Question
Best way to transfer my website to a new droplet?
- Posted on July 10, 2023
- DigitalOcean AccountsDigitalOcean DropletsSecurity
Asked by spendlove
My main droplet, which I’ve had for about 5 years, has been infected with malware or something. The CPU spikes to 100% for hours at a time, and the hacker has gone in and added SSH keys of his own, adding the comment of mdrfkr to show us that he is in the droplet.
I think the best thing is to move to a new droplet, because DO says that it’s almost impossible to find and remove all malware. But what is the best way to do this? I’ve searched for “transfer” and “move” in this on-line community, but have found no good matching responses.
The website is older and uses PHP 7 along with Ubuntu 18.04.6. It also has BoogieTools installed, which is an email bounce processor. Of course there are a few POP email accounts that need to be moved over, which the hacker also messed with. I’ve never made a backup or snapshot. My existing IP address has a good email sending reputation, so I want to keep this IP if at all possible. Maybe move to a new droplet, wipe the hard drive of the first droplet, and then move everything from the new droplet back to the original one?
The hacker has caused much damage. Me and my 3 other developers can’t get rid of him, no matter what we try, including eliminating username logins, root logins, implementing the DO firewall, the UFW, etc. He is more advanced. The only way is a new droplet, but I must be careful doing this, as I don’t want to break anything.
Thank you so much for your advice!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Get our biweekly newsletter
Sign up for Infrastructure as a Newsletter.
Hollie's Hub for Good
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Become a contributor
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Hey @spendlove,
The first thing you need to do is install and configure all the software you have on your current Droplet like BoogieTools and anything you might be using and then you’ll need to transfer your website.
Having said that, that is something very risky. If your App/Website is infected, moving it to your new Droplet would cause the same issues.
This means you’ll need to either rebuild your App/Website or make sure to remove all your infected files, if any.
The steps would look something like:
Set up a new droplet: Create a new droplet with the same specifications as your current one.
Install necessary software: Install all the necessary software you need on your new droplet, like PHP, your web server (Apache, Nginx), database server (MySQL, PostgreSQL), BoogieTools, etc.
Transfer your files: Using SFTP or rsync, transfer your website files from your old droplet to the new one. Be very careful not to transfer any infected files. Ideally, you should only transfer the files that are necessary for your website to function.
Transfer your databases: Export your databases from the old droplet and import them into the new droplet. Again, be careful not to transfer any infected data.
Reconfigure your applications: Update the configuration files of your applications to match the settings of your new droplet.
Test your new droplet: Once everything has been set up, test your new droplet to make sure everything is working correctly.
Destroy the old droplet: Once everything has been transferred and is working correctly
Keep the new droplet secure: To prevent future infections, make sure your new droplet is secure. Regularly update your software, use strong, unique passwords, disable root login, use SSH keys for authentication, and implement a firewall.
Heya,
In additional to what has already been mentioned. The new droplet will have different IP address which in theory should have good reputation so sending emails should not be an issue.
However I will still encourage you to use a third-party mail provider like Sendgrid to send your emails. Although there are many robust open source solutions such as Dovecot, hosting your own mail is often not the best option for many deployments. Because of the relatively complicated way that DNS records, spam filters, and webmail interfaces are implemented, maintaining your own mail server is becoming less popular, and less widely supported by hosting providers.
You can check the following article here:
https://www.digitalocean.com/community/tutorials/why-you-may-not-want-to-run-your-own-mail-server
Hope that this helps!