Please where can i find the website files and email files on ubuntu 14

[RickyN]

Please I have been hacked and my vps company has given my only access to my files through ftp and I want to only backup the website files and mysql database. Also I wanna backup the emails as well. Please can someone show me the directory where i will find this files

 

[abdi]

Email: /var/qmail/mailnames/
MySQL: /var/lib/mysql/
Web: /var/www/vhosts/

 

[RickyN]

@abdi Can i hire u do this for me

 

[abdi]

Yes, but without SFTP or SSH it really slows and complicates the process, especially for MySQL (For example if you were using MyISAM, then you can copy across the mysql files to the new server unlike for InnoDB where it requires to run the mysqdump command to backup the entire MySQL server)

I really think your host should help with MySQL.

For Email, again without SFTP you wouldn't be able to access that mail folder due to permissions and restrictions around the FTP accounts ...

 

[trialotto]

Please I have been hacked and my vps company has given my only access to my files through ftp and I want to only backup the website files and mysql database. Also I wanna backup the emails as well. Please can someone show me the directory where i will find this files

@RickyN,

To be honest, you

- need a backup of all relevant data: you can do this with Plesk, please use a per-subscription backup
- do NOT want to restore data from the latest backup: this can contain data that probably is compromised already
- have to search for the data the hack occurs (or at least get an indication at which moment the server has not yet been hacked)
- start with the data from the moment that the servers has not been hacked yet

and, in addition, you should

- secure the system, by blocking IPs via the (Plesk) firewall and by activating Fail2Ban,
- search in all the logs from which IP or IPs the attack originated AND via which port(s) the attackers entered your system
- investigate the symptoms of the hack: spam, root access, script execution, SQL injection, SSL vulnerabilities

and so on.

In general, the attack itself is not that relevant, the most appropriate action for this moment is to close down the server: that is, secure the server fully, in order to achieve that malicious code can still be present on the server, but becomes rather ineffective (in the sense that the malicious code is "quarantained" and contained to the server only).

After securing the server, one can have a look at the code and destroy all parts of the malicious code.

After destroying the malicious code, it is (very) strongly recommended to migrate all good data to a NEW (and clean) server.

Having followed the steps above, it is very unlikely that the problems reoccur (and if they do, follow the procedure again).

One IMPORTANT comment has to be made, which has already been hinted by @abdi: your hosting provider can help you.

Another MORE IMPORTANT comment has to be made too: your hosting provider is NOT really the designated party to help you, given the facts that

- you do not have root access, which implies that the hosting provider manages the system(s)
- the hosting provider manages systems in such a way that a hack attack apparently is possible (which really should not be the case)

and, to be honest, I personally do not expect that your hosting provider can do much for you.

Hope the above helps a bit.

Regards.....