Restore to same server using cPanel backups after Op Sys Reload - Ebury fallout
Yep, another one hit with Ebury fun.
Have been running full cPanel backups.
Tar'd up the packages and easy apache directory.
Have Full Backup via cPanel (system, files, accounts, yada yada)
Even have my migration stuff from when I ferried from Plesk 6 months ago.
New Hard Drive installed
Reloading Op/Sys now.
Reprovisioned system will have WHM and CPANEL loaded.
Old hard drive will be mounted and available to copy whatever is needed.
Then what?
I've reviewed the docs on transferring to another server but I am going to be on the same (reloaded) server using the same IP address. The old hard drive will be mounted and accessible.
What are the steps to get my Apache, Tomcat, Packages, WHM and finally CPANEL stuff back online?
(or links to instructions)
Thanks for the help.
flaming hot death to ebury...
-
Configure backups on your new server via WHM, then copy all your backups into your backup folder. From there, you can use WHM to restore them. [url=http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/BackupRestoration]Backup Restoration 0 -
[quote="vanessa, post: 1594672">Configure backups on your new server via WHM, then copy all your backups into your backup folder. From there, you can use WHM to restore them. [url=http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/BackupRestoration]Backup Restoration
I figured that would cover the Accounts but will it also handle the Apache configs, php settings, tomcat install, etc?0 -
I see how this will restore Accounts. Not seeing how Apache configs, Tomcat setup, packages, etc. would be restored. 0 -
When performing a restore of a "full backup" per [url=http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/RestoreFullbackup]Legacy Restore a Full Backup/cpmove File, do you have to copy the daily/monthly backup subdirectory out of /backup to one of the directories specified. (eg. /home /usr /root, etc. ) The restore will not work using a backup in the default /backup location? 0 -
Hello :) You can copy the EasyApache build profile using the instructions here: How to Distribute EasyApache Files Over Multiple Servers Packages are stored in /var/cpanel/packages and can be transferred over manually. Thank you. 0 -
[quote="securecomptech, post: 1594761">I see how this will restore Accounts. Not seeing how Apache configs, Tomcat setup, packages, etc. would be restored.
Any reason you can't just restore these manually? Some things don't have an easy button - do it yourself.0 -
ok, heard back from Tech Support. CPANEL does not support "restoring" any of the system info such as Apache, Tomcat, Packages, PHP settings, Packages and more. CPANEL DOES backup many files/dirs with needed config info to help in a manual rebuilding process of the above elements. Will document steps taken to recover as much of the "system" info as possible. It should be noted that an image backup is of questionable value during an Ebury security breech. At least 2 items are critical to know; WHEN did the breech occur WHAT attack vector was originally used to breech the system If you do not know exactly WHEN the system was breeched, you cannot safely choose and image to restore with risking carrying the exploit forward. If you do not know exactly HOW the system was breeched, you cannot safely restore user accounts as you may restore the same website vulnerability that created the problem in the first place. 0 -
Right, it's a good idea to investigate and determine when/how the server was exploited so you can take steps to prevent it from happening again. You may want to consult with a qualified system administrator if you are unable to determine that information. Thank you. 0 -
[quote="vanessa, post: 1595021">Any reason you can't just restore these manually? Some things don't have an easy button - do it yourself.
Nope, no reason, and diy is what I am doing right now. My hangup was the "system" description of CPANEL, being a new CPANEL customer (Plesk for 10+years, recent convert), I thought that backing up "system" stuff, meant that restore would restore "system" stuff. Not the case. But it does grab some of the good stuff so I can get at it. I know there is a "feature" in the works to address this. Honestly, was surprised not to find a step by step guide for full server recovery, or even primary functionality such as PHP, APACHE, etc. So yes, I am now the happy owner of a bunch of emails and links to; recover WHM config - which files to copy and when recover CPANEL config - which files to copy and when restore Accounts - CPANEL Restore Utility (which failed on queuing more than 3 accounts, so yeah I can use the CLI, but not unreasonable to expect GUI to handle it) recover Apache config - which files to copy and then re-run easy apache build recover PHP settings - copying php.ini to the right place recover MySQL settings - copying my.cnf to the right place Much of it not a big deal but would be nice to have a list that describes file locations and order of steps instead of just a link to CPANEL EASY Apache setup Most of it is so basic, why not have it wrapped in a shell script already? Just my 2 cents while working this particular server recovery.0 -
[quote="cPanelMichael, post: 1595261">Right, it's a good idea to investigate and determine when/how the server was exploited so you can take steps to prevent it from happening again. You may want to consult with a qualified system administrator if you are unable to determine that information. Thank you.
"qualified" I like that...even "qualified" folks allow a security breech that compromises SSH keys for bunches of accounts, happens to the best of us, no? In my case, I believe the exploit was via a Joomla site using JomSocial with a now known security issue. Haven't finished digging. Still restoring server for all other accounts first. Info for the next poor unqualified administrator Ebury Info http://docs.cpanel.net/twiki/bin/view/AllDocumentation/CompSystem]Determine Your System's Status Backup links [url=http://docs.cpanel.net/twiki/bin/view/AllDocumentation/CpanelDocs/BackupWizard]Backup Wizard Migrate / Restore [url=http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/CopyMultiple#About%20streaming%20transfers]Copy Multiple Accounts/Packages from Another Server [url=http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/MovecPanelAccounts]How to Move all cPanel Accounts from One Server to Another0
Please sign in to leave a comment.
Comments
11 comments