• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

Compromised - Need rebuild best practice info...

C

C4talyst

Guest
I've inherited a few Plesk boxes, one of which has 500 domains/sites on it. Today I found this machine has been root level compromised. I was hoping some you could enlighten me on best practices for rebuilding / recovering from this.

I'm guessing I'll need to stand up a new machine, harden it and then start migrating clients to it. Any thoughts? Thanks!
 
First of all you will need to find out how they broke in.
Then you will need a backup of all important files, like /var/www/vhosts* , /var/qmail/*, /etc/, /var/lib/mysql (and also create a dump from all database), /usr/local/psa/

Then after backup is done, you need to reinstall the server, install SAME version of PLESK, and start to restore data.
You can do this manually or automatically, but in any case will be painful and time consuming.
 
You must log in or register to reply here.

Similar threads

J.Wick
Input Allow Backup Scope Selection: Subdomain Document Root vs. Parent Directory
Replies
1
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
I
Input Hardening Plesk with AbuseIPDB
Replies
2
Views
2K
iainh
I
Matt N
Issue Maria DB 10.11 > 11.4 upgrade results in issues with Plesk Repair Tool - reports innodb corruption in ibdata1
2
Replies
26
Views
9K
tethis IT
tethis IT
L
Issue Being logged out of Plesk after nearly every page (error 400)
Replies
2
Views
4K
Himanshu Goyal
H
C
Question Plesk Ubuntu with Microsoft Azure - Geo replication
Replies
0
Views
3K
corend
C
Back
Top