Re: Here's how it went down....
Agreed, I don't play in serious (sensitive) web stuff - silly personal projects mostly. But if I was putting something online for my company, that dealt with sensitive customer information, you see enough of these articles that I would spend 30 minutes writing a Nagios script to verify the web content on the remote server periodically (every 24-hours).
It won't prevent a breach, hopefully the other layers of security would, but if they fail, at least this would highlight there's been a breach within 24 hours (rather than 2 months). it'd highlight what files have been altered and could, if you spent the time, shut down the site automatically while administrators investigate. It'll also mean you're responding to the attack a lot sooner - while logs are fresh, the attackers are still eagerly awaiting their stolen data etc.
Biting the hand that feeds IT
