Had the site owner documented what had been done, it would have been a much shorter time.
Before getting into the procedures for containment in these areas of vulnerability, first take a look at two types of hosting: shared hosting and dedicated hosting. The discussion of dedicated hosting also covers using a virtual private server (VPS) as a dedicated machine.
Shared Hosting Containment
In shared hosting, ...
Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.