Migrating from Hacked Vesta CP

My droplet on digitalocean was disconnected from the network after it contributed 156,933 pps to a 156,933 pps Distributed Denial of Service attack! I didn’t know what to check so for each account I have a backup and now I installed a fresh hestiacp on another droplet but I am afraid to just restore those account backups ( mostly WordPress installs ). Is there anything I can do to check for infected or malicious code within my backups before restoring! Thanks in advance!

Clean install of Wordpress:

Install DB

Download again the theme files / plugins

Remove all non image files from uploads

And then pray if everything still works…


oh man, I had DO NUKE my servers, erased them all including backups back when VestaCP had a vuln. It must have been ~6 years ago. I actually had thought at THAT time that Vesta had done one HELL of a job of rewriting their software authentication system in a reasonable amount of time.

I’ll never go near DO again

1 Like

Thanks @eris ! I am proceeding this way for sure! So far 2 users imported as you suggested and everything works!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.