Your box is down, compromised, or won't boot. We get it back online, evict whatever got in, and hand you a server that's harder to break next time.
Search “server disaster recovery” and you get a wall of glossary pages explaining RTO and RPO. None of them restore your server. This page is the other thing: a fixed-scope job where we log into your Linux box, figure out what happened, and get it serving again.
We work on VPS and dedicated servers where you have root — Ubuntu, Debian, AlmaLinux, Rocky, CentOS. Most calls fall into three buckets: it got compromised, a change broke it, or the disk or database is corrupt. The recovery path is different for each, so the first hour is always diagnosis before we touch anything.
Crypto-miner pegging the CPU, a webshell in a writable directory, an SSH key you didn't add, outbound spam getting you blacklisted. We isolate the box, find the entry point, remove the persistence, rotate every credential, and only then bring it back. A restored-but-still-rooted server is worse than a dead one.
A kernel update that won't boot, a botched panel migration, an Apache or nginx config that takes every site to 500, a full disk that froze MySQL. These are faster: we boot to rescue, read the logs, and roll back or fix the one thing that broke.
InnoDB won't start, a RAID member dropped, a filesystem went read-only. We pull what's readable first, rebuild from the last good snapshot, and replay what we can. We're honest early about what's recoverable and what isn't.
Most of the damage we clean up was avoidable, and it usually traces back to no working backup. So every job ends with one configured, whether or not you keep us around.
Everything below is in scope on a standard recovery. We do the diagnosis first and quote the rebuild before any irreversible step.
You get the server back, plus a written account of what was wrong and what we changed, so you or your next admin aren't guessing.
Web, database, and mail back up, sites loading, confirmed from outside your network.
What got in or what broke, how, when, and what we did about it. Plain English, no filler.
A handover of new keys and passwords, with the old ones killed.
Firewall, SSH, and fail2ban config documented so you can see exactly what changed.
A configured, tested backup job and a one-page restore runbook.
Recovery starts within hours of access. Simple breakage is same-day; a full compromise rebuild is one to three days depending on how deep it went.
You give us provider and SSH access. We get in, take a forensic snapshot before changing anything, and read the logs to establish the cause.
Hour 1 — cause identifiedWe isolate the box if it's compromised, then send a fixed quote for the rebuild before we do anything irreversible.
Same dayWe remove the compromise or fix the breakage, restore services from the cleanest source, patch, and bring sites back online.
Day 1-3Firewall, SSH, fail2ban, a working backup, and the incident write-up. We confirm everything from outside, then hand back the keys.
On completionDiagnosis is a flat $390 and includes the triage, the cause, and a written quote for the rebuild. If you green-light the rebuild, the $390 rolls into it. Simple breakage often ends at the diagnosis tier. A full compromise rebuild is quoted on what the triage finds — we won’t price a rebuild blind.
If it’s leaking data, sending spam, or mining crypto as you read this, the first move is containment, not a quote. Reach out and we’ll isolate it first, then sort out scope.
This is the root-access version of restoration. If your site lives on shared or managed hosting where you don’t have root, the path is different — see our hosting account recovery instead. It sits under our broader website and server restoration work, and pairs with mail server setup with SPF, DKIM, and DMARC when a compromise got your server blacklisted for spam. If the rebuild involves moving to or from a control panel, our Plesk vs cPanel comparison covers that call.
We'll triage the same day. Send context, screenshots, error messages — whatever you have. No sales calls, no chatbots.