During this year we were contacted by an e-commerce merchant that had been repeatedly compromised by crackers. These individuals were wreaking havok with the merchant's revenue stream.

We quickly did an imaging of the system (for later examination) and then reloaded the system / restored from backup. We then patch up to appropriate levels, installed ssh and hardened the system to outside attacks. We also installed acl's at the router for certain ISP's in certain countries that showed attacks coming from them on a regular basis.

We contacted the ISP's in these countries to delete these accounts, one cooperated one did not (that one was acl'ed at the router). The perpetrators did not return, they went in search of easier targets...