Note: You are currently viewing documentation for Moodle 2.5. Up-to-date documentation for the latest stable version of Moodle may be available here: Hacked site recovery.

Hacked site recovery

From MoodleDocs


Initial steps

  • Organise to take your site off-line temporarily until you know you've fixed everything.
  • Find all available older database and file backups
  • Backup php files, database and data files (Do not overwrite older backups.)
  • Contact your hosting provider, if you have one.

Damage assessment

  • Look for any modified or uploaded files on your web server.
  • Check your server logs for any suspicious activity, such as failed login attempts, command history (especially as root), unknown user accounts, etc.

Recovery

Dealing with spam

  • Spam in profiles or forum posts does not mean your site was actually hacked.
  • Use the Spam cleaner tool (Administration > Reports > Spam cleaner) in Moodle 1.8.9 and 1.9.5 regularly to find spam.

Prevention

Always keep your site up-to-date and use the latest stable version.

It is very safe to go from 1.9.3 to 1.9.4+, for example, at any time. CVS is an easy way to do this.

See also

Using Moodle forum discussions: