WEBSITE DEFACED THEN SAVED BY VEEAM KASTEN!!!


Userlevel 7
Badge +3

This is a small-scale amateur emulation of a hacker’s website defacing followed by a Kasten restore.

I have created a small static website with Nginx deployed in Kubernetes.

 

The Geoff Burke Propaganda website is designed to boast a positive image of the individual, hard working and healthy living 😊 and to inspire Management to make the right decision at salary review time.

A group of malicious hackers gained access to the website and replaced the content with completely false information and quite obviously fake photos. However, Kasten was backing up the Website so in no time at all and before company management had a chance to view, truth and integrity were restored.

Here is my website:

 

Malicious hackers however replaced the page and photos with this vicious slander:

 

Luckily, I chose Kasten to backup my website so I was able to quickly restore from backup:

 

My Policy backups every hour and exports to an Offsite S3 as well allowing me to abide by the 3-2-1 rule of backup.

 

 

I will pick the latest backup since the hack took place just now:

 

If I have any doubts about the local snapshot I can always grab the restore from the exported backup which resides on offsite S3 compatible Minio:

 

One thing that I love about Kasten is that it displays the CLI command for what you are doing in the UI, a priceless feature for those scripters among us:

 

Kasten will ask me to confirm if I really want to do this:

 

In the background let’s see what is taking place… Kasten is doing its magic:

 

 

And that is it… we are back to normal… now time to study for the CKS security exam and prevent any future hacks!!

 

 


10 comments

Userlevel 5
Badge

That is awesome @Geoff Burke great write up

Userlevel 7
Badge +3

Yes very cool write-up.

Userlevel 7
Badge +3

By the way that is Carlos the Cat who almost made me flunk my VMCE exam by trying to open the door whilethe exam was going on. As I understand it if the door opens during an online exam it does not matter who opens it, person, cat, dog, ghost.. you fail automatically!!! :)

Userlevel 7
Badge +3

By the way that is Carlos the Cat who almost made me flunk my VMCE exam by trying to open the door whilethe exam was going on. As I understand it if the door opens during an online exam it does not matter who opens it, person, cat, dog, ghost.. you fail automatically!!! :)

:joy:

Userlevel 7
Badge +1

THIS IS SO AWESOME. Thanks for this Geoff.

Userlevel 7
Badge +3

Well, you were lucky to have Kasten in place… :grin:  Great story @Geoff Burke 

Userlevel 7
Badge +4

These malicious actors are spreading false information via their amazing photoshop skillz?! Totally fake pics!

 

Great write up, very entertaining

Userlevel 7
Badge +1

Saved by Kasten! :)

Userlevel 7
Badge +1

Amazing Story and write up 

Userlevel 7
Badge +3

By the way the hack was nothing too special 🙂. I just copied a new index.html into the container on to it’s persistent storage overwriting the original index.html file. Now if someone got access to your console they could do a lot worse than that, but for example sake it was enough.

 

kubeclt cp index.html nginx/geoffwebsite:/usr/share/nginx/html 

kubeclt cp sleeping.png nginx/geoffwebsite:/usr/share/nginx/html
 

 

So the above command copies an index.html file (the defaced website page) and the image (sleeping.png), into the running nginx container, in my case this was on persistent storage which is located at /usr/share/nginx/html

 

By default nginx will display the index.html file.

 

 

 

 

Comment