There’s a problem that I’m currently investigating: after a coworker left, one night some files that he created, basicly all his work on a completed project that the boss hasn’t payed him for, got deleted. From what I know all access credentials have been changed.
Is it possible to do this by setting up a file to do the deletion task and then delete the file in question? Or something similar that would change the code after the task has been done? Is this untraceable? (i’m thinking he could have cleverly disguised the request as a normal request, and i have skimmed through the code base and through the raw access logs and found nothing).
It’s impossible to tell whether this is what actually happened or not, but setting up a mechanism that deletes files is trivial.
This works for me:
it would be a piece of cake to set up a script that, if given a certain GET variable for example, would delete itself and a number of other files.
Except for the server access logs, I’m not aware of a way to trace this – however, depending on your OS and file system, an undelete utility may be able to recover the files.
It has already been said in the comments how to prevent this – using centralized source control, and backups. (And of course paying your developers – although this kind of stuff can happen to anyone.)