So your cpanel server got hacked or server crashed? And if you didn’t have cpanel backups of all your sites, then your only option is to copy from the old drive… heres the basics..
commands to be executed from root shell preceded by #
First Request a OS Reload through the ticket system, make sure to indicate that you need your old primary drive mounted as a secondary
and to load the OS onto a fresh drive. (Typically for non hardware failure the drive mount is 50$ and can stay connected 7 days)
Once the restore is done, SSH into box..
mount the old / partition as old (on most boxes this will be /dev/hdc3)
# mount /dev/md6 /old
now we can start copying back data from the old drive
# rsync -vrplogDtH /old/usr/local/apache/conf /usr/local/apache
# rsync -vrplogDtH /old/var/named /var
# rsync -vrplogDtH /old/home/* /home
# rsync -vrplogDtH /old/usr/local/cpanel /usr/local
# rsync -vrplogDtH /old/var/lib/mysql /var/lib
# rsync -vrplogDtH /old/var/cpanel /var
# rsync -vrplogDtH /old/usr/share/ssl /usr/share
# rsync -vrplogDtH /old/var/ssl /var
# rsync -vrplogDtH /old/usr/local/cpanel/3rdparty/mailman /usr/local/cpanel/3rdparty
# rsync -vrplogDtH /old/var/log/bandwidth /var/log
# rsync -vrplogDtH /old/usr/local/frontpage /usr/local
# rsync -vrplogDtH /old/var/spool/cron /var/spool
# rsync -vrplogDtH /old/root/.my.cnf /root
# rsync -vrplogDtH /old/etc/httpd/conf/httpd.conf /etc/httpd/conf
then change to the old etc, and execute all on one line …
# cd /old/etc
# rsync -vrplogDtH secondarymx domainalias valiases vfilters exim* proftpd* pure-ftpd* passwd* group* *domain* *named* wwwacct.conf cpupdate.conf quota.conf shadow* *rndc* ips* ipaddrpool* ssl hosts /etc
I recommend updating cpanel afterwards .. /scripts/upcp .. /scripts/updatenow .. /scripts/sysup .. /scripts/fixeverything
update exim .. /scripts/exim4
Cross fingers and reboot:
Please note, if the server was compromised or rootkits installed, the data was corrupted, this will just copy the corruption over. You need
to be diligent about security. You can see the howto on locating php-injection points in this forum for ways to detect the intrusion into your system
