Changes between Initial Version and Version 1 of restore-from-chavez-2010-june

Jun 3, 2010, 5:08:17 PM (9 years ago)
Jamie McClelland



  • restore-from-chavez-2010-june

    v1 v1  
     1= How do I restore files on chavez? =
     3On June 1, around 9:00 pm American/New_york time, a member hosted on chavez had their web site compromised (for more information, please see our [ original service advisory] and [ follow up service advisory].
     5Most members were not affected. However, some members had directories that were changed to be writable by any user on the system. The attacker took advantage of this vulnerability and deleted all files in these directories.
     7We've recovered from backup all affected files, however, we have not placed them in their original locations. All members must take responsibility for this task.
     9== Steps to recover ==
     11 1. Find out if your site was affected:
     12  * Login via [wiki:sftp sftp] or [wiki:secure_shell ssh] using the user name and password you typically use to add/edit files to your web site.
     13        * You should see a directory named after your web site (e.g. Enter this directory.
     14        * If your site was affected, you will see a directory called restore.2010.06.01. If you don't see a directory with that name: congrats! You can stop here.
     15 1. Understanding the names of the folders:
     16  * If you do see restore.2010.06.01, then examine the contents of the directory. You should see one directory for every directory on your site that was world-writable.
     17        * The directory names correspond to their paths. So, for example, if the files directory inside your web directory was compromised, you might see a recovered directory called:
     21 The first part: represents the "absolute" path to your web directory.
     22  * Download the compromised directory to your desktop (if the contents of the directory are exceptionally large (like more than 100 MB) please [/newticket open a ticket] to request assistance.
     23        * Browse to the location of the original directory and compare the contents withe restored directory. You will need to make your own desicion on whether to restore everything, or only some of the files.
     25If you have any trouble or additional question, please [/newticket open a ticket] to ask.
     27And remember: ''never'' leave a directory world-writable!