Hi,
Has anybody experienced this??
All my home folders are visible but they are empty, I have Ubuntu breezy and Suse each with separate copies, on separate disks, of the home folder both systems reporting the same problem. This seems to have occurred today. Is there a virus out there which can cause this??

Can you verify with non-GUI means, like running du or find or ls from a terminal, the files are "gone"?

ls gives the same results.

Was the box rebooted between deletion and noticing it?
Did you notice anything strange or unusual happening?
Are there any logs (see /etc/syslog.conf for which ones) showing "weird" lines?
What services do you run?
Are they protected by a firewall?


And no, I haven't heard of an "in the wild" "virus" striking GNU/Linux.

I have rebooted since noticing the loss, to boot into Suse from Ubuntu. the only service is nfs and the wifi router has a firewall, Suse firewall is running ubuntu I must say I have not checked if the firewall is running I assumed (stupid of me) that as a user friendly distro the the firewall would be installed automatically.

Please shutdown or remount the partition home is on as read-only. Should have told you that first thing, sorry.

I was thinking along these same lines too.

Is /home a seperate mountpoint, and is just not mounted currently? Were this the case, you'd see /home, but it would probably be an empty directory. Running the "mount" command or checking /etc/mtab would show whether it is mounted or not (provided it's a seperate mountpoint in the first place).

I've rebooted into recovery mode and umount'd the /home partition remounted with -r (ro), no files. All the folders are there but empty.
The partition used for /home is exactly the same story, very strange and only the /home directory on each system.

I've rebooted into recovery mode and umount'd the /home partition remounted with -r (ro), no files. All the folders are there but empty. The partition used for /home is exactly the same story, very strange and only the /home directory on each system.

Recovery from ext3 filesystems is difficult.
If you're lucky you may find parts of files.
For having a go at file recovery on ext3fs here's what you could do:
- the first thing you will need to do is fixate the partition the deleted files are on as soon as possible after noticing it. Pulling the plug immediately will keep the filesystems in a "dirty" state, but that should be preferred over any method that will change data like remounting readonly (or using Sysrq keycombo "ALT+SYSRQ+U"?). * There are applications that keep deleted files open while they're running. If you suspect that, then copying the /proc/PID/fd/n file descriptor to a file could save it. From this point on all filesystem access should be done booting a LiveCD with the partitions mounted read-only.
- Make a "dd" (sdd or dcfldd) backup of the partition to a file on another physical disk.
- Read Q: How can I recover (undelete) deleted files from my ext3 partition? so you don't get your hopes up too high. Search LQ for recovery experiences and practices.
- If the majority of your files is human readable text you can try to recover parts by grepping for strings (or a disk editor like LDE) in your dd backup file and copying blocks out.
- If the majority of your files is in binary formats (or (text) formats Foremost can handle) then first try Foremost.
- If you had no luck looking for strings or headers then you will have to make sure the data is valuable enough to try recovery this way. It will cost you more in time then you will get in results, it has a steep learning curve and there are no guarantees for recovery whatsoever. You will need to get acquainted with Forensic Discovery basics, then download Helix Live CD or any other Live CD (a list here) that contains The Sleuthkit (read the documents).
- If you had no luck with any of the above options then there's companies that offer professional recovery services. After initial assessment a "clean room" recovery starts at aprox. USD 1000.

As always YMMV(VM).

Good luck.

Thanks for all the info and help, so far no luck, I've tried various methods found in forums etc, and downloaded and used lde, it just gives no file system found and error 22.
I'll carry on sifting for a solution as it mystifies me and if it is a malignant it needs to be found.

du shows some folders still have files, these are mainly downloads, and .files or hidden files.