[OSButler]

I once had an incident with a server which triggered notification alerts about a failing httpd service. While I was looking into the issue, the mail service suddenly stopped working, then the database service went down - it was like a slow cascading failure, affecting all services on the server one after the other. I finally noticed the 'rm' command in the process list and asked the client if he ran any custom commands as root on the machine. Turns out he followed the instructions on a website to install some custom software without checking any of the commands and just copied & pasted them into the prompt. He basically managed to "rm -rf" on / and deleted his own server.

Luckily recent backups were available, so the damage was rather small, but it was interesting to see someone just pasting & executing commands without knowing what they actually do, especially when logged in as root.