Data recovery for Linux disks

Nicholas Leippe nick at
Fri Feb 18 11:55:03 MST 2005

On Friday 18 February 2005 11:40 am, Doran Barton wrote:
> Not long ago, Nicholas Leippe proclaimed...
> > The million dollar question is: How much is this data worth to you?
> >
> > (and do you have backups? ;)
> Here's the bigger story, just for background. A server colocated at
> XMission was compromised (brute-force ssh root account breakin) and set up
> as a Paypal phishing site. The owner of the box called me and asked me to
> "fix things." He told me he had 10-12 websites and mail server on the box.
> I backed up the website data and the /etc directory and reinstalled Linux
> on the box. What I found out later was that he had a MySQL database running
> on the box and I had mkfs'd over the top of that data.
> Did he have backups? No. He had RAID5 and figured that was good enough. He
> wants me to bear the complete cost of recovery since it was clearly my
> oversight that resulted in the data loss. While I admit some oversight on
> my part, I would think if your livlihood depends on a MySQL database, you'd
> be making at least weekly backups.

This situation sounds extremely glum.  So it wasn't just an mkfs over the 
partition--you also installed and wrote all over it.  I'm highly doubtful 
that there is anything you could do at this point to recover the data.

However, you may be able to discuss with him the fact that the integrity of 
the data in the database would be highly suspect anyways, considering that 
the box was fully compromised.  Would he really trust the data after someone 
with those types of intentions had full reign over it?  And that, before you 
had any participation at all.  Can he prove that the data wasn't already 
deleted/destroyed/modified by the cracker?

It may be time to review your contract with him and consult a lawyer.  
Hopefully, your contract covers your butt.


Nicholas Leippe
Sales Team Automation, LLC
1335 West 1650 North, Suite C
Springville, UT  84663 +1 801.853.4090

More information about the PLUG mailing list