Hacked site recovery: Difference between revisions
From MoodleDocs
| Line 26: | Line 26: | ||
* ''Always keep your site up-to-date and use the [http://download.moodle.org/ latest stable version].'' It is very safe to go from 1.9.3 to 1.9.4+, for example, at any time. [[CVS for Administrators|CVS]] is an easy way to do this. | * ''Always keep your site up-to-date and use the [http://download.moodle.org/ latest stable version].'' It is very safe to go from 1.9.3 to 1.9.4+, for example, at any time. [[CVS for Administrators|CVS]] is an easy way to do this. | ||
* | * Regularly run the [[Security overview]] report (''Administration > Reports > Security overview'') (Moodle 1.8.9 and 1.9.4 onwards). | ||
==See also== | ==See also== | ||
Revision as of 13:28, 19 February 2009
Initial steps
- Organise to take your site off-line temporarily until you know you've fixed everything.
- Find all available older database and file backups
- Backup php files, database and data files (Do not overwrite older backups.)
- Contact your hosting provider, if you have one.
Damage assessment
- Look for any modified or uploaded files on your web server.
- Check your server logs for any suspicious activity, such as failed login attempts, command history (especially as root), unknown user accounts, etc.
Recovery
- Find out when exactly was the site hacked.
- Restore last backup right before the incident.
- Download the latest stable version and upgrade your site.
- Change your passwords.
Dealing with spam
- Spam in profiles or forum posts does not mean your site was actually hacked.
- Use the Spam cleaner tool (Administration > Reports > Spam cleaner) in Moodle 1.8.9 and 1.9.5 regularly to find spam.
Prevention
- Always keep your site up-to-date and use the latest stable version. It is very safe to go from 1.9.3 to 1.9.4+, for example, at any time. CVS is an easy way to do this.
- Regularly run the Security overview report (Administration > Reports > Security overview) (Moodle 1.8.9 and 1.9.4 onwards).
See also
Using Moodle forum discussions:
