Restoring infected website using backup

Site owners backup sites using various techniques, either provided by hosting providers or through external backup vendors.

During cleaning up of infected site, how does site owner decide which day backup to restore to?
How is the site cleanup done?

1 Reply


One command you can run on the Linode is find /etc -type f -printf '%TY-%Tm-%Td %TT %p\n' | sort -r | less. This will show you the most recent changed files on the Linode and can help you locate when the compromise started. That should, I believe, be useful in choosing a good backup to restore from.

For a cleaner approach you can also run find . -type f -mtime -30 -exec ls -l {} \; > last30days.txt to find the files changed within the last 30 days.

If you are looking to recover from a compromise I also recommend taking a look at this Community Site Question to get you pointed in the right direction.

I hope this helps!


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct