How to restore all files backups and a mysql separately?

[postcd]

Hello,

when the WHM server is root compromised/hacked, what is the steps to restore it on a new WHM server?

I have incremental backups, the most recent backup has "backup_incomplete" file in its folder, the number of cpanel account folders seems OK.

I installed new server on CentOS 6. I exported mysql databases on old server and imported on new server (Export and Import all MySQL databases at one time)

Now assuming i should be restoring all incremental fullbackups that i already moved to a new server into folders: /backup/2017-08-28 /backup/2017-08-29

I will also be following securing tips at: Tips to Make Your Server More Secure - cPanel Knowledge Base - cPanel Documentation

Please how do you advise me to restore, how differently you would restore so i have newest mysql backups and files from the last day's fullbackup. I can not use recent cpanel's files as hacker was active modifying them. Well maybe only replaced index.php files and adding two other malicious php files in same directory. I could delete these and replace index.php files from backup, than scan the directories for modified files to find leftovers.

Thank You

 

[cPanelMichael]

Now assuming i should be restoring all incremental fullbackups that i already moved to a new server into folders: /backup/2017-08-28 /backup/2017-08-29

Hello,

I recommend restoring the accounts on the new server first, before importing the MySQL databases. You can follow the instructions documented at:

Backup Restoration - Version 66 Documentation - cPanel Documentation

Once the accounts are restored, you can then manually import the MySQL databases if they are not included as part of the account backups:

SSH command to copy all databases to a new location

Thank you.