Restoring infected website from backup

bountysite

bountysite

Well-known member
Registered
Joined
Oct 11, 2017
Messages
109
Points
28
What process do you have in place to clean up your site, when infected?
You/provider would restore your site from backup. Say backup retention of 14days(which is more like an industry standard)

How do you know which day backup to restore site to?
How do you find that the current site version is clean?

What do you do after restoring site from backup?
 
Dr. McKay

Dr. McKay

Well-known member
Registered
Joined
Nov 26, 2016
Messages
565
Points
28
bountysite said:
What process do you have in place to clean up your site, when infected?
Click to expand...
Download it to my PC and using a virus scanner to scan :)
bountysite said:
You/provider would restore your site from backup. Say backup retention of 14days(which is more like an industry standard)
Click to expand...
Schedule backup weekly automatically with your hosting control panel, if is has a feature for that.
bountysite said:
How do you know which day backup to restore site to?
Click to expand...
See information of a file, the day that it was created.
bountysite said:
How do you find that the current site version is clean?
Click to expand...
Is there a tool/way to check that?
bountysite said:
What do you do after restoring site from backup?
Click to expand...
Check database if it contains Base64 codes or some strange tables.
 
bountysite

bountysite

Well-known member
Registered
Joined
Oct 11, 2017
Messages
109
Points
28
Virus scanners are not best for web hosting related malwares.

Looking at malware file timestamp, site owner can find out which day backup to go back to. Ok
But how do you find the malware file?(which has not been detected by any of the existing av)

a) What if the malware has modified existing php file?

Lot of hard work:
- backing up site locally
- running AV
- finding malicious file
- reverting back site from backup
b) how long does restoring site take?

Usually, when you restore a site from backup, you expect a revision which is not infected.
You still have to investigate how the malware got in, at the first place, and how to defend in future.



Lets hear out more answers.
 
Chris Worner

Chris Worner

Well-known member
Registered
Joined
Apr 15, 2016
Messages
612
Points
28
bountysite

bountysite

Well-known member
Registered
Joined
Oct 11, 2017
Messages
109
Points
28
bountysite
It takes 1 - 2 days to restore a site!
That's a good one! lol

Lets say this takes hours to do a site restore.

Have you heard of the concept of differential file restores?
Where only the modified files are replaced in a restore.
Now, you can imagine the speed of restoring infected site is only a matter of replacing infected files.
 
HostYourNet-DR

HostYourNet-DR

Well-known member
Registered
Joined
Jan 13, 2017
Messages
139
Points
18
I would scan a backup of the website if that good and clean do a full delete of the exsisting site and then restore.
As a rule of thumb all hosts should have atleast anti-virus and malware scanner done on a daily basis to which i do.
 
AlbaHost

AlbaHost

Well-known member
Moderator
Hosting Provider
Joined
Jan 18, 2017
Messages
809
Points
43
From my experience for infected files best linux scanner was
AI-Bolit

Install it on your system and it will find infected files and code injection in php files aswell. By default whm cpanel has clamav which it was not usefull since one of our customer was infected and clamav found only one file infected while AI-Bolit found 33 of them. You can get in from here: https://revisium.com/aibo/ windows linux and online scan, note this will not delete infected files only detect it which you will need manually to remove code/file etc.

Cheers.
 
bountysite

bountysite

Well-known member
Registered
Joined
Oct 11, 2017
Messages
109
Points
28
Right! you cannot rely on clamav. Infact, you cant rely on any anti virus tool completely.

If you had a way to track file changes on a day to day basis, it would be easier to detect and revert. You can do the analysis on your own without relying on any tool.
 
bountysite

bountysite

Well-known member
Registered
Joined
Oct 11, 2017
Messages
109
Points
28
Do you know that clamav(without Google safebrowsing) takes close to 1GB memory, while scanning?
I read several vendors disabling x anti virus, due to slow hosting server performances.

With hosting being competitive day by day, your hosting resources is more premium. Certain part of security has to be offloaded.
What do you have to say about running AV scans on files on website backup?
 
You must log in or register to reply here.
Older Threads
T
what gpu server run Android emulator?
Replies
1
Views
2,321
Dr. McKay
skbenterprise
[Netherlands] Amsterdam SSD VPS - KVM - IPv6 - Control Panel - Instant delivery
Replies
2
Views
2,135
skbenterprise
Chris Worner
How to post Woocommerce products to Facebook fan page automatically?
Replies
4
Views
2,655
Chris Worner
Patrick_Kane
FASTPANEL or cPanel?
2
Replies
20
Views
17,004
Bryan McClure
ITivan80
Dual Silver 4110 Server - The Silver Lining Deal from Colocation America
Replies
0
Views
1,478
ITivan80
Newer Threads
Dr. McKay
Does Google consider domain extension as a keyword?
Replies
2
Views
1,755
PiyushJain
Malcolmjr96
CodeForum.ORG - Review my website, and tell me what you think!
2 3
Replies
44
Views
12,295
Malcolmjr96
zainhosting
Looking for a Payment Partner with Business Paypal to Accept Payments Internationally
Replies
2
Views
2,149
zainhosting
FerdieQO
How to find out why my computer freezes?
Replies
7
Views
2,610
tuxandrew
D
How to do WordPress blog Integration on Magento
Replies
3
Views
1,668
Saurabh
Latest Threads
M
Need suggestions about dedicated servers
Replies
0
Views
117
marylouis
Jinendra Khobare
Hello!
Replies
0
Views
65
Jinendra Khobare
B
HELLO ALL MEMBER
Replies
0
Views
57
BestWarez
J
Jtti Black Friday Special: Hong Kong VPS Cloud Servers Starting at $4.16/Month with Up to 70% Discount
Replies
1
Views
177
marylouis
S
I'm unable to buy domain name from OVH.com
Replies
1
Views
87
BlueLeaf
Recommended Threads
MidnightAngel
Color scheme for my site?
Replies
9
Views
4,669
Erklar
Marc0
What is the easiest web design software?
Replies
6
Views
4,257
FreshFeet
Maxoq
The fastest ways to setup a Wordpress website?
Replies
4
Views
3,101
VirtuBox
Joseph_Hill
How to get Alexa ranking around 40K?
Replies
19
Views
7,671
elcidofaguy
Cheerag Nundlall
What is a domain alias?
Replies
6
Views
2,542
Collabora

Latest postsNew threads

Latest Hosting OffersNew Reviews

Popular Contributors - Past 30 Days

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
  • cpanel
  • dedicated
  • free
  • hello
  • hosting
  • hosting services
  • marketing
  • offers
  • seo
  • server
  • services
  • vps
  • web
  • web hosting
  • website
  • wordpress
    • Top