The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mass Confusion: Backing Up, Restoration and Home Directories

Discussion in 'Data Protection' started by Halimi, Jan 12, 2011.

  1. Halimi

    Halimi Registered

    Joined:
    Jan 12, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Hi everyone,

    Have found myself in a little bit of a situation. Actually, not little, considering my website is over ten gigs in size, which makes the situation a tad more complex and time consuming :)

    I had warning signs of someone wanting to compromise my site, so I backed it up immediately via the backup feature in cPanel (11.28). A few days later, I received an email telling me it was finished:

    Email subject: Full Backup Completed

    Email text:

    pkgacct started.
    pkgacct version 8.3 - user : islamtu1 - archive version: 3 - running with uid 0
    Copying Reseller Config...Done
    Copying Suspension Info (if needed)...Done
    Copying SSL Certificates, CSRS, and Keys...Done
    Copying Domain Keys....Done
    Copying Counter Data....Done
    Copying Bandwidth Data.......islamtube.com...Done
    Copying Dns Zones.......islamtube.com...Done
    Copying Mail files....Done
    Copying frontpage files....Done
    Copying proftpd file....Done
    Copying www logs.............
    .........
    Done
    Copy userdata............
    Copy custom virtualhost templates............
    Done
    Leaving timeout safety mode
    Copying mailman lists....Done
    Copying mailman archives....Done
    Copying homedir....Done
    Entering timeout safety mode
    Grabbing mysql dbs.....................................................................................................................................................................................................................islamtu1_clip ..........islamtu1_islam .....horde.turba_objects horde.horde_prefs horde.kronolith_events horde.kronolith_storage horde.mnemo_memos horde.nag_tasks ...Done
    Grabbing mysql privs...Done
    Copying cpuser file.......Done
    Copying crontab file.......Done
    Copying quota info.......Done
    Storing Subdomains....
    Done
    Storing Parked Domains....
    Done
    Storing Addon Domains....
    Done
    Storing ssl domain......Done
    Copying password.......Done
    Copying shell.......Done
    Creating Archive ....Done
    pkgacctfile is: /home/islamtu1/backup-1.4.2011_23-23-01_islamtu1.tar.gz
    md5sum is: 9cd3eea036c83a817a42868663ccae3b

    size is: 9868093528


    The backup was in my home directory and I proceeded to delete all my files except 'backup-1.4.2011_23-23-01_islamtu1.tar.gz', which I extracted and expected to simply return my home directory to the way it was before.

    The problem was that it looked a lot different after it had extracted; instead of the typical folders of 'public_html', etc, there was a completely new set of folders which I had no familiarity with. But amongst the jargon was a 'homedir.tar.gz' file of very large size - upon extracting it, it seemed far more familiar to the traditional arrangement I've known my website to have.

    I tried copying these 'familiar', extracted files of 'homedir' back to the home directory, but it didn't seem right because the home directory already contained the folders which I wasn't familiar with.

    Ultimately, I gave up on extracting these 'tar.zg' files and thought it'd be better to just download the 'backup-1.4.2011_23-23-01_islamtu1.tar.gz' file to my computer and then restore it through the 'Restore a Home Directory Backup' tab on the Backup page. But then I read somewhere that you can't restore a 'full backup' through that mechanism.

    But the email which was automatically sent to me to notify me that the backup was complete a few days prior said 'Full Backup'. I'm confused if what I have is a full back up or a partial back up; if i need to do it through an ftp program, the cpanel backup feature, or just extract the 'tar.zg' files on the server now.

    I'm confused. Any help would be very appreciated.
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,476
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If you suspected the site was compromised, backing it up after the fact would be backing up whatever it is that happened. Deleting the files as you did was not the best course of action.

    The good news is you do have a full account backup.

    This is not how you restore a full system backup.

    Hopefully you left the full backup on the account? If so great. If you're not the Host/Server Administrator of that server, contact them and tell them you need the account restored using that full backup.

    If you are the System Administrator, you'll need to move that full backup to the proper directory.

    Docs for that here: Restore a Full Backup/cpmove File

    That documentation is lacking quite a bit, looking at it and its parent section .

    In a nutshell, once that backup archive is in the correct location login to your WHM, top left corner search box type in back, in results, click this link: Restore a Full Backup/cpmove file on this page you should see the file listed, type in the username and away you go.
     
  3. Halimi

    Halimi Registered

    Joined:
    Jan 12, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Thank you very much, appreciate your help.

    Btw, I posted the thread twice by accident. Apologies to moderators.
     

Share This Page