Hello,
when the WHM server is root compromised/hacked, what is the steps to restore it on a new WHM server?
I have incremental backups, the most recent backup has "backup_incomplete" file in its folder, the number of cpanel account folders seems OK.
I installed new server on CentOS 6. I exported mysql databases on old server and imported on new server (Export and Import all MySQL databases at one time)
Now assuming i should be restoring all incremental fullbackups that i already moved to a new server into folders: /backup/2017-08-28 /backup/2017-08-29
I will also be following securing tips at: Tips to Make Your Server More Secure - cPanel Knowledge Base - cPanel Documentation
Please how do you advise me to restore, how differently you would restore so i have newest mysql backups and files from the last day's fullbackup. I can not use recent cpanel's files as hacker was active modifying them. Well maybe only replaced index.php files and adding two other malicious php files in same directory. I could delete these and replace index.php files from backup, than scan the directories for modified files to find leftovers.
Thank You
when the WHM server is root compromised/hacked, what is the steps to restore it on a new WHM server?
I have incremental backups, the most recent backup has "backup_incomplete" file in its folder, the number of cpanel account folders seems OK.
I installed new server on CentOS 6. I exported mysql databases on old server and imported on new server (Export and Import all MySQL databases at one time)
Now assuming i should be restoring all incremental fullbackups that i already moved to a new server into folders: /backup/2017-08-28 /backup/2017-08-29
I will also be following securing tips at: Tips to Make Your Server More Secure - cPanel Knowledge Base - cPanel Documentation
Please how do you advise me to restore, how differently you would restore so i have newest mysql backups and files from the last day's fullbackup. I can not use recent cpanel's files as hacker was active modifying them. Well maybe only replaced index.php files and adding two other malicious php files in same directory. I could delete these and replace index.php files from backup, than scan the directories for modified files to find leftovers.
Thank You