The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can a crashed server be restored?

Discussion in 'General Discussion' started by Frankc, Apr 11, 2007.

  1. Frankc

    Frankc Well-Known Member

    Joined:
    Jun 18, 2005
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    16
    A Hacker gained access to the server and since I suspected he is still on server I do a force reboot.

    Big mistake because server went permanently down.

    The hacking was just for a few config.php files (666) and I doubt it that he have anything to do with the crashing of the server.

    Earlier, I deleted the following files that was reported as bad by rkhunter.

    /bin/dmesg
    /bin/kill
    /bin/login
    /bin/more
    /bin/mount
    /sbin/depmod
    /sbin/insmod
    /sbin/modinfo
    /usr/bin/whereis

    x11 forwarding was also disabled in /etc/ssh/sshd_config

    I suspect that above actions caused the server to fail when booting but according http://ukwebsolutionsdirect.co.uk they cannot restore ANY data from the hard drive?

    I am not so sure because it was not hardware failure and one should be able to retrieve the data from the hard drive or what.

    Anyone with advice or in UK that could perhaps do something pls? There is very important data on that drive. (Busy to restore accounts on new server but....):confused:
     
  2. brendanrtg

    brendanrtg Well-Known Member

    Joined:
    Oct 4, 2006
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    16
    If I were you, I would reimage the server.
     
  3. spector

    spector Well-Known Member

    Joined:
    Jun 27, 2005
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Jezus you must be real pro if you delete mount or insmod.
    If you would to restore these two and possibly depmod,modinfo you os would run again.

    And of course no data were deleted on harddrive. Someone just would had to plug drive into wokring os and copy these binaries (mount,insmod)
     
    #3 spector, May 9, 2007
    Last edited: May 9, 2007
  4. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    You caused more damage to your server than the hacker.

    Yes, your host should be able to retrieve your data. They can boot the server in Single or Recovery Mode, and get the data.

    Although you said the problem is not a hardware issue, your host should know/use TestDisk to recover data. It is a powerful free data recovery software at: http://www.cgsecurity.org/wiki/TestDisk

    Good luck :)
     
  5. Frankc

    Frankc Well-Known Member

    Joined:
    Jun 18, 2005
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    16
    UKwebsolutions.com said it's impossible after I tried my best to let them DO something. Simply mounting the drive to other system will let one be able to retrieve the data.

    Anyway. I am a pro yes, professional idiot.

    That I was very tired after 18 hours behind the screen and was at that stage so fedup with the damn hacker that I would do anything without thinking twice to stop him is no excuse.

    Well. cancelled my dedi's at this host and move all domains back to my own local servers.

    (Just for information so that you can appreciate that you have.

    Bandwidth in South Africa is HELL expensive. I pay R3600 for UK server with 300GB bandwidth, in SA the same amount of bandwidth will cost R27 000.
     
Loading...

Share This Page