Results 1 to 25 of 48
-
03-04-2008, 09:01 PM #1Junior Guru Wannabe
- Join Date
- Apr 2006
- Posts
- 72
Someone did rm -rf / on my server
I was logged in under the root ...and someone in my office did run this command..
rm -rf /
Now.i can't ftp to the server nor enter the shell panel..it's a cpanel server..
Please guide what needs to be done.. i have asked to reboot the server and don't know what should be done here..
I have 40-50 sites on this server and none seems to be loading right now..
Any help is appreciated..
-
03-04-2008, 09:03 PM #2Web Hosting Master
- Join Date
- Mar 2003
- Location
- Canada
- Posts
- 9,072
1) Do not reboot.
2) You do realize what that command does, right?
3) Does the command ls work?RACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca
www.HostingSecList.com - Security Notices for the Hosting Community.
-
03-04-2008, 09:04 PM #3Owner of the net for a day
- Join Date
- Jun 2002
- Location
- Waco, TX
- Posts
- 5,623
rm -rf /, just wiped out your entire server, time to pull out the backups!
-
03-04-2008, 09:07 PM #4Junior Guru Wannabe
- Join Date
- Apr 2006
- Posts
- 72
The server has been rebooted..However we had a backup server..but will that bring everything..??
I mean the mysql and the email data..
-
03-04-2008, 09:08 PM #5Owner of the net for a day
- Join Date
- Jun 2002
- Location
- Waco, TX
- Posts
- 5,623
-
03-04-2008, 09:12 PM #6Junior Guru Wannabe
- Join Date
- Apr 2006
- Posts
- 72
-
03-04-2008, 09:14 PM #7Web Hosting Master
- Join Date
- Mar 2003
- Location
- Canada
- Posts
- 9,072
-
03-04-2008, 09:24 PM #8Junior Guru Wannabe
- Join Date
- Apr 2006
- Posts
- 72
Yes..it was mounted..but I don't know as I am not being able to login to the shell prompt..
I can feel I am having a bad day..my entire work of 2-3 years has gone in vain if there isn't anything much to be done..
I have a 3rd party backup as well..but I only have www files over there..I am just scared of the mysql databases..because there really isn't any way to backthem up..
-
03-04-2008, 09:31 PM #9Web Hosting Master
- Join Date
- Mar 2003
- Location
- Canada
- Posts
- 9,072
-
03-04-2008, 09:36 PM #10Junior Guru Wannabe
- Join Date
- Apr 2006
- Posts
- 72
-
03-04-2008, 09:55 PM #11Junior Guru Wannabe
- Join Date
- Apr 2006
- Posts
- 72
Can someone tell me where does the .sql file resides in a CPanel server for every account created..
let's say..i have abc.com on a cpanel server..and have 3 db's ..can you tell where can i find the sql files for them in a server??
-
03-04-2008, 11:29 PM #12Junior Guru Wannabe
- Join Date
- Apr 2006
- Posts
- 72
Just recieved a message from the datacenter that they can't enter into any run levels even from the single user mode..
The only option they suggest is to reload the primary drive OS and see if the data still exists in secondary drive and could be restored..
What do you guys think..
a) Will the data exists on the secondary drive.
b) Reloading the OS on the primary drive effect the secondary drive.
I am just thinking..if the secondary drive data also got deleted..then there is no option i believe..??
-
03-04-2008, 11:52 PM #13Web Hosting Master
- Join Date
- Mar 2003
- Location
- Canada
- Posts
- 9,072
If the secondary hard drive was mounted and the rm -rf / command was left to execute, then there's a good chance the data has been erased. Hopefully by some fluke, it's still there...
Reloading the OS on the primary hard drive should have no effect on the secondary drive. The biggest concern would be a data center technician not paying attention and accidentally formatting the drive, or installing the OS on it... make sure they are well aware to not touch the secondary drive.
-
03-05-2008, 12:07 AM #14Junior Guru Wannabe
- Join Date
- Apr 2006
- Posts
- 72
-
03-05-2008, 01:09 AM #15Ottomatic backup specialist
- Join Date
- Aug 2006
- Location
- Canada
- Posts
- 763
Who would do such thing in your office? I'll need to be careful too after hearing this, somebody might come over and just do it for the fun of it.
█ Otto Yiu
█ Rsync Palace ● Providing offsite backups since 2007.
█ Backomatic ● Hassle-free Automated cPanel/WHM, DirectAdmin, FTP, and MySQL backups.
-
03-05-2008, 01:34 AM #16Aspiring Evangelist
- Join Date
- Oct 2005
- Posts
- 439
yeah I was wondering the same....
I guess you must have stepped away and left your computer unlocked? If you wiped out a fortune 500 company's data like that, chances are you might go to jail. So whoever did this to you, you need to try and find them and have them face the penalty. If you know who it might be, report them to your manager (assuming by office you meant your day job). I would even consider a lawsuit against the offender. That's BS!Last edited by subzer0; 03-05-2008 at 01:38 AM.
