Server Hacked - Root Accounts Created

[RaymondP]

Hello,

I am helping to support an old Plesk box that was hacked earlier today. The owner upgraded their license and should be able to upgrade from 8.1.1 to 9.x now. I need to get the OS reinstalled first. The original operating system was debian linux. I have support licenses available for Red Hat Enterprise Linux. I'm a little uncertain about how well Plesk will handle the change in OS? Do I need to reinstall the same debian that was on the server before the problems started? Can I install RHEL, restore the plesk paths (what are they?), and then run an upgrade to get plesk up to the current version? How do I contact support? A new upgraded license was purchased today but the support form is rejecting my support requests? Any guidance on the best process for getting both the os and plesk upgraded to current would be appreciated. Thank you,

-Raymond

 

[atomicturtle]

Youre in luck, all you need to do is back the system up with the psa backup utilities. This puts the plesk data into a distro-neutral format which you can use to restore on radically different OS's if you need to.

What I would recommend you do is if you can, do this on a second server and use the plesk migration manager or if thats not an option do a test run in a virtual machine. So you know what could go wrong in advance, SSL certificates for example, or if you're dealing with UTF-8 conversions on 8.1 to 9.x. All the kinds of things that you'll only find out when you're actually doing it

I have documented the restoration procedure we use on a compromised system here:

http://www.atomicorp.com/wiki/index.php/Compromised_System

 

[RaymondP]

The Plesk specific commands in steps 2 and 5 are what I was missing. Thanks!

 

[RaymondP]

The step 2 command for Pesk 8 and higher needs a fix:

/usr/local/psa/bin/pleskbackup --split=1G all /backups

The split and all commmands need to be reversed for it to work.

It complains of the --split is before the all.

FYI,

-Raymond