If you use Drupal or WordPress and you have a virtual Server with SSH Login you should set up a daily Backup Script to have a Snapshot of your Blogs if Hackers insert SQL Code Injections or hack PHP Sites. Cause you cant NEVER know every EXPLOIT of every used Plugin (here less plugins is more!)
Of course you can daily or hourly RESTORE AUTOMATIC by CRON your Blogs by OVERWRITE bad inserted STUFF!
Howto?
- Article comming soon !! .. sorry have current not enough time..
or read my Wiki for MYSQL and WordPress Help!
- Daily or hourly restored Stuff makes it useless to hack your blog!
- Mount /tmp and /var/tmp ALWAYS with option NOEXEC!!
- disable user access to : find,wget,curl,fetch or other commands with chmod 000 (noexec)
- at php.ini disable upload if not needed cause you use SCP to upload Files/Images
- on Apache2 install mod_security2 to blog SQL Injections, Remark: Not all code is known by the plugin!