Recovery after hacking

The place to talk about things that are related to CMS Made simple, but don't fit anywhere else.
Post Reply
burlington
Power Poster
Power Poster
Posts: 444
Joined: Wed Dec 27, 2006 5:15 pm

Recovery after hacking

Post by burlington »

There is a site that I worked voluntarily on back in 2014. It has now been severely hacked, so much so that it no longer works at all and has been taken down by the host.

I have .sql backups taken pre-hacking. Now, my question is this. Assuming that the backup are fine, do I start again from a 'clean' server with the latest version of CMSMS loaded and import the backups. Does this backup not only contain the content data but also the program & the templates, styles etc?

Any help would be appreciated. Thanks. Martin
hasanen
Forum Members
Forum Members
Posts: 38
Joined: Tue Feb 15, 2011 8:44 am
Location: Helsinki, Finland

Re: Recovery after hacking

Post by hasanen »

burlington wrote:Now, my question is this. Assuming that the backup are fine, do I start again from a 'clean' server with the latest version of CMSMS loaded and import the backups. Does this backup not only contain the content data but also the program & the templates, styles etc?
I suggest you install the same version than the backups are from. Then upgrade system step by step in to the newest.

Depending the version of hacked cmsms, the data structure of the database may have been changed.
User avatar
Jo Morg
Dev Team Member
Dev Team Member
Posts: 1802
Joined: Mon Jan 29, 2007 4:47 pm

Re: Recovery after hacking

Post by Jo Morg »

burlington wrote:I have .sql backups taken pre-hacking. (...) Does this backup not only contain the content data but also the program & the templates, styles etc?
sql backups are just a snapshot of the database state at the time it was taken. Depending on how it was exported, it should have the full content, templates, stylesheets, and state of CMSMS installation as saved in the database at the time. It won't have any files from the CMSMS core installation, 3rd party modules and plugins, nor any external files that may have been used by CMSMS at that point. For that you'd need to have a file backup of the whole installation in addition to the sql file.
You could inquire the host about any full backups that might have been taken automatically, assuming you or they have auto backups setup properly.
"There are 10 types of people in this world, those who understand binary... and those who don't."
* by the way: English is NOT my native language (sorry for any mistakes...).
Code of Conduit | CMSMS Docs | Help Support CMSMS
My developer Page on the Forge | Yet another blog about CMSMS
GeekMoot 2015 in Ghent, Belgium: I was there!
GeekMoot 2016 in Leicester, UK: I was there!
burlington
Power Poster
Power Poster
Posts: 444
Joined: Wed Dec 27, 2006 5:15 pm

Re: Recovery after hacking

Post by burlington »

Thank you.
I have now managed to get in to the server via FTP and all the files seem to be there but................
Some folders/files show dates this calendar year, even today, and frankly I have no idea if these are likely to be legitimate. There has been no activity on the site since last year, apart from visitors who now can't get in anyway. Many of the files that have changed are dated today and many of these are the .htaccess files in the various folders.
The rest of the files seem to be from the date of installation and should be OK.
My inclination is to strip them all out and start again using the .sql backup I have. The only backups the host has are showing the hacking.
I would of course have to do a clean install of the core files of the CMSMS version that was used around the date of the backup.
Any further advice would be really helpful.
Thank you
Martin
burlington
Power Poster
Power Poster
Posts: 444
Joined: Wed Dec 27, 2006 5:15 pm

Re: Recovery after hacking

Post by burlington »

Please also see my posting http://forum.cmsmadesimple.org/viewtopi ... 28&t=74314

Thanks you.
Post Reply

Return to “The Lounge”