So your cpanel server got hacked or crashed? Lots of that going around these days. And if you didn't have cpanel backups of all your sites, then your only option is to copy from the old drive... heres the basics..

commands to be executed from root shell preceded by #

Order restore from rackshack.

In trouble ticket specify to leave the old drive in

Once the restore is done, SSH in to box..

mount the old / partition as old (on RS boxes almost always /dev/hdb3)

# mount /dev/hdb3 /old

run chkrootkit to make sure you don't copy back infected files.. http://www.chkrootkit.org/

now we can start copying back data from the old drive

# rsync -vrplogDtH /old/usr/local/apache/conf /usr/local/apache
# rsync -vrplogDtH /old/var/named /var
# rsync -vrplogDtH /old/home/* /home
# rsync -vrplogDtH /old/usr/local/cpanel /usr/local
# rsync -vrplogDtH /old/var/lib/mysql /var/lib
# rsync -vrplogDtH /old/var/cpanel /var
# rsync -vrplogDtH /old/usr/share/ssl /usr/share
# rsync -vrplogDtH /old/var/ssl /var
# rsync -vrplogDtH /old/usr/local/cpanel/3rdparty/mailman /usr/local/cpanel/3rdparty
# rsync -vrplogDtH /old/var/log/bandwidth /var/log
# rsync -vrplogDtH /old/usr/local/frontpage /usr/local
# rsync -vrplogDtH /old/var/spool/cron /var/spool
# rsync -vrplogDtH /old/root/.my.cnf /root
# rsync -vrplogDtH /old/etc/httpd/conf/httpd.conf /etc/httpd/conf
# rsync -vrplogDtH /old/etc/sysconfig/network /etc/sysconfig

then change to the old etc, and execute all on one line ...

# cd /old/etc

# rsync -vrplogDtH secondarymx domainalias valiases vfilters exim* proftpd* pure-ftpd* passwd* group* *domain* *named* wwwacct.conf cpupdate.conf quota.conf shadow* *rndc* ips* ipaddrpool* ssl hosts /etc

well I hope I got everything... after you move all that stuff you will find yourself fixing up little things here and there....

I recomend updating cpanel afterwards .. /scripts/upcp .. /scripts/updatenow .. /scripts/sysup .. /scripts/fixeverything

update exim .. /scripts/exim4

Once everything works.. make sure you don't get 0wn3d again...
update apache .. /scripts/easyapache
update kernel to latest (plenty of howto's on these forums)
mount /tmp as noexec (and symlink /var/tmp to /tmp)

I would first reccomend running a chkrootkit, and other exploit checks before simply copying data over from drive to drive, or you might inadvertantly copy the exploit/rooted files back over to your drive.

Just my 2 cents

Yea, got point [IG], I will update the post.

I successfully moved about 30 accounts over to our new server after being hacked but one of them just won't move over. When I'm trying to move it over using WHM it's giving me an error

Here is what's going on... the other 30 went over with no problem.

Anyone have any ideas why I'm unable to transfer this 1 account?

Unless I am mistaken, it has something to do with the dash in the name.

will this work for transfering data that is in a redhat 9 disk into a new red hat enterprise disk?

In theory it should. I will let you know in practice in a couple hours when I'm done moving mine over. The only thing I see that will need to be changed is the httpd.conf file, it will be in /usr/local/apache/conf/httpd.conf

I performed these steps but it looks like DNS isn't resolving the sites that are located on the server.

In addition, Im getting multiple email messages from the server that say:

apache failed @ Wed Jan 21 02:51:08 2004. A restart was attempted automagicly.

And I can't access the server via SSH. I'm not entirely sure what the problem could be.

Any log files I can check to see how/why apache is crashing?

Same here Apache wont start, and also none of my users are showing up in WHM.

check your error_log to see why apache won't start

I found out that it was because the old installation of cpanel had tomcat installed and when restarting, it didn't because it was looking for mod_jk.c. Installing tomcat stuff helped.

Sorry, I should have added that to the tutorial.. if you have mod_jk and/or apache::asp installed you need to reinstall them also, or you will have errors in the httpd.conf.. you can run /etc/rc.d/init.d/httpd --configtest to see where the config errors are if your apache doesa not start

I have no users showing up in WHM!!!!:confused: :confused:

that doesnt sound very good. I am about to do a restore post suckit.

anyone else not seeing accounts in WHM

anything else specific I should do to prevent the rootkit making its way back to the new hdd ?

/sbin/init was infected ..

I guess I'll answer that myself. Recovered from suckit successfully. everything showing in WHM.

one thing please add above the mount line in the HOWTO:

mkdir old

When you backup the named.tar.gz to /var/named all of the db files look great. DNS is actually responding but WHM does not see the host names on the left side of the screen. Everything on the right shows up for CNAME, A, NS etc. I have changed ownership to named.named of the named and named.db files/dir but no luck. Any help on this would be great. We are recovering from the biggest EV1 screwup ever.

And I can't access the server via SSH.

how can I solve this ?

SSH is working now ..thanx RS support team ..

Hi,

will this procedure work with moving from RH9 to a new RHEL image on a new disk?

probably with little or no modification. you could check with Live Chat .. ?

