Portal Home > Knowledgebase > Articles Database > How to restore a hacked Joomla site
How to restore a hacked Joomla site
| Posted by Ansu, 01-20-2013, 03:54 AM |
| Hi,
I am a newbie reseller, and doing small scale reseller business. I am from India, and running a shared hosting reseller account afrom a reputed hosting partner. Now, my problem is that one of my website was hacked on the midst of December 2012. But I came to knew about this hacking only a week ago on January 15, 2013, when I got a mail from my host regarding inode limit exceed on that domain. The site was in a hacked state displaying the hackers messages. It was a Joomla site. I suddenly contacted and informed the hosting provider about this hack. The problem was that there was no clean backup of that website with me.
So I informed the hosting provider that I dont have any backup and requested them to restore the website from an earlier backup. BUT they informed me that they dont have any clean backup with them and that all the backup they have were infected. What they explained me was that they do take daily backup on shared hosting, but the backup was 'overwritten' by the hacked copy. They informed me that the hacking was happened on December and I have informed them on January middle, the backup was overwriten by the hacked content and that they have only the back up of hacked content.
My questions are:
(1). Is there any way to restore my website from the hosting providers end, as I have no backup with me.
(2) The backup policy of the hosting provider, is that really helpful? They said the daily backup points to the same folder, so, if the site was hacked yesterday, the hacked content will be backed up in todays daily backup and that there is no way to restore the site to a previous state.
Please help me with your valuable suggestions and solution to this problem and How to restore the website.
|
| Posted by Dr_Michael, 01-20-2013, 04:29 AM |
| You will have to clean it manually if the database is not affected.
Most hosts keep the daily backup only, as in your case. Some other hosts keep multiple backups such as daily, weekly and monthly. The fact is that you were notified too late, so it was very hard to find a clean backup.
|
| Posted by BestServerSupport, 01-20-2013, 04:59 AM |
| Since the backup of your hosting provider has already been overwritten, you do not have any other way to restore a clean copy. This is the reason why it is advisable to take a backup in local machine even if your hosting provider take backup for you.
Most of the providers take three backup copies daily, weekly and monthly. So it is not reasonable that your provider take daily backup copy only. With three backup copies you will have a chance to get 1 month old contents.
|
| Posted by Dr_Michael, 01-20-2013, 05:02 AM |
| In his case it seems that even a monthly backup was in place, it would also be infected as he was notified almost 1 month later, after the incident had happened.
|
| Posted by BestServerSupport, 01-20-2013, 05:34 AM |
| Yes, it's true, that's why I have given an advise to take local backup copy. You can never play with backup. It's very important. rsync is an excellent way to move the backup to some other location quickly.
|
| Posted by tnhadmin, 01-20-2013, 07:28 AM |
| If the database is infected, there is no other option to restore site if you do not have backup.
|
| Posted by Vinayak_Sharma, 01-20-2013, 08:07 AM |
| Only option you are left with is, to download a copy of your site and its database.
Clean everything manually, reinstall with updated joomla and its plugin.
Remember to change all passwords related to this site.
|
Add to Favourites 
Print this Article
Also Read
