The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Compromised Server Questions

Discussion in 'Data Protection' started by MikeMrk, Jun 9, 2017.

  1. MikeMrk

    MikeMrk Registered

    Joined:
    Apr 8, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Romania
    cPanel Access Level:
    Root Administrator
    Hello guys,

    So my Centos 7 server running at Ramnode.com was hacked. I believe they used bruteforce. Later I will have access to all the system's files.

    Here is what happened:
    I tried to log into cPanel but it wasn't working. WHM username the same (it was using the root username). SSH wasn't working. I tried the emergency ssh feature from SolusVM but that also didn't worked.

    I will have access to all the files. I won't be able to restore from that particular configuration since it was compromised, but I should be able to restore the cPanel configuration.

    Question: Having access only to the system files, how do I restore the WHM / cPanel configuration (mail servers, dns and other stuff). How can I make sure I changed everything so that hackers won't have access to my server again?

    I know. Those are multiple questions with multiple answers, but I hope you can give me a guideline about what should I do.


    All the best,
    Mihai
     
  2. MikeMrk

    MikeMrk Registered

    Joined:
    Apr 8, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Romania
    cPanel Access Level:
    Root Administrator
    Ok so I have all my files but only as linux system files. I don't have any cpmove files or something similar. Can I just upload the directories in /home into my fresh server install ?
     
  3. cPanelChrisI

    cPanelChrisI Technical Analyst II
    Staff Member

    Joined:
    Mar 24, 2014
    Messages:
    67
    Likes Received:
    11
    Trophy Points:
    83
    cPanel Access Level:
    Root Administrator
    Hello!

    You can move the site's files over to the accounts on the new server, but moving those will not create the accounts if you are not restoring from a cPanel backup. Simply moving over cPanel files also won't recreate those and you will likely just run into issues if you try to move those manually. The best thing for you to do will likely be to reset the root password on the old server so that you are able to log in to the WHM, then use the transfer tool to move them over to the new server.

    Transfer Tool - Version 64 Documentation - cPanel Documentation

    If you can't do that and only have the site's files, you will first need to set up new accounts in WHM on the new server, then move the files over to the accounts that were created there.

    Thanks!
     
Loading...

Share This Page