wiki:restore-from-chavez-2010-june

How do I restore files on chavez?

On June 1, around 9:00 pm American/New_york time, a member hosted on chavez had their web site compromised (for more information, please see our original service advisory and follow up service advisory.

Most members were not affected. However, some members had directories that were changed to be writable by any user on the system. The attacker took advantage of this vulnerability and deleted all files in these directories.

We've recovered from backup all affected files, however, we have not placed them in their original locations. All members must take responsibility for this task.

Steps to recover

  1. Find out if your site was affected:
    • Login via sftp or ssh using the user name and password you typically use to add/edit files to your web site.
    • You should see a directory named after your web site (e.g. mayfirst.org). Enter this directory.
    • If your site was affected, you will see a directory called restore.2010.06.01. If you don't see a directory with that name: congrats! You can stop here.
  2. Understanding the names of the folders:
    • If you do see restore.2010.06.01, then examine the contents of the directory. You should see one directory for every directory on your site that was world-writable.
    • The directory names correspond to their paths. So, for example, if the files directory inside your web directory was compromised, you might see a recovered directory called:
      home.members.mayfirst.sites.mayfirst.org.web.files
      

The first part: home.members.mayfirst.org/sites/mayfirst.org represents the "absolute" path to your web directory.

  • Download the compromised directory to your desktop (if the contents of the directory are exceptionally large (like more than 100 MB) please open a ticket to request assistance.
  • Browse to the location of the original directory and compare the contents withe restored directory. You will need to make your own desicion on whether to restore everything, or only some of the files.

If you have any trouble or additional question, please open a ticket to ask.

And remember: never leave a directory world-writable!

Last modified 9 years ago Last modified on Jun 3, 2010, 5:08:57 PM