-
03-05-2008, 01:40 AM #17Web Hosting Master
- Join Date
- Jan 2003
- Location
- U.S.A.
- Posts
- 3,928
I'm so sorry to hear that someone would do something like this. I will be a little more cautious when logged in as root.
-
03-05-2008, 04:09 AM #18Greece
- Join Date
- Jan 2004
- Location
- Greece
- Posts
- 2,211
I haven't test what happens when rm -fr / deletes the /bin/rm
Does deleting of files still continue or it stops? I think it continues because the command loaded on the memory.
-
03-05-2008, 06:03 AM #19Junior Guru Wannabe
- Join Date
- Jul 2004
- Posts
- 63
would be handy to be able to setup a password when removing files from certain directories, suppose this is where not using root directly comes in.
If you've run "rm -rf /" than i would say it would remove all data in your mounts. Your only option is to have the hard disk sent to you or a 3rd party company for data recovery, it may even be possible to pay layeredtech do do such a thing but i'm thinking this is your only option.Cast-Control
--------------
Shoutcast Control Panel - Standalone - Billing Features - GeoIP Features - Stream Authentication - MSN Control - Cluster - Reselling - Video Streaming
Managed VPS Hosting
-
03-05-2008, 06:32 AM #20Junior Guru Wannabe
- Join Date
- Apr 2006
- Posts
- 72
-
03-05-2008, 06:50 AM #21Junior Guru Wannabe
- Join Date
- Jul 2004
- Posts
- 63
How old is the backup and what directories are you backing up? If you have the files backed up than the mysql files should still be intact (depending on your backup scheme).
Checkout /var/lib/mysql/ on your backup, if you have backed this up you will most likely find the files within this directory. If not, do a search for *.MYD and *.MYI (MySQL)files and hopefully it will come up with something.
I would say the last resort would be to contact your customers, offer them a refund for the full or partial period with a free future month or two thrown in if they wish to continue your services - ask them if they have made there own backups, you will find often that customers wont trust hosting services and make there own regular backups.
Than you would be on your steps to recovering your business, if your customers want something - throw it in free. After all, you were responsible for there websites and you have failed (no intentional offense). If it were me i would probably make the person responsible for running that command take on the bulk of the work (if they are your employee that is).Cast-Control
--------------
Shoutcast Control Panel - Standalone - Billing Features - GeoIP Features - Stream Authentication - MSN Control - Cluster - Reselling - Video Streaming
Managed VPS Hosting
-
03-05-2008, 06:58 AM #22Junior Guru Wannabe
- Join Date
- Apr 2006
- Posts
- 72
Yeah..I am all at this..I have already informed the clients and offer them a solution..they are happy with it..
Unfortunately..I just backed up the home partition and nothing else.....which was the problem..
We haven't recieved any notice from the datacenter about the second drive..which is what I am waiting for at the moment...If the second drive data is also deleted..then the only solution left for me is to start fresh with copying just the files from the 3rd server..
Now.. Is there any way to transfer the files from one FTP server to another server.using a ftp software.i.e 2 remote servers..as it would be impossible for me to copy 1 files each from the linux server..or download them on a local machine and then re-upload on the main machine..
-
03-05-2008, 07:07 AM #23Junior Guru Wannabe
- Join Date
- Jul 2004
- Posts
- 63
ok, glad to see your customers are understanding with the situation. I don't see why it would be impossible to copy the files, you could tar the home directory - move it to the webserver and wget it into your other server. Than simply untar the files.
You could use a site-to-site transfer (FXP i think it is) but it would take forever for the fact there are would be so many individual files.
I still think you should look into a data recovery service, it is not as difficult as it sounds. To break it down, when you delete a file on the disk the sector/block is simply set to "Allow data to overwrite" and your data is NOT destroyed. I know this applies to NTFS but am unsure about others - wouldn't see a reason not too.
Furthermore your customers will be impressed to see this.Cast-Control
--------------
Shoutcast Control Panel - Standalone - Billing Features - GeoIP Features - Stream Authentication - MSN Control - Cluster - Reselling - Video Streaming
Managed VPS Hosting
-
03-05-2008, 07:14 AM #24Junior Guru Wannabe
- Join Date
- Apr 2006
- Posts
- 72
Yeah...I would request the LT guys to check with data recovery on the primary drive which will be kept on a pending que..but I am not sure how much it might cost ....and since they are a self managed company..I doubt they would escalate the process of data recovery on the primary drive..
Yeah..I would try the TAR option ..just wanted to check if there is an easier process..However..since the server is a CPANEL server..does the mail folder in the /home/x123/mail/ would still contain all the mails??
-
03-05-2008, 07:46 AM #25Web Hosting Master
- Join Date
- May 2006
- Location
- EU & USA
- Posts
- 3,684
OMG, i hope you find out who did this, these are no jokes. Can't imagine anyone would do this to any server. Lesson learned : Off-site backups no mounts.