Total cost of ownership - hacking, cleaning and protecting at scale

Peeter is chief poltergeist officer at Zone.ee, Estonian largest hosting provider. He likes to analyze log files, scan websites for interesting malware samples, play hunt-and-seek with hackers and fix problems related to application and database performance.

For Drupalcamp he'll unleash his bots on Estonian, Latvian and Lithuanian internets and map the usage trends of Drupal and other detectable CMSes. But his bots are not the only ones out there - log analysis shows, that of the web traffic sites hosted on Zone.ee see ca 25% comes from different search engines (mostly generating excessive load) and at least 5% of requests have malicious intents, targeting vulnerable applications or bad habits of developers.

Peeter uses SpectX to dig through his log stash and find clues about attacks targeting Drupal. From looking for vulnerable sites we'll move to look into compromised sites - what are the tools and techniques used at hosting provider scale for incident analysis and cleanup, and what are the tactics we see from attackers side?

Oh, and what about GDPR? In the last part, we'll take a short look at running web application firewalls, together with simple but fancy (false-)positive alerting.

Audience: People who are interested about server and Drupal security