Isolate databases from transferred backup

pseudofluous

Registered
Sep 8, 2018
2
0
1
TX
cPanel Access Level
Root Administrator
I recently restored a full cpanel backup to an AWS EC2 instance unsuccessfully. This backup was created not by myself, but someone who hacked my VPS and locked out everyone including Bluehost and wrecked my home network for two months. Recently I found a cpmove file on an FTP account I did not place there. The backup worked, kind of, bc it was for a domain that i never really owned in the first place- Bluehost automatically issued this example.net as the primary. The domain I still own example.com had to be created as a subdomain. I see in phpmyadmin and dns records that example.com was migrated. However, I cannot access my site. The nameservers were updated properly, though it has not yet been 48 hours...So Im hoping that maybe it will just take more time for the NS to transition for my site to work.

Either way, what Im trying to figure out is what I need to do to isolate the example.com-associated databases or other files in cpanel and then have a cpanel instance of that domain only. I have very limited experience with site restoration and Im dealing with a potentially malicious data set. During my hack I was left only one wordpress backup later found to have infected code in it. I've been burned once and don't want a repeat.

I realize this is more of a basic stackexchange.com question but I was just hoping to accomplish all this within cpanel rather than setting up a VM and learning the steps and software necessary to do what I wish from the cpmove backup file. I dont even know if thats possible. Any help would be greatly appreciated. Ive been without this site for almost a year now and am ready to have it back. Thanks.
 
Last edited by a moderator:

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
7,940
630
263
Houston
cPanel Access Level
DataCenter Provider
Either way, what Im trying to figure out is what I need to do to isolate the example.com-associated databases or other files in cpanel and then have a cpanel instance of that domain only.
When you say this do you mean how to isolate the files from inside the backup? If this is what you're requesting it should be pretty simple.
1. Extract the tar.gz file with something like:
Code:
tar -xzf cpmove-user.tar.gz
Or from the File Manager you should be able to just use "extract"

2. The files for the domains should be in homedir/public_html/ if it was the primary domain if it was an addon or subdomain it would most likely be in cpmove-user/homedir/public_html/$domainfolder

3. The databases are stored in cpmove-user/mysql/ you'll need to know which database was associated with the domain but they should all be there


If this is a database/site that was hacked or the backup was created BY the hacker I would strongly question the legitimacy of it and wouldn't recommend using it at all.


Thanks!
 

pseudofluous

Registered
Sep 8, 2018
2
0
1
TX
cPanel Access Level
Root Administrator
When you say this do you mean how to isolate the files from inside the backup? If this is what you're requesting it should be pretty simple.
1. Extract the tar.gz file with something like:
Code:
tar -xzf cpmove-user.tar.gz
Or from the File Manager you should be able to just use "extract"

2. The files for the domains should be in homedir/public_html/ if it was the primary domain if it was an addon or subdomain it would most likely be in cpmove-user/homedir/public_html/$domainfolder

3. The databases are stored in cpmove-user/mysql/ you'll need to know which database was associated with the domain but they should all be there


If this is a database/site that was hacked or the backup was created BY the hacker I would strongly question the legitimacy of it and wouldn't recommend using it at all.


Thanks!
Thanks so much for the info. To be clear, as my post is not, I want to isolate files just for the subdomain in question so that it itself polulates the cpanel instance. Ill check out the unpacked file and see what I can figure out from what you told me tomorrow.

And yeah this guy did me personally dirty for two months and left me a corrucpt super old WP backup thats non usable. The cpmove appeared a few months ago on my seedbox account.....AWS elastic IP was the safest I figured I could go. That backup was without nearly a year of work on it and was corrupt. Im hoping this cpmove file is a mercy thing as 9 devices plus my DDWRT router were bot-made. I had to reformat my server and laptop drives numerous times, it was a nightmare.

If you have better recommendations than this cpanel backup over original CentOS 7 over AWS elastic free IP I'dbe very greatful. Thanks man
 
Last edited: