

Malicious hackers completely destroy flight sim site - bsgamble
http://news.bbc.co.uk/2/hi/technology/8049780.stm

======
mcav
Obligatory reminder:

Back up your system. Now. Automate your backup process.

That is all.

~~~
ars
They did backup - but the hacker (attacker) killed the backup server too.

How do you handle that? I mean, your server has to be able to write to the
backup server - so the attacker can also.

It would need to be some sort of append only filesystem, and who does that?

I use ssh to copy the tar to a different server - remotely distant. Which I
thought was enough, for fires in the datacenter, or going out of business
without notice. But who protects backups from an attacker? With ssh they can
attack the remote machine easily and remove the files.

Maybe I should add a cron on the remote machines to chown the files away (and
hope that server also isn't vulnerable).

~~~
mcav
Pull, rather than push. (For instance, set up a cron script on your home PC to
SSH into your production box and download a backup from time to time (rather
than having your production box push a backup elsewhere).

------
oomkiller
Sounds like they used two servers, and the other was probably a backup server,
maybe even a db slave, designed to run the entire web app in case the other
was down. This probably lead to it being compromised in the same way the main
server was.

There are many good solutions mentioned to this problem, whether it be backing
up to physical media once a month, or using tarsnap. I feel though that this
could have been easily prevented by running a dedicated backup server, instead
of one that was probably vulnerable in the same way as the main server was. In
my experiences, vandals usually aren't the most brilliant bunch and usually
won't go deeper into your others servers unless it's related to the original
exploit, or possibly easier. Of course this could have been more than
vandalism, maybe a personal vendetta or something.

------
0xdefec8
not sure if I'm more annoyed by the dumbass crackers or webmasters...

~~~
ars
How was the webmaster a "dumbass"? They had backups, but the hacker (yes I
know it should be cracker - too bad - that battle is lost), took it out.

~~~
tvon

        "Unfortunately, we backed up the servers between our 
        two servers."
    

It sounds like two servers ran the site and backups were jsut swapped between
the two, that is a hackneyed setup.

Besides, all it takes is burning the backups to DVD once every blue moon to
prevent massive data loss.

------
badger7
The site's absence from the time the content was deleted until the time it
would have taken to restore a backup is the fault of the dirty, stinking
crackers. From that point onwards, it is the fault of the person who decided
on the backup scheme as, evidently, it was insufficient.

If I don't wear a seatbelt and am thrown from the car in a crash, that is my
fault. The crash itself and injuries I would have sustained anyway might be
someone else's fault, but anything resulting from the difference between
wearing a seatbelt and not wearing a seatbelt is my fault. I'm negligent from
the instant I put myself in a position where I could conceivably have a crash
without having put a seatbelt in place.

------
dryicerx
This is very sad news.

 _its main focus was on Microsoft's Flight Simulator._ So this was a game
review site, I had initially thought it was a place where you physically go
(the false cockpit kind of training place).

Lesson: _"Some have asked whether or not we had back ups. Yes, we dutifully
backed up our servers every day. Unfortunately, we backed up the servers
between our two servers. "The hacker took out both servers, destroying our
ability to use one or the other back up to remedy the situation."_

