I checked with my server if they could restore a full backup that I performed in another server, they told I should configure the FTP to use SSH, I did that, uploaded the file, they've restored everything, but as soon as I tried to change the cPanel password, I couldn't, I wasn't being able to login after the logout too.
So I talked to them and they had no idea of what happened. It's a brand new hosting account and the password was changed right after the restoration, and nobody knows who have changed it, so could it be the previous password from the old server that came with the full backup? I couldn't check that cause I asked them to reset the server password.
Related
I had a server that had a lot of users on it, its operating system was cloudlinux and had cpanel!
This server is used for Python projects and had bin/bash!!! access
Suddenly the command rm -rf * was typed on the server and all the data was deleted !!!
We quickly uploaded the backups and hacked the possibility and restricted ssh access to the root server!
But the next night we were hacked again, this time with the monitoring we had at whm! , we noticed that someone enters whm and quickly changes the password !!!
My question is whether users with access to bin/bash! can find the root password ???
We are now giving users access to JailShell in CPanel and full SSH access is closed. Do you have any idea how this happened?
Did you encounter a similar case?
Does bin/bash access allow the user to see the password?
Thank you for sharing your comments with us
It's difficult to obtain a Linux password, even with full access to the computer. That's because the passwords are stored in hashed form. Probably the only reliable way to get a password is to install a trick password change program, which does the change, but also sends the password somewhere else.
However, you don't need the password to get full access to a computer. There are several other ways in, and anyone who can access /bin/bash is likely to be able to test them and probably find one that works. Once they get full access, most intruders will install some other program that will let them in in the future, even if the original security hole is patched.
Once a machine is compromised, it's pretty important to burn it and start fresh. You can't trust it otherwise.
I am quite new to server migrations, but fairly familiar with cPanel though. My current task is to migrate an entire website from a server with cPanel to another one.
What I did so far:
Use the Backup Wizard on the old server to create a full backup archive, and FTP it to the new server.
The full archive (about 6 GB because there are a lot of images) is now in my new server's public_html directory.
Now, what I need is a way to make the server take this tar archive, which is a full backup, and restore from it.
What I tried:
I tried simply extracting the archive, but it is taking forever to finish (again the archive is 6 GB), and for some reason my browser tab has to stay open until the end of the process, otherwise the extracting halts.
Also, as I have WHM access, I tried the "Restore a Full Backup/cpmove File" option, but for some reason, under the "Username for the account that you wish to restore:" textbox, WHM does not find my cPanel username.
If anyone can either tell me what I am doing wrong, or propose another option, I would really appreciate it.
P.S.: I only have WHM access to the new server, not the old one.
Edit: I got the WHM method working now. My mistake was that my tar archive was not stored in the /home directory, but in the home directory of the cPanel user (which is /home/username)!
Move your cpanel full backup file to /home directory and if you root have access of the server use below command as /scripts/restorepkg (cpanel username )
OR
Login to WHM with root user and go through the steps mentioned on below URL.
http://documentation.cpanel.net:8090/display/68Docs/Restore+a+Full+Backup+cpmove+File
Please guys help me, I want prevent my old developer from access to my VPS,WHM and cPanel what I should do. I don't want to lose my work.
I saw there is password for Virtuozzo Power Panel, WHM and cPanel there is my thing i need to change it.
like how I know if he have SSH access or not. or any recovery can he recover the passwords
If you have given Password, SSH and FTP access to your developer you can consider doing the following:
Change your WHM's root password
Change all of your cPanel accounts' passwords (or those that your
developer had access to, if he had access to the whole WHM - you
might want to change all passwords)
Make sure there aren't any authorized SSH keys for the root user.
This can be seen through WHM's interface, docs here
Make sure there aren't any authized SSH keys for any cPanel user as
well. This can be done through each cPanel account's SSH Access
tool
Check all cPanel accounts for unauthorized FTP accounts.
You can also take a look at the cron jobs that are running as well.
Ultimatively you should also consider looking for any backdoors that
might be present in the scripts that your developer was working on.
I have forgotten the server password for my Lucee installation. There are instructions on stack overflow here: Reset Lucee Server admin password. It involves removing two lines from the Lucee server context configuration file and restarting Lucee.
I already have two datasources and I don't want to lose them. If I remove these two lines from the config file, and restart Lucee I presume that somewhere I have to reset the server password.
How do you do that?
Will that invalidate my current datasources?
And if so can I re-estabish them using the new password?
After editing the lucee-server.xml file and restarting Lucee
simply go to the server admin login page where you will be prompted
to set a new password.
No, your datasources and other settings won't have been affected.
Although this should work fine, I would make a copy of the lucee-server.xml file before you edit it just in case.
I am moving a copy from server a to server b and server b is asking for the DNN version to be upgraded. The problem is we do not have the host password. I tried to upload a password recovery file via FTP and we cannot see it since everything keeps redirecting to this upgrade. Is there a way to stop the upgrade redirect so we can get the host password and then re-enable it??
Upgrade
Current Version - 06.02.08
Upgrade - Version 07.02.01
You are about to upgrade your website to a more recent version of the application. Applying upgrades on a consistent basis is the best way to ensure that you are protecting the integrity of your investment and the security of your users and assets. Before proceeding with the automated upgrade process please ensure that:
You can have the upgrade fire off without typing in a password, just go to /install/install.aspx?mode=upgrade and it should run the upgrade without needing to login as HOST. then you can recover the password afterwards.
I've never seen a server which ask for a DNN upgrade. The upgrade process will run only if you've update files with an upgrade package.
Moreover, the 2 versions mentionned are the assembly version and the database version. Moving DNN from a server to another server doesn't modify none of them. Did you copied the database too? I suspect that your dnn copy is connected to another database which is in DNN 6.2.8. It could explain why dnn is attempting to upgrade it.
Regarding the recovery of the host password, I don't know how to proceed. Haven't you a superuser account on this dnn instance?
Open your web.config and make sure AutoUpgrade is set to False.
For the password issue, do you have the password for any other users?
If so, I believe you can go into the AspNetUsers table and copy the PasswordHash/Salt of that user to the PasswordHash/Salt of the admin user. Then, you should be able to login with the Admin username and the other user's password.
Note: Please make sure you have a database backup before trying this.