Our site was hacked, delete the Moodle files, Fortunately we still have the database.
Hi to all my co beloved educators, our moodle site was hacked yesterday and the hacker manage to delete all the files under our home folder, fortunately we still have the database.
My Questions are:
1. Is there a possibility that I can recover all the data from my old eLearning moodle site? If yes, on what percentage?
2. How can I recover my eLearning site? Where should I start?
I am very frustrated about what happen yesterday, I almost decided to gave up using moodle as our first Online Classroom Management, I dont know where to start, the quiz grade, attendance are all there and the only thing left is our database. I hope none of you should experience the scenarios that happened on our eLearning site.
Thank you guys, I am very frustrated right now, honestly speaking. I hope that you can manage to help me with this problem.
Sincerely yours,
Confulity
Re: Our site was hacked, delete the Moodle files, Fortunately we still have the database.
Rule number one for all web sites and hosts is that they should take regular backups. All those hosts that I have seen take them and keep for a while - so you could contact your host and ask if they have created site backups somewhere. If they find proper backups they should be able to restore (almost) all data.
If there are no backups and you have only database left you may be able to restore the site itself but will probably loose attachments and files saved to moodledata sub folders (images, resource documents etc)... Did you ever take course backups?
Re: Our site was hacked, delete the Moodle files, Fortunately we still have the database.
It's too bad this happened to you. And actually it happened to us too. It was not due to Moodle, but because one of our administrtors had a common username and a common password. The hacker used a program to guess login information and was able to enter in less than a day of trying.
The first thing to do is report the details of your Moodle setup and how it happened. It will help us determine why this happened. Later we can see if this should be reported to Moodle Security. Moodle Security is very vigilant in stopping hackers and an up-to-date Moodle as a whole is virtually un-hackable. But it requires constant bugfixing and hackers are always finding new ways to break in. So Petr Skoda and the security team are always busy.
Generally, the reasons for a hacked site are related to:
- username/password guessing
- old version of Moodle
- old version of PHP, MySQL or Apache
So be sure to report all of this version information. Then we can help you. If someone can check your server logs, they can tell if the breakin was due to password guessing or another tactic.
With sympathy,
Don
Re: Our site was hacked, delete the Moodle files, Fortunately we still have the database.
Thanks to Don Hinkelman too, I believe that we are using updated version of moodle before 1.3, I think the hacker manage to hack our site by bruteforcing our password. Thats our mistake, we forgot to change our password regularly.
I felt better today because there are some people that understand my situation, thanks to all of you guys.
@problem
Can I resolve the problem by just installing a new moodle site and using the old recovered database instead of its new database? If this is possible how can I do that? Where should I start?
Thank you very much guys and more power!
Yours sincerely,
Confulity
Re: Our site was hacked, delete the Moodle files, Fortunately we still have the database.
Does anyone have any advice about how to put a 1.3 database into a 1.6 system? That is beyond my knowledge. A step-by-step instruction would be useful for Confulity.
Re: Our site was hacked, delete the Moodle files, Fortunately we still have the database.
The old versions are still available:
http://download.moodle.org/stable13/
http://download.moodle.org/stable14/
http://download.moodle.org/stable15/
http://download.moodle.org/stable16/
Step-by-step instructions might get long, http://docs.moodle.org/en/Upgrade is a good start and some old posts from these forums should explain the first steps from moodle 1.3 to 1.6
If I had a similar situation I might try to get moodle 1.3 up first and then upgrade step by step or take course backups to upper versions of moodle. But it will definitely take some time to do all that...
Re: Our site was hacked, delete the Moodle files, Fortunately we still have the database.
Re: Our site was hacked, delete the Moodle files, Fortunately we still have the database.
Yes, it is possible to use the old database with a new Moodle. Just create a config.php file containing the correct parameters for the database. The usual method is to make a copy of config-dist.php and rename it config.php, then edit that. Fill in the appropriate values for wwwroot, dirroot, dataroot, dbtype, etc. When you access your site, because config.php exists the install script (install.php) will be bypassed, and because the database is populated the script that creates the tables (admin/index.php) will be bypassed. Just make sure all the files are in the same place (directory pathnames) as they were before; otherwise, you might have to run admin/replace.php to change references in the database.
RLE
Re: Our site was hacked, delete the Moodle files, Fortunately we still have the database.
As others state, restoring your site using only old database will work with one caveat: any activities and resources referring to user and course files will produce an error when users try to open files which are not there.
Re: Our site was hacked, delete the Moodle files, Fortunately we still have the database.
by the way, my previous moodle version is 1.9.2 then now I am using moodle 1.9.3.
Many thanks people, I appreciate your replies..
Re: Our site was hacked, delete the Moodle files, Fortunately we still have the database.
- To answer your question in a previous post, yes, it is way better that you have 1.9.x than 1.3.
- Yes, what you propose doing is possible (you can always name your Moodle database anything you want, just be sure to edit config.php accordingly), but I wouldn't recommend it. Please search this forum for posts of mine containing Fantastico. I'm getting tired of repeating myself. Bad news, big time.