Note: You are currently viewing documentation for Moodle 2.5. Up-to-date documentation for the latest stable version of Moodle may be available here: Hacked site recovery.

Hacked site recovery

From MoodleDocs
Revision as of 10:36, 19 February 2009 by Helen Foster (talk | contribs) (initial steps, damage assessment, recovery, prevention, see also)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


Initial steps

  • Contact your hosting provider, if you have one.
  • Organise to take your site off-line temporarily until you know you've fixed everything.
  • Backup data, database and data files.

Damage assessment

  • Look for any modified or uploaded files on your web server.
  • Check your server logs for any suspicious activity, such as failed login attempts, command history (especially as root), unknown user accounts, etc.

Recovery

Prevention

Always keep your site up-to-date and use the latest stable version.

It is very safe to go from 1.9.3 to 1.9.4+, for example, at any time. CVS is an easy way to do this.

See also

Using Moodle forum discussions: