How to restore all files backups and a mysql separately?

postcd

Well-Known Member
Oct 22, 2010
717
19
68
Hello,

when the WHM server is root compromised/hacked, what is the steps to restore it on a new WHM server?

I have incremental backups, the most recent backup has "backup_incomplete" file in its folder, the number of cpanel account folders seems OK.

I installed new server on CentOS 6. I exported mysql databases on old server and imported on new server (Export and Import all MySQL databases at one time)

Now assuming i should be restoring all incremental fullbackups that i already moved to a new server into folders: /backup/2017-08-28 /backup/2017-08-29

I will also be following securing tips at: Tips to Make Your Server More Secure - cPanel Knowledge Base - cPanel Documentation

Please how do you advise me to restore, how differently you would restore so i have newest mysql backups and files from the last day's fullbackup. I can not use recent cpanel's files as hacker was active modifying them. Well maybe only replaced index.php files and adding two other malicious php files in same directory. I could delete these and replace index.php files from backup, than scan the directories for modified files to find leftovers.

Thank You
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,917
2,248
363
Now assuming i should be restoring all incremental fullbackups that i already moved to a new server into folders: /backup/2017-08-28 /backup/2017-08-29
Hello,

I recommend restoring the accounts on the new server first, before importing the MySQL databases. You can follow the instructions documented at:

Backup Restoration - Version 66 Documentation - cPanel Documentation

Once the accounts are restored, you can then manually import the MySQL databases if they are not included as part of the account backups:

SSH command to copy all databases to a new location

Thank you.