Compromised Server Questions
Hello guys,
So my Centos 7 server running at Ramnode.com was hacked. I believe they used bruteforce. Later I will have access to all the system's files.
Here is what happened:
I tried to log into cPanel but it wasn't working. WHM username the same (it was using the root username). SSH wasn't working. I tried the emergency ssh feature from SolusVM but that also didn't worked.
I will have access to all the files. I won't be able to restore from that particular configuration since it was compromised, but I should be able to restore the cPanel configuration.
Question: Having access only to the system files, how do I restore the WHM / cPanel configuration (mail servers, dns and other stuff). How can I make sure I changed everything so that hackers won't have access to my server again?
I know. Those are multiple questions with multiple answers, but I hope you can give me a guideline about what should I do.
All the best,
Mihai
-
Ok so I have all my files but only as linux system files. I don't have any cpmove files or something similar. Can I just upload the directories in /home into my fresh server install ? 0 -
Hello! You can move the site's files over to the accounts on the new server, but moving those will not create the accounts if you are not restoring from a cPanel backup. Simply moving over cPanel files also won't recreate those and you will likely just run into issues if you try to move those manually. The best thing for you to do will likely be to reset the root password on the old server so that you are able to log in to the WHM, then use the transfer tool to move them over to the new server. Transfer Tool - Version 64 Documentation - cPanel Documentation If you can't do that and only have the site's files, you will first need to set up new accounts in WHM on the new server, then move the files over to the accounts that were created there. Thanks! 0
Please sign in to leave a comment.
Comments
2 comments