Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Someone hacked my server so Im doing a multiple restore...

Discussion in 'General Discussion' started by lexmark, Jul 28, 2004.

  1. lexmark

    lexmark Well-Known Member

    Joined:
    Sep 10, 2003
    Messages:
    115
    Likes Received:
    0
    Trophy Points:
    166
    Hello, I am using the multiple restore option in WHM to restore my accounts that I host from my backup. The only files that were hacked were all of the index.html files for each account. I tried to use the "Restore" option but it didnt work, so I have to select the "recreate" option and replace the whole account just for one file?
     
  2. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    168
    Actually I believe this script should restore your index files, have not tried it myself though.


    Code:
    #!/usr/bin/perl
    
    #version 2
    
    my $hasiozlib = 0;
    my $hasarchivetar = 0;
    eval {
            require IO::Zlib;
            $hasiozlib = 1;
    };
    eval {
            require Archive::Tar;
            $hasarchivetar = 1;
    };
    
    if (!($hasiozlib) || !($hasarchivetar)) {
            system("/scripts/perlinstaller","IO::Zlib","Archive::Tar");
            die "Please re-run this script.  Modules were missing!\n";
    }
    
    use strict;
    
    my $dir = '/backup/cpbackup/weekly';
    
    opendir(CPB,$dir);
    my @FS = readdir(CPB);
    @FS = grep(/\.tar\.gz$/, @FS);
    closedir(CPB);
    my $restorecount = 0;
    
    foreach my $fs (@FS) {
            $fs =~ s/\.tar\.gz//g;
    
            next if (!getpwnam($fs));
            my $homedir = (getpwnam($fs))[7];
            my $uid = (getpwnam($fs))[2];
            my $gid = (getpwnam($fs))[3];
    
    
            print "$fs $homedir\n";
            my $tar = Archive::Tar->new;
            $tar->read("$dir/${fs}.tar.gz",1);
    
    
            print "Checking Archive for files!\n";
            my @files = $tar->get_files("${fs}/homedir/public_html/index.html",
                    "${fs}/homedir/public_html/index.htm","${fs}/homedir/public_html/index.php");
    
            foreach my $ft (@files) {
                    my $filename = $ft->name();
                    if ($filename =~ /index.html$/) {
                            open(RESTOREFILE,">${homedir}/public_html/index.html");
                            chown $uid, $gid, "${homedir}/public_html/index.html";
                    }
                    if ($filename =~ /index.htm$/) {
                            open(RESTOREFILE,">${homedir}/public_html/index.htm");
                            chown $uid, $gid, "${homedir}/public_html/index.htm";
                    }
                    if ($filename =~ /index.php$/) {
                            open(RESTOREFILE,">${homedir}/public_html/index.php");
                            chown $uid, $gid, "${homedir}/public_html/index.php";
                    }
                    print "Restoring $filename\n";
                    print RESTOREFILE $ft->get_content();
                    close(RESTOREFILE);
                    $restorecount++;
    
            }
    }
    
    print "$restorecount file(s) restored!\n";
    
    
    
     
  3. Creazioni

    Creazioni Well-Known Member

    Joined:
    Jan 5, 2003
    Messages:
    133
    Likes Received:
    0
    Trophy Points:
    166
    You Are The Best!

    GREAT GREAT!!!..
    i try it and work fine

    I try to modify...but don't work....
    problem: crakker don't change only first index.htm or php or html (public_html/index*),
    he change all index into sub dir (public_html/*/index)

    Can you add info to change index info subdirs too?

    ex (this is wrong...right?)





    if ($filename =~ /index.html$/) {
    open(RESTOREFILE,">${homedir}/public_html/*/index.html");
    chown $uid, $gid, "${homedir}/public_html/*/index.html";
    }
    if ($filename =~ /index.htm$/) {
    open(RESTOREFILE,">${homedir}/public_html/*/index.htm");
    chown $uid, $gid, "${homedir}/public_html/*/index.htm";
    }
    if ($filename =~ /index.php$/) {
    open(RESTOREFILE,">${homedir}/public_html/*/index.php");
    chown $uid, $gid, "${homedir}/public_html/*/index.php";
    }









    i think it's is VERY VERY INTERESTING!!!! UP UP
     
Loading...
Similar Threads - Someone hacked server
  1. JarekN
    Replies:
    6
    Views:
    861
  2. kalexanakis
    Replies:
    8
    Views:
    1,560

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice