Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

system hacked, need to restore manually - help

Discussion in 'General Discussion' started by 3ampcom, Jun 19, 2007.

  1. 3ampcom

    3ampcom Registered

    Jun 19, 2007
    Likes Received:
    Trophy Points:
    Hi there,

    Could someone please help me with the following. My server was hacked and so my provider had to reinstall it. They hooked up the old harddrive with old /home/ dir and accounts on to the system so I can restore the accounts.

    Could anyone tell me how to restore the old accounts? I had no more opportunity to create WHM backup files, so I'll have to restore the following manually ;

    - accounts into WHM
    - email accounts
    - mysql databases
    - home directories (not a problem)

    - DNS entries/zonefiles

    Could someone give me a hint as to how to do this?


  2. OoteR

    OoteR Member

    Jun 12, 2007
    Likes Received:
    Trophy Points:
    as a starting point you'll need /etc/shadow and /etc/passwd i'm assuming.. Other than that I'm not really sure myself.

    FTP account depend on which ftp server you were using... You got a lot of work ahead of you either way. Should be a whole bunch of copying and pasting.. but who knows!
  3. AndyReed

    AndyReed Well-Known Member

    May 29, 2004
    Likes Received:
    Trophy Points:
    Minneapolis, MN
    Assuming that you are Linux savvy and comfortable with the system, although the thread is old, but will show you what to do to restore your data:

    One little reminder, the setup of your new server should be the same as the previous, and you will need to make some manual modifications before everything works correctly.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Silver_2000

    Silver_2000 Well-Known Member

    Mar 31, 2002
    Likes Received:
    Trophy Points:
    Im not sure about an automated way to get the accounts moved but the SQL databases are easy just copy the lib/mysql stuff over

    Assumiing you have CPanel accounts with matching names the dbs will be there

    Then just setup the correct users for the accounts
  5. nilesh_kolte

    nilesh_kolte Well-Known Member

    Apr 13, 2006
    Likes Received:
    Trophy Points:
    Pune ,India
    cPanel Access Level:
    Root Administrator

    In case a server ever has a crashed primary drive, feel free to ask the datacenter to install a new primary drive, and mount the old primary drive as the secondary, so that we can copy from it when the system is back online.

    1 - mount old drive as /old /old/usr /old/var etc.

    Most servers should be:

    mkdir /old

    mount /dev/sdb1 /old
    mount /dev/sdb2 /old/var
    mount /dev/sdb3 /old/usr
    mount /dev/sdb7 /old/home

    But you may need to figure out exactly which /dev/sdbX it is.

    Then start copying

    cp -R --reply=yes -p /old/etc/proftpd/* /etc/proftpd
    cp -R --reply=yes -p /old/etc/valiases/* /etc/valiases
    cp -R --reply=yes -p /old/etc/vfilters/* /etc/vfilters
    cp -R --reply=yes -p /old/etc/userdomains /etc
    cp -R --reply=yes -p /old/usr/local/cpanel/3rdparty/mailman/* /usr/local/cpanel/3rdparty/mailman
    cp -R --reply=yes -p /old/usr/local/frontpage/* /usr/local/frontpage
    cp -R --reply=yes -p /old/usr/share/ssl/* /usr/share/ssl
    cp -R --reply=yes -p /old/var/cpanel/* /var/cpanel
    cp -R --reply=yes -p /old/var/lib/mysql/* /var/lib/mysql
    cp -R --reply=yes -p /old/var/log/bandwidth/* /var/log/bandwidth
    cp -R --reply=yes -p /old/var/named/* /var/named
    cp -R --reply=yes -p /old/var/spool/cron/* /var/spool/cron
    cp -R --reply=yes -p /old/etc/ips /etc/ips
    cp -R --reply=yes -p /old/etc/group /etc/group
    cp -R --reply=yes -p /old/etc/localdomains /etc/localdomains
    cp -R --reply=yes -p /old/etc/named.conf /etc/named.conf
    cp -R --reply=yes -p /old/etc/passwd /etc/passwd
    cp -R --reply=yes -p /old/etc/proftpd.conf /etc/proftpd.conf
    cp -R --reply=yes -p /old/etc/quota.conf /etc/quota.conf
    cp -R --reply=yes -p /old/etc/rndc.conf /etc/rndc.conf
    cp -R --reply=yes -p /old/etc/secondarymx /etc/secondarymx
    cp -R --reply=yes -p /old/etc/shadow /etc/shadow
    cp -R --reply=yes -p /old/etc/wwwacct.conf /etc/wwwacct.conf
    cp -R --reply=yes -p /old/usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf
    cp -R --reply=yes -p /old/usr/local/cpanel/3rdparty/interchange/interchange.cfg /usr/local/cpanel/3rdparty/interchange/interchange.cfg
    cp -R --reply=yes -p /old/home/* /home

    chown -R mysql:mysql /var/lib/mysql

    /scripts/restartsrv httpd
    /scripts/restartsrv exim
    /scripts/restartsrv mysql


    Important things to check

    1 - rndc status should show all the zones. If it only shows 8, or nothing, then run /scripts/fixndc

    2 - You should reboot the server and check to see if sample sites are loading. This is quite important!! If not, then fix/diagnose.

    3 - Don't forget to recompile apache, otherwise everyone with GD requirements will be screaming at you!!!

    4 - Pls also install fantastico, zend, and ioncube as well

    5- If you are copying from an old cpanel install, you'll have to run /scripts/convert2maildir as well.

    PM me if you facing any problem
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice