[clug] Dangers of Backups for servers

steve jenkin sjenkin at canb.auug.org.au
Thu Jul 24 18:33:01 MDT 2014

Last night Paul Wayper was talking about backups, I mentioned a 2011 hack that I couldn't properly remember:
 - 4 servers
 - 4,800 clients, many without copies of their websites.
 - company: Distribute.IT

The RAID storage on the servers continued working, but someone deleted all data.
 [the website was defaced too, it wasn’t “rm -rf /“]

The attacker had been in previously and turned off backups [the link to the discussion] and this somehow become “everything gone”. Did they have no off-line copies? Never seen a good description of why the attack could succeed.
[Anyone seen one?]

Nobody was ever charged, presumably because all evidence (logs) was wiped along with Client Data.


 “Our greatest fears have been confirmed that not only was the production data erased during the attack, but also key backups, snapshots and other information that would allow us to reconstruct these Servers from the remaining data,” the company said in its last blog post.

Steve Jenkin, IT Systems and Design 
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA

mailto:sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin

More information about the linux mailing list