Portal Home > Knowledgebase > Articles Database > Script to replace index file when hacked
Script to replace index file when hacked
| Posted by Mike-MZH, 01-19-2013, 04:32 AM |
| i am looking a script that will restore frm the remote location of the backup the index file and will replace it for all the sites in the /home someone can share it?
|
| Posted by Marki82, 01-19-2013, 05:11 AM |
| There given´t some kind of that script that will do that for you. Only you write your own one for your needs.
|
| Posted by Ari Sultani, 01-19-2013, 05:11 AM |
| You should use a command same as below:
To remove index:
find /home/user -iname "index.*" -type f -exec rm {} \;
why you don't restore all backup?
To change part of index cod:
find /home/user -iname "index.*" -type f -exec sed -i s// {} \;
|
| Posted by david510, 01-19-2013, 05:30 AM |
| What OS does your server have and does it have any control panel installed? Also how is the remote backup configured.
|
| Posted by Mike-MZH, 01-19-2013, 05:42 AM |
| Hi
CENTOS 6.3 x86_64 xenpv server WHM 11.34.1 (build 7)
|
| Posted by Mike-MZH, 01-19-2013, 05:44 AM |
| Because backup is of one month back so i need to restore only index file
backup is on another server under home directory
|
| Posted by zoid, 01-19-2013, 05:59 AM |
| I wouldnt rely on an automated mechanism to simply restore a file when a machine got compromised. If that happens more should be done than only copying a backup.
|
| Posted by Jaffery, 01-19-2013, 07:23 AM |
| Why on the first place you want to restore it , was it defaced by hacker ?
|
| Posted by Mike-MZH, 01-19-2013, 08:00 AM |
| no its not defaced its only replace the index file through root password
its my mistake that i have open up some port and hacker get root access by brute force
if its not posible do you tell me that how i can get index file out of cpbackup because homedir is not working untar function
|
| Posted by zoid, 01-19-2013, 08:15 AM |
| Again, if the machine was compromised do everything manually.
|
| Posted by BestServerSupport, 01-19-2013, 10:18 AM |
| A configuration file called cpbackup-exclude.conf of cPanel can help you a bit. For more details, refer following document of cPanel:
http://docs1.cpanel.net/twiki/bin/vi...pbackupExclude
|
| Posted by Ari Sultani, 01-20-2013, 12:14 AM |
| I made this for you, Enjoy!
To find and replace :
Last edited by Ari Sultani; 01-20-2013 at 12:18 AM.
|
| Posted by Mike-MZH, 01-20-2013, 04:50 AM |
| Thanks
now i have extracted all the backups which are on remote locations
now if any body helps me in that to copy multiple index file at once
backup location like this
/backup/cpbackup/user1/public_html/
/backup/cpbackup/user2/public_html/
/backup/cpbackup/user3/public_html/
want to copy index file from above location and move them into
remoteserverip/home/user1/public_html
remoteserverip/home/user2/public_html
remoteserverip/home/user3/public_html
|
| Posted by Ari Sultani, 01-20-2013, 06:20 AM |
| You have to move backup into a main server -where you keep the account- to run my script, after that follow the below constract:
1. Define variable to keep backup path in this part of the script:
2. will go to path by this part:
3. find all any type index in the path and copy in the account at the
4. run this on ssh:
note: if you want to do it for each of account, you should change 2 part of the script, srcpath="/backup/cpbackup/user1/public_html/"; and the other one at the end of script is change to "... -f /home/user1/public_html"
So,
|
Add to Favourites 
Print this Article
Also Read
