Hi Everyone,

My VPS server was recently hacked, using a Joomla exploit. All the sites have now been upgraded and meticulously inspected. I believe all the website content is now safe, clean, and secure.

However, I can only assume the kernel was also exploited, so I am moving to a new VPS to be safe.

I am a bit of a Linux newbie, but I really enjoy learning some of this stuff. So as such, I am trying my best to do the transfer on my own.

So I have DA set up on the clean box, and am wondering if a admin backup/restore would be "Safe"? I don't want to restore anything that will just re-spread the exploit.

Would a safer individual route might be doing individual site backups/restore?

Any suggestions are much appreciated!

Duncan

System Backup would probably not be safe if it had an automatic restore function; since it doesn't, it's as safe as your restore :).

Admin level Reseller Backup is fairly safe except that it will copy over any hacks in place at the user level.

So if the site is hacked, it'll stay hacked.

Jeff

However, I can only assume the kernel was also exploited

If it was then it was not just a Joomla exploit.

floyd, right - I believe it was initially a Joomla exploit, but then that was leveraged for another attack. I have pretty good reason to believe one then lead to the other.