cPanel Restore Guide<\/p>\n
=====================================================================
\nSo your cpanel server got hacked or crashed? Lots of that going around these days. And if you didn’t have cpanel backups of all your sites, then your only option is to copy from the old drive… heres the basics..<\/p>\n
commands to be executed from root shell preceded by #
\n1) Order restore from The Planet. In trouble ticket specify to leave the old drive in
\n2) Once the restore is done, SSH in to box..<\/p>\n
mount the old \/ partition as old (on TP boxes almost always \/dev\/hda3)<\/p>\n
root@box# mount \/dev\/hda \/old<\/p>\n
run chkrootkit to make sure you don’t copy back infected files… http:\/\/www.chkrootkit.org\/<\/a><\/p>\n now we can start copying back data from the old drive<\/p>\n root@box# rsync -vrplogDtH \/old\/usr\/local\/apache\/conf \/usr\/local\/apache then change to the old etc, and execute all on one line …<\/p>\n root@box# cd \/old\/etc<\/p>\n root@box# rsync -vrplogDtH secondarymx domainalias valiases vfilters exim* proftpd* pure-ftpd* passwd* group* *domain* *named* wwwacct.conf cpupdate.conf quota.conf shadow* *rndc* ips* ipaddrpool* ssl hosts \/etc<\/p>\n well I hope I got everything… after you move all that stuff you will find yourself fixing up little things here and there….<\/p>\n I recomend updating cpanel afterwards: Once everything works.. make sure you don’t get 0wn3d again… NOTE: cPanel 11 and later versions of cPanel 10 will regularly update your system software by running up2date, cPanel update, etc. Ok, groovy. And to the pro’s out there, don’t kill me because of the UI instructions rather than SSH toward the bottom. It’s to prevent anyone from getting stuck. Plus, those have become much more reliable since this guide was first made.<\/p>\n Source: h**p:\/\/forums.theplanet.com\/index.php?showtopic=38797&view=findpost&p=588605<\/p>\n","protected":false},"excerpt":{"rendered":" cPanel Restore Guide ===================================================================== So your cpanel server got hacked or crashed? Lots of that going around these days. And if you didn’t have cpanel backups of all your sites, then your only option is to copy from the old drive… heres the basics.. commands to be executed from root shell preceded by # 1)\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-31","post","type-post","status-publish","format-standard","hentry","category-tutorial"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts\/31","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/comments?post=31"}],"version-history":[{"count":2,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts\/31\/revisions"}],"predecessor-version":[{"id":1125,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts\/31\/revisions\/1125"}],"wp:attachment":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/media?parent=31"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/categories?post=31"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/tags?post=31"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nroot@box# rsync -vrplogDtH \/old\/var\/named \/var
\nroot@box# rsync -vrplogDtH \/old\/home\/* \/home
\nroot@box# rsync -vrplogDtH \/old\/usr\/local\/cpanel \/usr\/local
\nroot@box# rsync -vrplogDtH \/old\/var\/lib\/mysql \/var\/lib
\nroot@box# rsync -vrplogDtH \/old\/var\/cpanel \/var
\nroot@box# rsync -vrplogDtH \/old\/usr\/share\/ssl \/usr\/share
\nroot@box# rsync -vrplogDtH \/old\/var\/ssl \/var
\nroot@box# rsync -vrplogDtH \/old\/usr\/local\/cpanel\/3rdparty\/mailman \/usr\/local\/cpanel\/3rdparty
\nroot@box# rsync -vrplogDtH \/old\/var\/log\/bandwidth \/var\/log
\nroot@box# rsync -vrplogDtH \/old\/usr\/local\/frontpage \/usr\/local
\nroot@box# rsync -vrplogDtH \/old\/var\/spool\/cron \/var\/spool
\nroot@box# rsync -vrplogDtH \/old\/root\/.my.cnf \/root
\nroot@box# rsync -vrplogDtH \/old\/etc\/httpd\/conf\/httpd.conf \/etc\/httpd\/conf
\nroot@box# rsync -vrplogDtH \/old\/etc\/sysconfig\/network \/etc\/sysconfig<\/p>\n
\n\/scripts\/upcp –force
\n\/scripts\/updatenow
\n\/scripts\/sysup
\n\/scripts\/fixeverything
\n\/scripts\/exim4
\n\/up2date<\/p>\n
\n– Update Apache AND Kernel to Latest: WHM > Software > Apache Update
\n– Mount \/tmp as noexec (and symlink \/var\/tmp to \/tmp)
\n– Configure cPanel’s “cP Hulk” system to make sure hacking attempts are stopped
\n– Consider installing Mod Security (LINK<\/strong><\/a>)
\n– Consider installing ConfigServer Security&Firewall (LINK<\/strong><\/a>) (only if you think you can handle it)
\n– Consider disabling direct root log in (TUTORIAL<\/strong><\/a>) (this will make it so you need to log in as admin and su to root, making one more password for someone to try to figure out)<\/p>\n
\n=====================================================================<\/p>\n