In most cases, we can unless the attacker has maliciously removed files or data; in that case, we would need a backup. But many attacks, including very disruptive MySQL injection attacks and website defacing hacks, can be restored by a careful administrator who understands what the hacker did and can remove that action from the files and database. Nonetheless, it is always advisable to have a backup in place. If you do not have a monitored backup solution, please consider using our Linux Server Backup.