Yeah I already did and was advised to submit a ticket which I did.

It mentions this post *might* be able to help but I want to make sure it wont mess anything up. I currently have 2 physical disks in the server with the secondary mounted as /backups containing the cpbackup files.

I was going to mount the new RHEL drive image as primary, make the current primary a third drive and mount it as /old for 48 hours , leave the current secondary drive as the secondary drive mounted as /backups and then follow the above procedures. When I finished I was going to ask them to remove the third drive which was my old primary.

Do you think this will work ok?

thats exactly what i did for RH7.3 to 9 . worked great. Hope it works out for you..

If anyone has actually done this to upgrade Redhat 9 to Redhat Enterprise I would be very grateful to hear if it worked out ok.

Quick question.

If I preform a backup of all accounts and then order a new Hardrive(upgrade 80 GB drive). Have them preform a restore to RHE with Cpanel on it. Then do restore accounts from backup using the backups I made will cpanel create all needed files, DNS entries, databases, and site related stuff?

Thanks to anyone who answers.

Yes it restores all that but we still dont know for sure about RHE. Someone who's tried it needs to confirm ..

CGI scripts are not working after driver mount & CPanel restoring


Any idea ?

whats the error ?

error message is: " No Username given " !

that might be something with the script ?

may be with the script ..but what is amazed is that all CGI scripts are not working .......

by the way ... when RS Team restore the system...they installed RedHat 9 instead of that one 7.3 (old operating system)

so ..is there a different path or something like that in Redhat 9 !!!

they did exactly the same thing for me !

lemm just try out a cgi script.. hang on..

the cgi-sys scripts are workin fine .. did you try that (from cpanel) ?

try:

I've got a green counter ....

so ... do u wanna say that "cgi is working well" ?

but what about other scripts ... :rolleyes:

Try this ..

ya ... it is workign well ...
I get :"Hello world!"


mmmmmmmmmm

so ..what do u think the problem is .. ?
before I forget ...thanx alot nettigritty

thats cool

what script is it thats givin u the error ?

mmmmmmm
the script is "Entropy Banner" from the CGI Center in CPanel
it offers banners rotating ...

I executed the scripts, but I dont' see my packages. Do I need to copy the files again ? Is there something missing in the instructions. I have all the files, and folder. And after much trouble with some of the permissions and usergroups, I've fixed them up. But the Packages is one aspect I've not managed to fix. Can some one help . Thanks

But I've got just one question. How can I add all users account with data? I need to download whole user folder from old drive to new?
Thank you!

I have this problem too... my server restored and old drive added now all sites working for only 6-7 hours. Because old drive will be removed...

I don't know how can i backup all users data, mysql.... to new drive ????

Can i back in WHM to new drive so can i restore backup?

I am thinking orde new redhat enterprise server. I am thinking all my data copy to there from old drive WHM. But i don't know this will be working good?

I followed the instructions above, but incoming and outgoing mail are failing.
I'm getting tons of errors in exim_rejectlog of these 2 types:
2004-06-19 14:51:34 H=(***-136.rb.lax.centurytel.net) [69.179.**.***] F=<*****@midcoast.com> rejected RCPT <********@********.com>:
2004-06-19 15:12:55 H=(218-168-50-92.dynamic.hinet.net) [218.168.**.**] F=<*********@yahoo.com> rejected RCPT <******@*********.net>: Unrouteable address

earlier I was getting this message:
2004-06-19 13:22:54 H=(************.*************.com) [67.166.**.***] F=<****@*************.com> temporarily rejected RCPT <****@*************.com>: failed to open /etc/localaliases for linear search: No such file or directory

Since /old/etc/localaliases was an empty file, I created it as an empty file. Now I am getting the first two messages I mentioned and all mail seems to be failing.

You so just saved my butt a lot of work. I appreciate it tons man. Everything worked great!

7.3 -> RHE3

I did make this. I guess everything is ok without sites working. Any domain not working and i don't see any domain in Account List.

What is problem?

After folling these steps I'm unable to get cPanel to show the users databases. And their sites aren't connecting to them.

Any ideas for a fix?

*edit*
I took the server down for a quick reboot since I hadn't done that...

shorty after coming back online the sites were accessing the databases fine and they're showing up in cPanel now.
*/edit*

There is a problem I am suffering from - email is not working on this server.

I did resync cPanel and update exim - but it just won't work. No error messages either, just not happening.

Ideas?

Thanks.

I did the following:

cd /scripts
dir
./fixeverything
cd /scripts
dir
./upcp
ls -la
./buildeximconf
./checkexim.pl
./fixhome
/scripts/mailperm
/scripts/fixmailandakopia
/scripts/fixvaliases
/scripts/mailperm
./scripts/mailperm
/etc/rc.d/init.d/cpanel restart
/etc/rc.d/init.d/cpanel restart
cd /scripts
dir
ls -la
./rebuildeximbsd
/scripts/exim4
/scripts/exim4
ps -aux
cd /scripts
./fixeverything


and it solved the problem

you can do it .. no risk for that

Ugh - that didn't work either.

Thanks for replying though

did u check your DNS configurations ? nameservers,ips ...etc.