Reinstallation

[wayneinspain]

Hello there.

Our server was hacked yesterday, it seems through a vulnerability in Roundcube. So my hosts have insisted on reinstalling everything. My question is, is there any way to save all the DirectAdmin settings to make life easier after the operating system has been reinstalled? Is there a config file that I can back up? I bought a lifetime license and my 90 day support has ended so I guess my second question would be do I have to buy a new license?

Any other suggestions to make life easier when setting up my server again? Bear in mind I'm not very technical but any help you can give me would be most appreciated.

Thanks.

Wayne

 

[floyd]

Hello there.

Our server was hacked yesterday, it seems through a vulnerability in Roundcube.

Really? Who would have thought anybody could still get in through roundcube since the vulnerability was announced here 2 months ago.

So my hosts have insisted on reinstalling everything. My question is, is there any way to save all the DirectAdmin settings to make life easier after the operating system has been reinstalled?

Use the Admin Backups.

Is there a config file that I can back up? I bought a lifetime license and my 90 day support has ended so I guess my second question would be do I have to buy a new license?

Your license is still valid.

 

[wayneinspain]

Thanks for the reply Floyd. I wasn't aware of any security problems as I don't regularly check this website and didn't receive any notification by email. Maybe that's my fault. Perhaps I need to subscribe to security announcements or something. I just wonder what it means when it says "Automatic upgrades / updates" on the pricing page. What does that mean? Does it refer to automatic updates when a security hole is found? Or is that not important? I understand that some things cannot be automatically updated but at least notifying me that my server was vulnerable to attack might have helped and saved me a whole load of trouble.

What it means to me is that I have to reinstall everything from scratch as my hosts are insisting on taking my server off the network and reinstalling the system.

There has got to be a more foolproof procedure of letting people know about these issues. Or was it just me who had to find out the hard way?

 

[floyd]

I just wonder what it means when it says "Automatic upgrades / updates" on the pricing page.

What is the context? It is talking about pricing options for DirectAdmin. So the updates would be for DirectAdmin. The DirectAdmin staff does not and cannot update all the software on your server. You are responsible for keeping up with all the other software updates. There are plenty of discussions about this on this forum already.

but at least notifying me that my server was vulnerable to attack might have helped and saved me a whole load of trouble.

There has got to be a more foolproof procedure of letting people know about these issues. Or was it just me who had to find out the hard way?

It is your responsibility to watch the security lists for vulnerabilities.

What it means to me is that I have to reinstall everything from scratch as my hosts are insisting on taking my server off the network and reinstalling the system.

Run the Admin Backups and you can be back up and running in a few hours. I always run the Admin Backups and save the hard drive in case anything got missed.

 

[wayneinspain]

Hi Floyd

Thanks for that. Please excuse my ill temper. It's my fault for not checking the security announcements. It's just one of those things. It's a hard way to find out what I should have been doing.

I've backed up everything so hopefully it won't be too much of a pain getting the control panel side of things back up and running. Getting my websites back online presents a different challenge.

Thanks again.

 

[nobaloney]

Thanks for that. Please excuse my ill temper. It's my fault for not checking the security announcements. It's just one of those things. It's a hard way to find out what I should have been doing.

By Jove, you've got it !
I suggest doing both admin backups; the system backup an the reseller level backups.

The system backup doesn't have any restore option, but it'll back up a lot of files which may be useful to you if you've customized any parameters in DirectAdmin.

Jeff

 

[wayneinspain]

I did both admin backups and the server has had everything reinstalled. Just waiting for DirectAdmin to be reinstalled and then I can get everything back as it was with a few more security measures in place and daily backups. You live and learn. And I think, in a way, the hard way is often the best way to learn. It makes you more vigilant and it's character building

Anyway, I managed to get my website up and running on another domain through a different host so I'll use that as a mirror site in future just in case.

Cheers,

Wayne