Restoring infected website from backup

bountysite

Well-known member
Registered
Joined
Oct 11, 2017
Messages
109
Points
28
What process do you have in place to clean up your site, when infected?
You/provider would restore your site from backup. Say backup retention of 14days(which is more like an industry standard)

How do you know which day backup to restore site to?
How do you find that the current site version is clean?

What do you do after restoring site from backup?
 

Dr. McKay

Well-known member
Registered
Joined
Nov 26, 2016
Messages
565
Points
28
What process do you have in place to clean up your site, when infected?
Download it to my PC and using a virus scanner to scan :)
You/provider would restore your site from backup. Say backup retention of 14days(which is more like an industry standard)
Schedule backup weekly automatically with your hosting control panel, if is has a feature for that.
How do you know which day backup to restore site to?
See information of a file, the day that it was created.
How do you find that the current site version is clean?
Is there a tool/way to check that?
What do you do after restoring site from backup?
Check database if it contains Base64 codes or some strange tables.
 

bountysite

Well-known member
Registered
Joined
Oct 11, 2017
Messages
109
Points
28
Virus scanners are not best for web hosting related malwares.

Looking at malware file timestamp, site owner can find out which day backup to go back to. Ok
But how do you find the malware file?(which has not been detected by any of the existing av)

a) What if the malware has modified existing php file?

Lot of hard work:
- backing up site locally
- running AV
- finding malicious file
- reverting back site from backup
b) how long does restoring site take?

Usually, when you restore a site from backup, you expect a revision which is not infected.
You still have to investigate how the malware got in, at the first place, and how to defend in future.



Lets hear out more answers.
 

Chris Worner

Well-known member
Registered
Joined
Apr 15, 2016
Messages
612
Points
28

bountysite

Well-known member
Registered
Joined
Oct 11, 2017
Messages
109
Points
28
bountysite
It takes 1 - 2 days to restore a site!
That's a good one! lol

Lets say this takes hours to do a site restore.

Have you heard of the concept of differential file restores?
Where only the modified files are replaced in a restore.
Now, you can imagine the speed of restoring infected site is only a matter of replacing infected files.
 

HostYourNet-DR

Well-known member
Registered
Joined
Jan 13, 2017
Messages
139
Points
18
I would scan a backup of the website if that good and clean do a full delete of the exsisting site and then restore.
As a rule of thumb all hosts should have atleast anti-virus and malware scanner done on a daily basis to which i do.
 

AlbaHost

Well-known member
Moderator
Hosting Provider
Joined
Jan 18, 2017
Messages
775
Points
43
From my experience for infected files best linux scanner was
AI-Bolit

Install it on your system and it will find infected files and code injection in php files aswell. By default whm cpanel has clamav which it was not usefull since one of our customer was infected and clamav found only one file infected while AI-Bolit found 33 of them. You can get in from here: https://revisium.com/aibo/ windows linux and online scan, note this will not delete infected files only detect it which you will need manually to remove code/file etc.

Cheers.
 

bountysite

Well-known member
Registered
Joined
Oct 11, 2017
Messages
109
Points
28
Right! you cannot rely on clamav. Infact, you cant rely on any anti virus tool completely.

If you had a way to track file changes on a day to day basis, it would be easier to detect and revert. You can do the analysis on your own without relying on any tool.
 

bountysite

Well-known member
Registered
Joined
Oct 11, 2017
Messages
109
Points
28
Do you know that clamav(without Google safebrowsing) takes close to 1GB memory, while scanning?
I read several vendors disabling x anti virus, due to slow hosting server performances.

With hosting being competitive day by day, your hosting resources is more premium. Certain part of security has to be offloaded.
What do you have to say about running AV scans on files on website backup?
 

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top