• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Server hacked, hiring to help move client accounts to new HD

D

DaveNET@

Guest
Hi.

My server was hacked yesterday. We decided too much stuff had been messed with to try and repair, so we are rebuilding the server. Installed a new HD, installing Debian 3.1 and then Plesk 7.5.3.

I was running RH 7.3 for 3+ years and previously had 7.5.1. Now, I need to somehow transfer Plesk databases and all client data to the new HD. I have currently removed the old HD while everything is reinstalled. I can either put it back in as primary or as secondary. I think Apache is hosed and won't run. However, I'm not an expert, so maybe someone can do it.

These guys replaced all index files on both hard drives and in every directory.

I don't think I have psadump on my server, I can't find the binary. Is there a way to install it from the shell?

I'm looking for someone confident in their ability to tackle this. This is a paid job. I need it done asap. If anyone is interested, please PM me or email me via this forum.

David
 
How are you going with this?

You should almost certainly have psadump and psarestore on the server - what are the results of "locate psadump" from the command line?

Do you have a backup of your data from before the server was compromised?

In the worst case scenario when it is not possible to confidently patch up a compromised server, we would reinstall the OS and restore from a reliable backup which was created before the intrusion occurred.

I would also not use RedHat 7.3 today as it is so old, but you are right in upgrading the OS to something newer. Maybe because you were running RH7.3 it was only a matter of time until someone exploited it.

I would still recommend a commercially supported OS such as Red Hat Enterprise as you get the backing of Red Hat's support for your server security with updates and such like. Any of the recent Fedora Core OS's would be fine also if you didn't want a commercial licence.

Basically, if you have a backup it should be fairly straight-forward (though still a SA's nightmare). If you don't have a backup to restore from then it's just a lot of manual work to put things back together.

Either way, I hope you see the way forward soon!

Best Regards,

- Chris
 
You must log in or register to reply here.

Similar threads

C
hacked server/transfering old plesk data to new plesk
Replies
3
Views
1K
abdi
abdi
T
Server Hacked Into
Replies
4
Views
2K
TimGC
T
B
Migrating to new server
Replies
11
Views
6K
zooming
Z
S
??? Faulty Product or Failed Instalation ???
Replies
2
Views
4K
Dmitry Frantsev
D
A
Totally fed up
Replies
8
Views
3K
poke
P
Back
Top