Restoring infected website from backup

bountysite

Corporate Member
Corporate Member
Joined
Oct 11, 2017
Messages
91
Best answers
1
Ratings
44
Points
18
#1
What process do you have in place to clean up your site, when infected?
You/provider would restore your site from backup. Say backup retention of 14days(which is more like an industry standard)

How do you know which day backup to restore site to?
How do you find that the current site version is clean?

What do you do after restoring site from backup?
 

Dr. McKay

Well-known member
Joined
Nov 26, 2016
Messages
440
Best answers
1
Ratings
36
Points
28
#2
What process do you have in place to clean up your site, when infected?
Download it to my PC and using a virus scanner to scan :)
You/provider would restore your site from backup. Say backup retention of 14days(which is more like an industry standard)
Schedule backup weekly automatically with your hosting control panel, if is has a feature for that.
How do you know which day backup to restore site to?
See information of a file, the day that it was created.
How do you find that the current site version is clean?
Is there a tool/way to check that?
What do you do after restoring site from backup?
Check database if it contains Base64 codes or some strange tables.
 

bountysite

Corporate Member
Corporate Member
Joined
Oct 11, 2017
Messages
91
Best answers
1
Ratings
44
Points
18
#3
Virus scanners are not best for web hosting related malwares.

Looking at malware file timestamp, site owner can find out which day backup to go back to. Ok
But how do you find the malware file?(which has not been detected by any of the existing av)

a) What if the malware has modified existing php file?

Lot of hard work:
- backing up site locally
- running AV
- finding malicious file
- reverting back site from backup
b) how long does restoring site take?

Usually, when you restore a site from backup, you expect a revision which is not infected.
You still have to investigate how the malware got in, at the first place, and how to defend in future.



Lets hear out more answers.
 

HostYourNet-DR

Well-known member
Joined
Jan 13, 2017
Messages
139
Best answers
0
Ratings
11
Points
18
#4
I would scan a backup of the website if that good and clean do a full delete of the exsisting site and then restore.
As a rule of thumb all hosts should have atleast anti-virus and malware scanner done on a daily basis to which i do.
 

AlbaHost

Well-known member
Joined
Jan 18, 2017
Messages
396
Best answers
1
Ratings
110 6
Points
43
#5
From my experience for infected files best linux scanner was
AI-Bolit

Install it on your system and it will find infected files and code injection in php files aswell. By default whm cpanel has clamav which it was not usefull since one of our customer was infected and clamav found only one file infected while AI-Bolit found 33 of them. You can get in from here: https://revisium.com/aibo/ windows linux and online scan, note this will not delete infected files only detect it which you will need manually to remove code/file etc.

Cheers.
 

bountysite

Corporate Member
Corporate Member
Joined
Oct 11, 2017
Messages
91
Best answers
1
Ratings
44
Points
18
#6
Right! you cannot rely on clamav. Infact, you cant rely on any anti virus tool completely.

If you had a way to track file changes on a day to day basis, it would be easier to detect and revert. You can do the analysis on your own without relying on any tool.
 

bountysite

Corporate Member
Corporate Member
Joined
Oct 11, 2017
Messages
91
Best answers
1
Ratings
44
Points
18
#10
Do you know that clamav(without Google safebrowsing) takes close to 1GB memory, while scanning?
I read several vendors disabling x anti virus, due to slow hosting server performances.

With hosting being competitive day by day, your hosting resources is more premium. Certain part of security has to be offloaded.
What do you have to say about running AV scans on files on website backup?
 
Latest Threads
Replies
0
Views
5
  • Deleted
  • Deleted by fwh
Replies
0
Views
1
  • Deleted
  • Deleted by fwh
Replies
0
Views
1
  • Deleted
  • Deleted by fwh
Replies
0
Views
1
  • Deleted
  • Deleted by fwh
Replies
0
Views
1

Latest Hosting OffersNew Reviews

Sponsors

Latest Blog ArticlesMost Viewed Threads

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top