Posted by axel on 08/08/06 17:58

In uk.net.web.authoring David <youcantoo@findmoore.net> wrote:

> It is well too late to think about changing your passwords after
> "someone" has gotten into your system. Who knows by the time you found
> out they were there, what they had changed or have done. The only way to
> make sure that they do not further damage is to wipe out and reinstall
> your stuff. But than again a reinstall isn't a 100% deal as if one was
> making a backup regularly they might have backed up infected files and
> at that point would be just copying them back.

> as most have
>> backups (don't we) of our online sites ;).

> The odds are no.......

Rather than relying on back-ups of a site, a far better policy is to
maintain a development version of the site on your own machines and
refresh the production site from the development site as and when
required.

Of course if the site makes changes in a database, then the database
will need to be backed up separately.

Axel

[Back to original message]