For years the practice had been to backup the website using the Full Backup functionality from within CPanel. It has worked valently until recently. Recent backup attempts would proceed as usual and upon completion send out an email alerting the administrator that the backup had succesfully completed. However, the backup did not successfully complete. The backup was far from complete. As a matter of fact, the email even contains a series of error messages at the bottom of the message.
/bin/gtar: /home/backup-10.22.2010_14-15-45_backup/homedir.tar: Cannot open: No such file or directory
/bin/gtar: Error is not recoverable: exiting now.
The quick answer: The culprit was a WordPress plugin called Exploit Scanner. Read on…
Working with the hosting company to resolve, it was suggested that the web site was too large, that it exceeded the limitations of 2 GB imposed by CPanel. To remedy this, a quick clean up of the log files removed 100s of megabytes to ensure that the website was under 2 GB. Again, a backup failed.
The hosting company then suggested that there were too many small files to backup. That didn’t make sense since their were fewer files than the last successful backup.
After the hosting company manually backed up the website, a file restore to the local server was succesful. Then the attempt was made to import the databases. Failed each time, to a point where the MySQL server would not respond. A cleanup of the internet cache and restart of the MySQL server was necessary to continue.
The culprit was in a WordPress Options tables. A successful restore of all but the Options tables was completed. Now to determine the point of failure for an Options tables restore. Success. The point of failure was in the form of megabytes of database entries created by a WordPress plugin called Exploit Scanner. So, the Exploit Scanner plugin was disasbled.
Using another plugin Clean Options identified the unusued Options entries. However, became unresponsive when the attempt was made to remove those entries. Well, since the entries are identified, using phpMyAdmin and a simple query to search for those entries, the appropriate entries were selected and manually deleted.
These entries were manually deleted. Although all of them are part of the Exploit Scanner plugin, the real culprit was the exploit_scanner_wp-content.
exploit_scanner_wp-includes
exploit_scanner_file_count
exploit_scanner_wp-admin
exploit_scanner_wp-content
exploit_scanner_other
The entire database will now restore without issue. The website will now backup through the CPanel Full Backup screen.