Billions of blistering barnacles! One of our ships has been boarded.
Follow these steps to quarantine, cleanse, and restore your project before the kraken strikes again!
Quick Checklist
- Quarantine files and database.
- Backup everything (files + DB).
- Scan for suspicious files and keywords.
- Reset all credentials (DB, admin, server).
- Restore from Git or a clean backup.
- Reapply client modifications/uploads.
- Scan, verify, and test thoroughly.
Step 1: Quarantine & Backup
# Archive the project
tar -zcf hacked-project.tar.gz /home/project/web/staging/
# Move project to quarantine (safe harbor)
mkdir -p /home/_quarantine/project
mv /home/project/* /home/_quarantine/project/
# Backup database
mysqldump --add-drop-table -u "<DB_USER>" -p"<DB_PASSWORD>" projectdb \
> /home/_quarantine/project/hacked-project.sql
Step 2: Cleanse the Wounded Ship
Restore any client-uploaded files or DB entries (if we don’t have a clean backup).
Scan for suspicious code:
clamscan -ri --log=last-scan.txt /home/_quarantine/project/web/staging
Search for sketchy keywords:
# If ack isn’t installed: apt-get install ack-grep
ack suspiciouskeyword
Reset all passwords:
mysql -u root -p -e \
"ALTER USER '<DB_USER>'@'localhost' IDENTIFIED BY '<NEW_PASSWORD>'; FLUSH PRIVILEGES;"
Update all software (WordPress, plugins, Composer deps, system packages).
Step 3: Restore & Reboard the Ship
# Clean Git working tree
git clean -n # Preview
git clean -f # Execute if safe
git reset --hard && git pull
# Clear caches
rm -rf storage/framework/cache/* tmp/*
# Reinstall dependencies
composer install
# Move project back to production
mv /home/_quarantine/project/* /home/project
chown -R www-data:www-data /home/project
Step 4: Final Checks
Scan again:
clamscan -ri --log=last-scan.txt /home/project/web/staging
ack suspiciouskeyword
Test all functionality.
Check logs for suspicious requests.
Celebrate with a liter of rum. 🥃
Top comments (0)