The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

restoring server from backup

Discussion in 'General Discussion' started by Aerethorn, Jul 28, 2006.

  1. Aerethorn

    Aerethorn Registered

    Aug 18, 2005
    Likes Received:
    Trophy Points:
    hello all, a client of the company i work for, had his server compromised (r00ted), the bakcup that was done only has the following

    root@www1 [/old]# ls
    ./ ../ home/ home2/ httpd/ lost+found/ var/ root/.my.cnf
    root@www1 [/old]# ls var
    ./ ../ cpanel/ lib/ log/ named/ spool/
    root@www1 [/old]#
    root@www1 [/old/var]# ls cpanel
    ./ addonwhmversions/ deleteddomains futex-test* mmpass proftpdconvert updatelogs/
    ../ adminsessions/ dnsrequests hordepass mysqlup quotawarned usecpphp
    accounting.log bandwidth/ eximstatspass iclevels.conf neomail/ repquota.cache users/
    accts.db eximup ipchangeinprogress newaccts/ root.accts useup2date
    activate/ bwlimited/ features/ jailshell2 noanonftp sessions/ version/
    addoncpanelversions/ clevels.conf fileprotect lang.cache/ notifications/ smtpgidonlytweak whmtheme
    addonmodules Counters/ fixedsqlstatment lastrun/ objcache/ suexecpatch zonetemplates/
    addonmoduleversions/ cp76maillists fpconvert13 logs/ packages/ suspended/
    addonscripts cpanel.config frontpagepassthrough4.2 mailman2 perl/ suspendinfo/
    addonscriptsversions/ CPDNSLib.dat ftpup mailman2converted phpopendomains upcpcheck

    is there any way to restore this data without risks of missing information?

    the httpd configuration files and named zones are on the backups.
  2. AndyReed

    AndyReed Well-Known Member

    May 29, 2004
    Likes Received:
    Trophy Points:
    Minneapolis, MN
    Are you sure these files are not blank? Does he have *.tar.gz or incremental backup for his sites and DBs? Or all of that is gone?
  3. chirpy

    chirpy Well-Known Member

    Jun 15, 2002
    Likes Received:
    Trophy Points:
    Go on, have a guess
    Without the files from /etc you might be in for a bit of a struggle. Obviously the /home data is fine for the user files. The important files in /var/cpanel are users/ features/ packages/ if you restore those plus the home files, plus /var/lib/mysql/ and /var/named and the httpd.conf files.

    The next major hurdle will be recreating /etc/passwd which can be done using:


    However, you have to be very careful with that script and be sure to backup /etc/passwd /etc/shadow /etc/gshadow and etc/group before playing with it.

    After that's been run all none of the cPanel accounts will have passwords set. Next step would be to try running through the following:

    /scripts/upcp --force

    Hopefully that will recreate most of what you need, but there are likely to be big holes and you'll have to set each and every cPanel account password.

    Ultimately, it might be simpler to recreate each account through WHM individually and then restore the /home data for the account and then correct the files ownerships.

Share This Page