The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

need to backup accounts on compromised server

Discussion in 'General Discussion' started by mnstrgns, Dec 12, 2005.

  1. mnstrgns

    mnstrgns Member

    Joined:
    Jan 20, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    So the server was compromised and has a rootkit on it.
    Almost all services are shut down, except SSH so I can go in and backup all of the accounts, db's and Cpanel settings.

    Here is the problem - cpbackup is not working.

    It runs, I get
    tar: Removing leading `/' from member names
    several times, and then it is done.
    In the backup/cpbackup/daily directory are 2 other folders. files and dirs. And thats it.
    (I updated to the latest CURRENT and the line in cpbackup is correct as has been noted it should be in another thread.)

    Also noted in another thread is the fact that the that tar line happens and it doesnt matter.

    In any event, I now have a 12 hour window to get the backup working so I can backup all accounts to a seperate drive on the box, and reinstall the OS.

    Anyone have any thoughts or suggestions?

    cpbackup.conf contents

    BACKUPACCTS yes
    BACKUPDAYS 0,1,2,3,4,5,6
    BACKUPDIR /backup
    BACKUPENABLE yes
    BACKUPFILES yes
    BACKUPFTPDIR
    BACKUPFTPHOST
    BACKUPFTPPASS
    BACKUPFTPPASSIVE no
    BACKUPFTPUSER
    BACKUPINC no
    BACKUPINT daily
    BACKUPLOGS no
    BACKUPMOUNT no
    BACKUPRETDAILY 1
    BACKUPRETMONTHLY 1
    BACKUPRETWEEKLY 1
    BACKUPTYPE normal
    DIEIFNOTMOUNTED no
    MYSQLBACKUP accounts
    BACKUPCHECK yes
    BACKUP2 yes

    I am at near the end of my rope.
    I have searched the forums and the web with little concrete information on what to do.
    I would prefer to use cpbackup to make restoring all accounts and settings after the OS install much more pleasant.

    Any and all input appreciated.

    JS
     
  2. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    is normal. Do you get any message that the backup is up-to-date? No other messages? Did you try setting it to incremental and see if that works? There has been some other threads on the fact that the cpbackup script has an error in it - but for me that error backed up all except the dirs and files.
     
  3. mnstrgns

    mnstrgns Member

    Joined:
    Jan 20, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    I get
    tar: Removing leading `/' from member names
    several times, and then nothing - just the shell prompt

    When I check the backup/cpbackup/daily directory, I see
    drwx--x--x 4 root 0 4096 Dec 12 21:23 ./
    drwx--x--x 5 root 0 4096 Dec 12 21:23 ../
    drwx------ 2 root 0 4096 Dec 12 21:23 dirs/
    drwx------ 2 root 0 4096 Dec 12 21:23 files/

    I am assuming I should see a .tar.gz file for each account in there.

    I tried setting incremental, to no avail.

    I saw the error threads, and updated the CPanel build to the current release which from what I read would fix the problem.
     
  4. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    copy cpbackup to say, forcebackup. Set Cpanel to incermental unless you have either updates cpbackup in Edge or fixed it as mentioned in other forums. Change:

    to:

    What that does it let you backup if the backup is less than .0005 days old. Any number like that will do..
     
  5. mnstrgns

    mnstrgns Member

    Joined:
    Jan 20, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Same result

    No .tar.gz files

    Just the /files and /dirs folders
     
  6. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    How is drive space?

    Maybe not enough to create backups?
     
  7. mnstrgns

    mnstrgns Member

    Joined:
    Jan 20, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    /dev/hdc1 74G 261M 70G 1% /backup

    Space not an issue...
     
  8. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    No, not the backup drive. Cpbackup places the backup files first on the /home partition. Plus it then needs temp room to create the tar file, etc. That's why I asked for all the partitions.
     
  9. mnstrgns

    mnstrgns Member

    Joined:
    Jan 20, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Filesystem Size Used Avail Use% Mounted on
    /dev/hda3 36G 19G 15G 55% /
    /dev/hda1 99M 31M 64M 33% /boot
    none 247M 0 247M 0% /dev/shm
    /dev/hdc1 74G 261M 70G 1% /backup
    /usr/tmpDSK 243M 6.0M 224M 3% /tmp
    /tmp 243M 6.0M 224M 3% /var/tmp
     
Loading...

Share This Page