Pages: [1] 
|
 |
|
 Author
|
Topic: Restoring Backups (Read 1367 times)
|
|
AlphaWolf
|
If you have discovered your site has been hacked AND it is reported to us BEFORE the next day's backups are done, we can restore your site for you. If you do NOT report it prior to the following backup, (which backs up corrupted files), the only way we can assist you is from tape backups. These backups are extremely time intensive for us to restore due to their incremental nature. Because of the rash of sites that have been hacked in the past two weeks, we are unable to restore tape backups for anyone at this time.
If you regularly do your CPanel backups, we will be happy to restore those for you. Simply put in a ticket with the link to the backup and we will restore it within 24 hours.
Since in 99% of cases, your databases for your applications have NOT been hacked, we recommend taking the following steps if you do not have a current cpanel backup.
1. Use Cpanel to backup your database. (note the name of the database)
2. If you installed your application using Fantastico, attempt to use fantastico to UN-install it. If this does not work, use your FTP program to delete all files and directories that have been affected. DO NOT DELETE public_html itself!
3. Using fantastico, or manually, install the application again. use the same admin user name and password as well as the same file path.
4. Restore your MySQL database backup using CPanel.
this has worked in MOST of the cases where deleting .htaccess files and malignant .php programs has not solved the problem.
If you have been hacked - IMMEDIATELY change all your passwords. We have found signs that this hack also harvests passwords.
peace
Wolf
|
|
|
|
|
Logged
|
|
|
|
|
jariggs
|
AlphaWolf - I have two non-funtioning sites which did not use Mambo, Joomla or Xoops... I did use Fantastico on both sites to install SohoAdmin.... Both sites now report "Could not select database because: No Database Selected" One site appeared to have some odd site reference on line 43 in sohoadmin/includes/db_connect.php; the other did not. This probable result of hack? Should I follow "Restoring Backups" instructions? Sites are www.computreneur.com and www.unitedcause.orgThanks, Jeff R  |
|
|
|
|
Logged
|
|
|
|
|
AlphaWolf
|
Yeah, I would first make COMPLETELY sure every file in the directories that contained mambo/joomla are wiped out.
Some of the sites that were infected seem to have had the virus injected at least two weeks prior to the actual activation of the hack! This has made some restoring of systems almost impossible.
The moral of the story is to keep old backups as well.
peace
Wolf
|
|
|
|
|
Logged
|
|
|
|
|
Pages: [1] 
|
|
|
 |
AlphaOne Technology Support Forums
