1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Server hacked, hiring to help move client accounts to new HD

Discussion in 'Plesk for Linux - 8.x and Older' started by DaveNET@, Jul 30, 2005.

  1. DaveNET@

    DaveNET@ Guest

    0
     
    Hi.

    My server was hacked yesterday. We decided too much stuff had been messed with to try and repair, so we are rebuilding the server. Installed a new HD, installing Debian 3.1 and then Plesk 7.5.3.

    I was running RH 7.3 for 3+ years and previously had 7.5.1. Now, I need to somehow transfer Plesk databases and all client data to the new HD. I have currently removed the old HD while everything is reinstalled. I can either put it back in as primary or as secondary. I think Apache is hosed and won't run. However, I'm not an expert, so maybe someone can do it.

    These guys replaced all index files on both hard drives and in every directory.

    I don't think I have psadump on my server, I can't find the binary. Is there a way to install it from the shell?

    I'm looking for someone confident in their ability to tackle this. This is a paid job. I need it done asap. If anyone is interested, please PM me or email me via this forum.

    David
     
  2. cmaxwell

    cmaxwell Regular Pleskian

    25
    73%
    Joined:
    Aug 1, 2001
    Messages:
    150
    Likes Received:
    1
    How are you going with this?

    You should almost certainly have psadump and psarestore on the server - what are the results of "locate psadump" from the command line?

    Do you have a backup of your data from before the server was compromised?

    In the worst case scenario when it is not possible to confidently patch up a compromised server, we would reinstall the OS and restore from a reliable backup which was created before the intrusion occurred.

    I would also not use RedHat 7.3 today as it is so old, but you are right in upgrading the OS to something newer. Maybe because you were running RH7.3 it was only a matter of time until someone exploited it.

    I would still recommend a commercially supported OS such as Red Hat Enterprise as you get the backing of Red Hat's support for your server security with updates and such like. Any of the recent Fedora Core OS's would be fine also if you didn't want a commercial licence.

    Basically, if you have a backup it should be fairly straight-forward (though still a SA's nightmare). If you don't have a backup to restore from then it's just a lot of manual work to put things back together.

    Either way, I hope you see the way forward soon!

    Best Regards,

    - Chris
     
Loading...