The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

got hacked evrything deleted

Discussion in 'Security' started by ericosman, Aug 23, 2011.

  1. ericosman

    ericosman Member

    Joined:
    Aug 23, 2011
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    hello,

    Today my server ( Cpanel & WHM ) got hacked.
    They terminated every account.
    Is there a way to get back in time?
    Becourse we did not made a backup ( i know its stuppid )

    We got :

    Operating System : CentOS 5.5 - 32bit
    Node : Aurora - OVH

    WHM 11.30.2 (build 1)
    CENTOS 5.6 i686 virtuozzo on srv


    Is there something i can do ?

    Help needed !

    thanks, Eric Osman
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello ericosman,

    Unfortunately, you cannot restore those accounts if backups were not made. Do you happen to have a hosting provider who might be making off server backups in some way or images?

    If not, the only choice will be to ask each customer for any possible backups they might have made to reupload to the machine. If you have a list of customers by email address, you should be able to contact them.

    Good luck!
     
  3. ericosman

    ericosman Member

    Joined:
    Aug 23, 2011
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    so i cant go back in time ? :mad:
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You cannot go back in time if your server administrator isn't taking images of the machine periodically to make a restore. You would want to be speaking with your datacenter, NOC or provider about this issue to see if they've done anything to backup any of your system somewhere else. We have no idea what might be available from your provider. They are your resource at this important time.
     
  5. ericosman

    ericosman Member

    Joined:
    Aug 23, 2011
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    hello,

    I contacted them and the do not make back-ups from accounts
    ( what stange is i can get in whm.mydomain.com ) ( a subdomain i made a while ago )
    and my domain is not in whm vissable but when i go to my site :

    i got :

    If you feel you have reached this page in error, please contact the web site owner:
    webmaster@seed4u.org

    It may be possible to restore access to this site by following these instructions for clearing your dns cache.

    If you are the web site owner, it is possible you have reached this page because:

    The IP address has changed.
    There has been a server misconfiguration.
    The site may have been moved to a different server.

    If you are the owner of this website and were not expecting to see this page, please contact your hosting provider.
     
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    whm.mydomain.com is a proxy for mydomain.com/whm normally. It is possible that they didn't remove the DNS entries or the Apache entries and only defaced the sites.
     
  7. ericosman

    ericosman Member

    Joined:
    Aug 23, 2011
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    hello,

    the hackers are from : h4dz.biz

    they changed the nameservers to :
    ns1.h4dz.biz
    ns2.h4dz.biz

    i m looking how to get something back ( i only need the databace's )
     
  8. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    If they deleted it, you cannot get it back without a backup.

    Have you checked /var/lib/mysql to see if the contents exist for databases?
    Have you checked /var/named to see if the DNS zone files still exist? Have you checked if /etc/named.conf exists with the domains listed?
    Have you checked /var/cpanel/users/ to check if the cPanel user files still exist?

    If the data does exist for any of those locations, then you can restore what exists. If it does not exist and a backup did not get made, then restoring what does not exist is not possible.
     
  9. ericosman

    ericosman Member

    Joined:
    Aug 23, 2011
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    hello,

    i can rollback the next things :

    NZIkQ.png
    [​IMG]
     
  10. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Those are configuration files to rollback if they exist and were not deleted. They are not cPanel account backups.
     
Loading...

Share This Page