Hacked site recovery: Difference between revisions
From MoodleDocs
Line 25: | Line 25: | ||
==Prevention== | ==Prevention== | ||
''Always keep your site up-to-date and use the [http://download.moodle.org/ latest stable version].'' | * ''Always keep your site up-to-date and use the [http://download.moodle.org/ latest stable version].'' It is very safe to go from 1.9.3 to 1.9.4+, for example, at any time. [[CVS for Administrators|CVS]] is an easy way to do this. | ||
* Run the [[Security overview]] report (''Administration > Reports > Security overview'') in Moodle 1.8.9 and 1.9.4 onwards. | |||
It is very safe to go from 1.9.3 to 1.9.4+, for example, at any time. [[CVS for Administrators|CVS]] is an easy way to do this. | |||
==See also== | ==See also== |
Revision as of 13:27, 19 February 2009
Initial steps
- Organise to take your site off-line temporarily until you know you've fixed everything.
- Find all available older database and file backups
- Backup php files, database and data files (Do not overwrite older backups.)
- Contact your hosting provider, if you have one.
Damage assessment
- Look for any modified or uploaded files on your web server.
- Check your server logs for any suspicious activity, such as failed login attempts, command history (especially as root), unknown user accounts, etc.
Recovery
- Find out when exactly was the site hacked.
- Restore last backup right before the incident.
- Download the latest stable version and upgrade your site.
- Change your passwords.
Dealing with spam
- Spam in profiles or forum posts does not mean your site was actually hacked.
- Use the Spam cleaner tool (Administration > Reports > Spam cleaner) in Moodle 1.8.9 and 1.9.5 regularly to find spam.
Prevention
- Always keep your site up-to-date and use the latest stable version. It is very safe to go from 1.9.3 to 1.9.4+, for example, at any time. CVS is an easy way to do this.
- Run the Security overview report (Administration > Reports > Security overview) in Moodle 1.8.9 and 1.9.4 onwards.
See also
Using Moodle forum discussions: