Server Compromised – Steps For Recovery
Apr 12, 2008
one of the worst things (in hosting) has happened. I received a notice this morning from lfd (configserver) that someone had logged into my server as root and it wasn’t me.
Unfortunately I didn’t notice it until eight hours later so I have no idea (yet) what happened during that period. Thankfully I don’t have any really critical data on the system that could have been stolen.
I’m in the process of restoring from a full system backup right now. After that’s done I’m going to look to see what the differences are between the files from the backup and that on the comprised drive. I’m not sure if I’ll get anything useful from the diff but hopefully I’ll find a clue as to how they got root access.
Then of course I need to get my server back up. However, I don’t want to do this until I’ve taken some steps to identify how the individual got in and take some additional preventative steps.
Here’s what I am planning on doing:
1) Check to make sure all exposed services are patched and look at some security sites to see if there are any known vulnerabilities for these services. Anyone know which sites are good to look at?
2) Change firewall to only allow ssh access from a couple specific IP addresses.
3) Disable root ssh access so I have to login via a different account and perform sudos, etc.
4)?
I’ll also look for a good server-hardening guide to see if there are some obvious things I forgot to secure.
Do any of you find folks have any other suggestions or resources that I should check out?
View 11 Replies
ADVERTISEMENT
Apr 5, 2008
When I take delivery of a dedicated server setup with CentOS and cpanel; what is the first I need to do? Is there somewhere any tutorial how help beginners on the right way?
View 14 Replies
View Related
Oct 25, 2007
What else do I have to do?
I don't understand.
Please see attached screen-shots.
[url]
[url]
[url]
[url]
View 1 Replies
View Related
Mar 8, 2008
I can resolve this situation I have.
I sent a server I have with a provider to have a RAM upgrade yesterday at 15:33 UTC, and ever since then I have had no access to my server.
SSH has been changed back to port 22, from a random high port.
root password has changed
RSA key has changed too.
I can see 3 possable reasons for this:
1) It's a different server plugged into the rack/router or a stolen IP
2) My provider "kindly" formatted and reinstalled my OS.
3) I have a compromised server, I very much doubt this as the server was offline.
I informed my provider about 18 hours ago that I had a "possable compromised server" and since then I have been given the run around as to what is happening.
For the last couple hours or so I have been trying to get them on live chat, which shows as online, but no-one answers. Thats another pet hate of mine.
I also have a couple tickets open asking for an update as they are not answering my origional ticket with updates.
Am I just being impaitent wanting a resolution to this in less than 18 hours or am I correct to complain?
View 8 Replies
View Related
Oct 6, 2007
I am trying to determine if i am hacked, here is details:
I just got a message from softlayer support: ABUSE - 66.228.xxx,xxx - HACKING/MALICIOUS ACTIVITY - IMMEDIATE ACTION REQUIRED. with some log like this:
Quote:
Connection attempt to TCP IP.IP.IP.34:80
>from 66.228.xxx.xxx:41212 flags:0x02 Sep 28 14:05:55 PDT kernel:
Also, I did a rkhunter scan and found:
Quote:
cat /var/log/rkhunter.log | grep Warning
[18:26:29] /usr/bin/GET [ Warning ]
[18:26:29] Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable
[18:26:29] /usr/bin/groups [ Warning ]
[18:26:29] Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable
[18:26:30] /usr/bin/ldd [ Warning ]
[18:26:30] Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable
[18:26:35] /usr/bin/whatis [ Warning ]
[18:26:35] Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable
[18:26:36] /sbin/ifdown [ Warning ]
[18:26:36] Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable
[18:26:36] /sbin/ifup [ Warning ]
[18:26:36] Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable
[18:27:43] Checking '/etc/xinetd.d/ftp_psa' for enabled services [ Warning ]
[18:27:44] Checking '/etc/xinetd.d/poppassd_psa' for enabled services [ Warning ]
[18:27:44] Checking '/etc/xinetd.d/smtp_psa' for enabled services [ Warning ]
[18:27:44] Checking '/etc/xinetd.d/smtps_psa' for enabled services [ Warning ]
[18:27:44] Checking for enabled xinetd services [ Warning ]
