Server Taşıma (Restoring Cpanel from old drive after crash or hack)

[qweqqq]

So your cpanel server got hacked or crashed? Lots of that going around these days. And if you didn't have cpanel backups of all your sites, then your only option is to copy from the old drive... heres the basics..

commands to be executed from root shell preceded by #

Order restore from rackshack.

In trouble ticket specify to leave the old drive in

Once the restore is done, SSH in to box..

mount the old / partition as old (on RS boxes almost always /dev/hdb3)

# mount /dev/hdb3 /old

run chkrootkit to make sure you don't copy back infected files.. http://www.chkrootkit.org/

now we can start copying back data from the old drive

# rsync -vrplogDtH /old/usr/local/apache/conf /usr/local/apache
# rsync -vrplogDtH /old/var/named /var
# rsync -vrplogDtH /old/home/* /home
# rsync -vrplogDtH /old/usr/local/cpanel /usr/local
# rsync -vrplogDtH /old/var/lib/mysql /var/lib
# rsync -vrplogDtH /old/var/cpanel /var
# rsync -vrplogDtH /old/usr/share/ssl /usr/share
# rsync -vrplogDtH /old/var/ssl /var
# rsync -vrplogDtH /old/usr/local/cpanel/3rdparty/mailman /usr/local/cpanel/3rdparty
# rsync -vrplogDtH /old/var/log/bandwidth /var/log
# rsync -vrplogDtH /old/usr/local/frontpage /usr/local
# rsync -vrplogDtH /old/var/spool/cron /var/spool
# rsync -vrplogDtH /old/root/.my.cnf /root
# rsync -vrplogDtH /old/etc/httpd/conf/httpd.conf /etc/httpd/conf
# rsync -vrplogDtH /old/etc/sysconfig/network /etc/sysconfig

then change to the old etc, and execute all on one line ...

# cd /old/etc

# rsync -vrplogDtH secondarymx domainalias valiases vfilters exim* proftpd* pure-ftpd* passwd* group* *domain* *named* wwwacct.conf cpupdate.conf quota.conf shadow* *rndc* ips* ipaddrpool* ssl hosts /etc

well I hope I got everything... after you move all that stuff you will find yourself fixing up little things here and there....

I recomend updating cpanel afterwards .. /scripts/upcp .. /scripts/updatenow .. /scripts/sysup .. /scripts/fixeverything

update exim .. /scripts/exim4

Once everything works.. make sure you don't get 0wn3d again...
update apache .. /scripts/easyapache
update kernel to latest (plenty of howto's on these forums)
mount /tmp as noexec (and symlink /var/tmp to /tmp)

 

[Mc_Baris]

bu ne bu kodu napıcaz biraz açıkLasan ????