• Inviting everyone who uses WordPress management tools in Plesk
    The Plesk team is conducting a 60-minute research session that includes an interview and a moderated usability test.
    To participate, please use this link .
    Your experience will help shape product decisions and ensure the tools better support real-world use cases.

Compromised - Need rebuild best practice info...

C

C4talyst

Guest
I've inherited a few Plesk boxes, one of which has 500 domains/sites on it. Today I found this machine has been root level compromised. I was hoping some you could enlighten me on best practices for rebuilding / recovering from this.

I'm guessing I'll need to stand up a new machine, harden it and then start migrating clients to it. Any thoughts? Thanks!
 
First of all you will need to find out how they broke in.
Then you will need a backup of all important files, like /var/www/vhosts* , /var/qmail/*, /etc/, /var/lib/mysql (and also create a dump from all database), /usr/local/psa/

Then after backup is done, you need to reinstall the server, install SAME version of PLESK, and start to restore data.
You can do this manually or automatically, but in any case will be painful and time consuming.
 
You must log in or register to reply here.

Similar threads

J.Wick
Input Allow Backup Scope Selection: Subdomain Document Root vs. Parent Directory
Replies
1
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
I
Input Hardening Plesk with AbuseIPDB
Replies
2
Views
2K
iainh
I
Matt N
Issue Maria DB 10.11 > 11.4 upgrade results in issues with Plesk Repair Tool - reports innodb corruption in ibdata1
2
Replies
24
Views
6K
Sebahat.hadzhi
Sebahat.hadzhi
L
Issue Being logged out of Plesk after nearly every page (error 400)
Replies
2
Views
4K
Himanshu Goyal
H
C
Question Plesk Ubuntu with Microsoft Azure - Geo replication
Replies
0
Views
2K
corend
C
Back
Top