Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 17th August 2007, 23:44
tristanlee85 tristanlee85 is offline
Senior Member
 
Join Date: Apr 2006
Posts: 199
Thanks: 3
Thanked 2 Times in 2 Posts
Default

By reinstall you mean the OS, correct? As for backing up ISPConfig to transfer to a fresh OS installation, would I be best off to create a tarball of my admispconfig/ and www/ directories in the /home/ directory?
Reply With Quote
Sponsored Links
  #12  
Old 17th August 2007, 23:58
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

Quote:
Originally Posted by tristanlee85
By reinstall you mean the OS, correct?
yes.

Quote:
As for backing up ISPConfig to transfer to a fresh OS installation, would I be best off to create a tarball of my admispconfig/ and www/ directories in the /home/ directory?
Dont you ahve a backup from the time before the hack occured? It would be better to use that.

If not, have a look at this thread:

http://www.howtoforge.com/forums/sho...move+ispconfig

You will need a backup of /home/ /var/ /root/ispconfig and /etc because you will need the passd, sahdow and group file. And this is the biggets problem as your passwords might be compromised. Also if you put your websies back online without finding the security hole that the hacker had used, you might get hacked again very fast.

So if possible, you start either with a fresh installation of ISPConfig and recreate the accounts and move just the conetnt of the websites and databases or use the data from a backup thatw as made before the hack.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #13  
Old 19th August 2007, 22:44
tristanlee85 tristanlee85 is offline
Senior Member
 
Join Date: Apr 2006
Posts: 199
Thanks: 3
Thanked 2 Times in 2 Posts
Default

As for the backup, do I use the backup tool from the Management tab or from the Tools tab? Will one of those back up allow me to restore EVERYTHING once I reinstall the OS, re-install a clean version of ISPConfig, and then restore the backup and have everything there?
Reply With Quote
  #14  
Old 20th August 2007, 11:50
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

Quote:
Originally Posted by tristanlee85
As for the backup, do I use the backup tool from the Management tab or from the Tools tab? Will one of those back up allow me to restore EVERYTHING once I reinstall the OS, re-install a clean version of ISPConfig, and then restore the backup and have everything there?
You can not use the ISPConfig backup tools to make a full backup. Please have a look at the link to the thread I posted above.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #15  
Old 29th October 2007, 01:55
Boon-Dog-Danny Boon-Dog-Danny is offline
Member
 
Join Date: Jul 2006
Posts: 97
Thanks: 11
Thanked 1 Time in 1 Post
Default

hey just a few answers.. r00t is his g-mail name its like db.r00t something .. in a nutshell it happened because you allowed upload or attachments or avatar uploads in your phpbb.. ahh ya say.. I know I just cleaned it all out.. check your modules/forums/cache/ folder.. you will see all sorts of goodies in there.. attach_config.php.. thats it.. thats the only thing thats suspose to be in there all of the other stuff you see delete.. including those folders.. do not go by the creation date.. if you read one of the net.php folders you can take apart what happened.. just read anong.. you were attacked by a script kiddy anyway you will have to do all that in your winscp editor .. then check all your 777 file folders.. for files called.. oh anything really mostly .. version or r00t those will be locked .. then file names in the 777 folders like includes.php errors.php net.php

hope that helps
__________________
Debian(rocks) + Ispconfig 3.0.3


Boon-Inc.com Great Video
Boon-File.com Create flash text
Boon-Host.com Get great FREE games here
Boon-Dog.com glitter text makers,music and more

Last edited by Boon-Dog-Danny; 29th October 2007 at 02:00.
Reply With Quote
  #16  
Old 31st October 2007, 13:19
erebus erebus is offline
Member
 
Join Date: Sep 2007
Posts: 63
Thanks: 10
Thanked 9 Times in 9 Posts
Default

I would like to ask something related to this...

In the past, running a Slackware server without ISPConfig, it happened to my server to be compromised, because a user was running a CMS (Mambo I think).

With the perfect server setup, and running all sites with PHP safe mode enabled, am I supposed to be secure from such threats?

I am asking this because you can never know exactly if a client has upgraded its CMS or forum to the latest version...
Reply With Quote
  #17  
Old 31st October 2007, 13:30
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,158
Thanks: 4
Thanked 58 Times in 54 Posts
Default

I would not use phpBB - it has a very bad history regarding hacks...
__________________
"Common sense is not as common as commonly believed" by sjau

Auto-Install Script for ISPConfig and Horde on a Vanilla Debian Stable

Need more Repos for Ubuntu? Repository Generator
Need more Repos for Debian? Debian Repository Generator
Reply With Quote
  #18  
Old 31st October 2007, 15:08
erebus erebus is offline
Member
 
Join Date: Sep 2007
Posts: 63
Thanks: 10
Thanked 9 Times in 9 Posts
Default

Yes but I'm not talking about me but for my clients. I cannot always look at what they install from time to time, that's why I ask if by using an updated system along with PHP's safe mode can give you enough protection against exploits.
Reply With Quote
  #19  
Old 31st October 2007, 16:05
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,158
Thanks: 4
Thanked 58 Times in 54 Posts
 
Default

SafeMode should do the job but I'd rather use suPHP. suPHP will make apache (and PHP) run as that exact system user and damage should then be limited to that user's account and files.
__________________
"Common sense is not as common as commonly believed" by sjau

Auto-Install Script for ISPConfig and Horde on a Vanilla Debian Stable

Need more Repos for Ubuntu? Repository Generator
Need more Repos for Debian? Debian Repository Generator
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hack: change Database prefix to domain name nilsk Tips/Tricks/Mods 7 8th March 2009 15:21
Possible hack attempt? mtyme Technical 6 16th June 2007 15:17
ispconfig server hack hans2512 General 3 15th March 2007 12:50
Constant Error: "[client 127.0.0.1] Attempt to serve directory: /var/www/html/" bpmee Server Operation 2 11th December 2006 17:15
Prevent BREAKIN ATTEMPT! IKShadow Installation/Configuration 6 22nd November 2006 23:15


All times are GMT +2. The time now is 19:36.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.