[18:27:44] Warning: Found enabled xinetd service: /etc/xinetd.d/ftp_psa
[18:27:44] Warning: Found enabled xinetd service: /etc/xinetd.d/poppassd_psa
[18:27:44] Warning: Found enabled xinetd service: /etc/xinetd.d/smtp_psa
[18:27:44] Warning: Found enabled xinetd service: /etc/xinetd.d/smtps_psa
[18:27:59] Checking for hidden files and directories [ Warning ]
[18:27:59] Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression
[18:27:34] Checking running processes for deleted files [ Warning ]
[18:27:34] Warning: The following processes are using deleted files:
[18:27:34] Process: /usr/libexec/mysqld PID: 4773 File: /tmp/ib2RpbEj
[18:27:34] Process: /usr/sbin/httpd PID: 8449 File: /tmp/.apc.PGGxew
[18:27:34] Process: /usr/sbin/httpd PID: 8452 File: /tmp/.apc.PGGxew
[18:27:34] Process: /usr/sbin/httpd PID: 12102 File: /tmp/.apc.PGGxew
[18:27:34] Process: /usr/sbin/httpd PID: 12950 File: /tmp/.apc.PGGxew
[18:27:34] Process: /usr/sbin/httpd PID: 13044 File: /tmp/.apc.PGGxew
[18:27:34] Process: /usr/sbin/httpd PID: 13046 File: /tmp/.apc.PGGxew
So does that mean my server was compromised?
View 6 Replies
View Related
Jun 6, 2007
Linux Fedora 5
I just got a letter from my dedicated host stating we had just been compromised. These servers just were set up last week! And there is nothing on them yet. The only thing I have done is modified the /etc/hosts file via SSH.
My servers are not even public yet. Can SSH'ing in from an unsecured wireless network make me vulnerable?
What do you guys think? Best way not to let this happen again?
Oh this is great :-| He's still logged in!
[root@server~]# who
root pts/0 2007-06-06 07:12 (xxx)
test pts/2 2007-06-06 03:08 (81.89.10.92)
View 14 Replies
View Related
Aug 22, 2007
I receive reports from my DC that my server is launching some hacking / malicious activity. This is the log that they provide:
Quote:
>
> Aug 20 12:34:35 ensim sshd[30628]: Did not receive identification
> string from MY.SERVER.IP
>
> Aug 20 12:44:23 ensim sshd[444]: Failed password for admin from
> MY.SERVER.IP port 57896 ssh2
>
> Aug 20 12:44:23 ensim sshd[444]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:26 ensim sshd[445]: Failed password for root from
> MY.SERVER.IP port 58029 ssh2
>
> Aug 20 12:44:26 ensim sshd[445]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:28 ensim sshd[446]: Failed password for root from
> MY.SERVER.IP port 58141 ssh2
>
> Aug 20 12:44:28 ensim sshd[446]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:31 ensim sshd[449]: Failed password for root from
> MY.SERVER.IP port 58276 ssh2
>
> Aug 20 12:44:31 ensim sshd[449]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:33 ensim sshd[450]: Failed password for root from
> MY.SERVER.IP port 58421 ssh2
>
> Aug 20 12:44:33 ensim sshd[450]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:36 ensim sshd[453]: Failed password for root from
> MY.SERVER.IP port 58565 ssh2
>
> Aug 20 12:44:36 ensim sshd[453]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:38 ensim sshd[455]: Failed password for root from
> MY.SERVER.IP port 58672 ssh2
>
> Aug 20 12:44:38 ensim sshd[455]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:41 ensim sshd[456]: Failed password for root from
> MY.SERVER.IP port 58787 ssh2
>
> Aug 20 12:44:41 ensim sshd[456]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:43 ensim sshd[457]: Failed password for root from
> MY.SERVER.IP port 58961 ssh2
>
> Aug 20 12:44:43 ensim sshd[457]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:46 ensim sshd[458]: Failed password for root from
> MY.SERVER.IP port 59132 ssh2
>
> Aug 20 12:44:46 ensim sshd[458]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:48 ensim sshd[459]: Failed password for root from
> MY.SERVER.IP port 59348 ssh2
>
> Aug 20 12:44:48 ensim sshd[459]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:51 ensim sshd[465]: Failed password for root from
> MY.SERVER.IP port 59495 ssh2
>
> Aug 20 12:44:51 ensim sshd[465]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:53 ensim sshd[466]: Failed password for admin from
> MY.SERVER.IP port 59622 ssh2
>
> Aug 20 12:44:53 ensim sshd[466]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:56 ensim sshd[467]: Failed password for admin from
> MY.SERVER.IP port 59803 ssh2
>
> Aug 20 12:44:56 ensim sshd[467]: Received disconnect from
> MY.SERVER.IP: 11:
View 2 Replies
View Related
Jun 27, 2007
My windows server 2003 server password has been changed. My host tells me they must reload the entire OS in order to fix it..
