m4ri00sh
Verified User
- Joined
- May 20, 2007
- Messages
- 215
Here it comes ... as probably not much people worry about backups of their servers... running servers with DA, etc... hmmm so where I am going with this?
So, you probably ask what happened... I believe, yes, I was one of those who as I read some more this forum this week, had server compromised by running older version of roundcube. I was about to scream as a .... grrr cause I am in this learning process of installing/hosting-building websites/maintaining the server, etc.... to start something bigger maybe ... some time soon.
So... as I started to troubleshoot server, install updates, I finished up after reboot with server not booting. Before I rebooted, I ran a backup (using DA backup feature) of data, and I did not copy it off the server... hoping I will have some time later. Ohh well life sucks... had to go to datacenter and boot from ubuntu live CD, started ssh, remote desktop ... so I could overnight look what I can do with the system (chroot advice, etc...) ... but not much I was able to achieve. Chkrootkit detected two rootkits and then I knew that next day I will need to wipe it clean and start from nothing. At least I did my backup, copied it to my laptop and I was ready to go thru the process of installing it all again.
After work, about 6pm I got to a datacenter and started to install the system again (Debian). Installed base system, ran apt-get update/upgrade... with this in progress... started to go over my notes, what I have to again go thru to secure it a little... and followed advices from this forum, etc.
When I was done... installed DA with the custombuild, all installed without any problems.... but I have to tell one thing to DA coders, custombuild is cool and it is good that you allowed someone from this forum to create it and now you, I believe support that
Now, as the main thing... I never restored DA from backup, cause I did not have to ... funny? Hmmmm I think a lot people out there wonder how it works.... what happens, what is backed up... how all it works when you restore.... and I can tell you.... I was surprised! It took in my case about 15 minutes to receive the mail from system that all is done. I started to look if my domains are there, mail, databases imported... all what was needed was there so some users could be happy... websites were up and it was great
It worked. You probably will ask, so what? What? I spent 6 hours to do this all, it was a lot of research, risks. For some, working with this on daily basis is obvious. Different levels of knowledge, different interests, ... and I am one of those people how are willing to know and learn something new everyday... not always able to test up front all possible scenarios ... or work with "things" on daily basis. Technology is cool but sometimes it is too much
Conclusion:
That is all, just wanted to share my experiences(yeah, I am crazy) ....and DA does a good job.
PS:
And, about backups.... it would be good to know exactly what is backed up, probably there is a list somewhere already(will be looking for it) ... I still need to go over folder by folder and see if I did not restore some scripts which could be dropped by intruder and if I am "safe" in this area.
So, you probably ask what happened... I believe, yes, I was one of those who as I read some more this forum this week, had server compromised by running older version of roundcube. I was about to scream as a .... grrr cause I am in this learning process of installing/hosting-building websites/maintaining the server, etc.... to start something bigger maybe ... some time soon.
So... as I started to troubleshoot server, install updates, I finished up after reboot with server not booting. Before I rebooted, I ran a backup (using DA backup feature) of data, and I did not copy it off the server... hoping I will have some time later. Ohh well life sucks... had to go to datacenter and boot from ubuntu live CD, started ssh, remote desktop ... so I could overnight look what I can do with the system (chroot advice, etc...) ... but not much I was able to achieve. Chkrootkit detected two rootkits and then I knew that next day I will need to wipe it clean and start from nothing. At least I did my backup, copied it to my laptop and I was ready to go thru the process of installing it all again.
After work, about 6pm I got to a datacenter and started to install the system again (Debian). Installed base system, ran apt-get update/upgrade... with this in progress... started to go over my notes, what I have to again go thru to secure it a little... and followed advices from this forum, etc.
When I was done... installed DA with the custombuild, all installed without any problems.... but I have to tell one thing to DA coders, custombuild is cool and it is good that you allowed someone from this forum to create it and now you, I believe support that
Now, as the main thing... I never restored DA from backup, cause I did not have to ... funny? Hmmmm I think a lot people out there wonder how it works.... what happens, what is backed up... how all it works when you restore.... and I can tell you.... I was surprised! It took in my case about 15 minutes to receive the mail from system that all is done. I started to look if my domains are there, mail, databases imported... all what was needed was there so some users could be happy... websites were up and it was great
It worked. You probably will ask, so what? What? I spent 6 hours to do this all, it was a lot of research, risks. For some, working with this on daily basis is obvious. Different levels of knowledge, different interests, ... and I am one of those people how are willing to know and learn something new everyday... not always able to test up front all possible scenarios ... or work with "things" on daily basis. Technology is cool but sometimes it is too much
Conclusion:
1) do your backup and get it off the server...
2) secure the server as much as you can, yeah it sucks as there is no special post with all detailed instructions for each linux distribution, on how to do that, I still read and struggle too, but again ... don't give up.... and even if you do all what was possible.... you might have two days later system owned by someone else...
3) post problems and solutions to forums like this one
4) I have to THANK YOU all for the help and quick responses to my questions, some people rock
5) no question is stupid question
2) secure the server as much as you can, yeah it sucks as there is no special post with all detailed instructions for each linux distribution, on how to do that, I still read and struggle too, but again ... don't give up.... and even if you do all what was possible.... you might have two days later system owned by someone else...
3) post problems and solutions to forums like this one
4) I have to THANK YOU all for the help and quick responses to my questions, some people rock
5) no question is stupid question
That is all, just wanted to share my experiences(yeah, I am crazy
) ....and DA does a good job.PS:
And, about backups.... it would be good to know exactly what is backed up, probably there is a list somewhere already(will be looking for it) ... I still need to go over folder by folder and see if I did not restore some scripts which could be dropped by intruder and if I am "safe" in this area.
