1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Server Hacked - Root Accounts Created

Discussion in 'Plesk for Linux - 8.x and Older' started by RaymondP, Jun 16, 2009.

  1. RaymondP

    RaymondP Guest

    0
     
    Hello,

    I am helping to support an old Plesk box that was hacked earlier today. The owner upgraded their license and should be able to upgrade from 8.1.1 to 9.x now. I need to get the OS reinstalled first. The original operating system was debian linux. I have support licenses available for Red Hat Enterprise Linux. I'm a little uncertain about how well Plesk will handle the change in OS? Do I need to reinstall the same debian that was on the server before the problems started? Can I install RHEL, restore the plesk paths (what are they?), and then run an upgrade to get plesk up to the current version? How do I contact support? A new upgraded license was purchased today but the support form is rejecting my support requests? Any guidance on the best process for getting both the os and plesk upgraded to current would be appreciated. Thank you,

    -Raymond
     
  2. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    Youre in luck, all you need to do is back the system up with the psa backup utilities. This puts the plesk data into a distro-neutral format which you can use to restore on radically different OS's if you need to.

    What I would recommend you do is if you can, do this on a second server and use the plesk migration manager or if thats not an option do a test run in a virtual machine. So you know what could go wrong in advance, SSL certificates for example, or if you're dealing with UTF-8 conversions on 8.1 to 9.x. All the kinds of things that you'll only find out when you're actually doing it :p

    I have documented the restoration procedure we use on a compromised system here:

    http://www.atomicorp.com/wiki/index.php/Compromised_System
     
  3. RaymondP

    RaymondP Guest

    0
     
    The Plesk specific commands in steps 2 and 5 are what I was missing. Thanks!
     
  4. RaymondP

    RaymondP Guest

    0
     
    The step 2 command for Pesk 8 and higher needs a fix:

    /usr/local/psa/bin/pleskbackup --split=1G all /backups

    The split and all commmands need to be reversed for it to work.

    It complains of the --split is before the all.

    FYI,

    -Raymond
     
Loading...