Skip to main content

This is a small-scale amateur emulation of a hacker’s website defacing followed by a Kasten restore.

I have created a small static website with Nginx deployed in Kubernetes.

 

The Geoff Burke Propaganda website is designed to boast a positive image of the individual, hard working and healthy living 😊 and to inspire Management to make the right decision at salary review time.

A group of malicious hackers gained access to the website and replaced the content with completely false information and quite obviously fake photos. However, Kasten was backing up the Website so in no time at all and before company management had a chance to view, truth and integrity were restored.

Here is my website:

 

Malicious hackers however replaced the page and photos with this vicious slander:

 

Luckily, I chose Kasten to backup my website so I was able to quickly restore from backup:

 

My Policy backups every hour and exports to an Offsite S3 as well allowing me to abide by the 3-2-1 rule of backup.

 

 

I will pick the latest backup since the hack took place just now:

 

If I have any doubts about the local snapshot I can always grab the restore from the exported backup which resides on offsite S3 compatible Minio:

 

One thing that I love about Kasten is that it displays the CLI command for what you are doing in the UI, a priceless feature for those scripters among us:

 

Kasten will ask me to confirm if I really want to do this:

 

In the background let’s see what is taking place… Kasten is doing its magic:

 

 

And that is it… we are back to normal… now time to study for the CKS security exam and prevent any future hacks!!

 

 

By the way the hack was nothing too special 🙂. I just copied a new index.html into the container on to it’s persistent storage overwriting the original index.html file. Now if someone got access to your console they could do a lot worse than that, but for example sake it was enough.

 

kubeclt cp index.html nginx/geoffwebsite:/usr/share/nginx/html 

kubeclt cp sleeping.png nginx/geoffwebsite:/usr/share/nginx/html
 

 

So the above command copies an index.html file (the defaced website page) and the image (sleeping.png), into the running nginx container, in my case this was on persistent storage which is located at /usr/share/nginx/html

 

By default nginx will display the index.html file.

 

 

 

 


Amazing Story and write up 


Saved by Kasten! :)


These malicious actors are spreading false information via their amazing photoshop skillz?! Totally fake pics!

 

Great write up, very entertaining


Well, you were lucky to have Kasten in place… :grin:  Great story @Geoff Burke 


THIS IS SO AWESOME. Thanks for this Geoff.


By the way that is Carlos the Cat who almost made me flunk my VMCE exam by trying to open the door whilethe exam was going on. As I understand it if the door opens during an online exam it does not matter who opens it, person, cat, dog, ghost.. you fail automatically!!! :)

:joy:


By the way that is Carlos the Cat who almost made me flunk my VMCE exam by trying to open the door whilethe exam was going on. As I understand it if the door opens during an online exam it does not matter who opens it, person, cat, dog, ghost.. you fail automatically!!! :)


Yes very cool write-up.


That is awesome @Geoff Burke great write up


Comment