Planning for failure
This post is followed by this article.
Pre Failure
- Start backing up everything
- Most sites provide built-in backup tools (Linode, AWS, Digital Ocean)
- If you work for a business, buy an enterprise solution
- Backups can be expensive, but losing sensitive data and having downtime is more expensive
Keep Calm Failures happen
- Step 1: Block Access
- Shut down your site or start a Read-Only mode (django-db-tools)
- It is all about minimizing damage
- If someone has gained access to your site you need to make sure they do as little damage as possible
- This can be done through taking the site down or enabling a read-only mode so data cannot be changed
- Step 2: Enable Maintenance Page
- Static HTML Pages or Read-Only Pages
- You can’t leave your customers or co-workers in the dark
- Take a moment to put in place a prepared maintenance page
- Step 3: Backup Everything
- This protects current “new” data as well as protecting your security audit trail
- Step 4: Get some help
- Email: security@djangoproject.com
- Django IRC: #django freenode.net
- other forums: https://security.stackexchange.com
- Even if it’s not a Django problem Django’s community will help!
- Step 5: Start Debugging
- Breath, Keep Calm, Stay Positive!
- Start figuring out where the problem started and how
Leave a comment