Is there no way they can go in and rescue my server? Would save me alot of work.
View 6 Replies
View Related
Jul 4, 2007
So one of the sites on our box was compromised earlier today.
We've shut it down for now and contacted our sysadmin to help research the problem. Not sure if he will be able to really help much as he's only done updates and such in the past.
Any idea of quality sysadmins who might be able to investigate the box and the site?
View 4 Replies
View Related
Mar 19, 2007
I have been trying to troubleshoot our Windows 2003 server for weeks, but have made no lead way. The following are the steps they take to breach the server.
“They” are able to create an account. Some used usernames they have created are: sysadmin, adm, mssqladm.
It is very odd, looking in the event viewer, they just appear to create accounts out of the blue, they don’t even login or attempt to login or anything, all the sudden it says, New Account Created.
“They” then change the password of the account they just created.
Then “They” assign themselves the following group permissions, ‘Users’, and ‘Administrators’. ** SHAKING MY HEAD ** How the bloody hell do they assign themselves Administrator rights?
Then the do a few different actions depending, often times they disabled the windows firewall, and change open ports, other times they simply just logoff, other times, they have placed Trojans horses and other malware in their temporary internet folder under their use folderr.
This has been a cat and mouse game for weeks, I catch the new account, and immediately delete it, and check the firewall and enable if needed, then run a full system scan with AVG and Prevx. Sometmies AVG finds Trojans and malware, other times its clears.
I have racked my brain, checked all running processes with google, and they are seem legit. I have updated everything in windows via windows update, we are running windows 2003 server SP2. I have looked at the users and groups and everything seems secure.
Do you have guys have any idea what is going on? I have feeling something is running internally, which is allowing them to create the accounts.
Is there a tool that tracks all currently running processes, and allows you to go look at the logs to see what exactly was running at a certain time?
View 10 Replies
View Related
Feb 24, 2007
My server (using plesk 8.1 on windows 2003 server) has been compromised with some sort of rootkit and I'm investigating vulnerabilities. This server hosts some of my asp.net applications and I have to grant Modify Permission to IIS WP (iwam_plesk) user on Some subfolders (under Httpdocs folder for each domain). Is it a security problem? if yes, how else can I allow asp.net applications to write to, say, an Access db?
View 2 Replies
View Related
Aug 28, 2007
My host just recently sent the hard drive with my sites to a data recovery company called Gillware. Website is [url]- but they failed and gave the following reason:
Quote:
Originally Posted by Gillware
Unfortunately, your file system was so severely damaged that no data can be
recovered. We will make arrangements to return your drive via UPS. Sorry
we could not help you further.
Gillware Inc.
Do you guys think there's still hope?
The hard drive is now being shipped to a more well known company, Drive Savers - [url]and I'm guessing that this is the last hope, because the more the drive gets tampered with, the more chance of permanent data loss.
So yeah.. I was just wondering what you think? If the file system is so severely damaged, do you think it STILL can be recovered?
View 2 Replies
View Related
Oct 7, 2008
I'm trying to find a good hosting provider to host our company's website as our fallback option in case of disaster. One or two dedicated servers should do it, but it'll need the space/bandwidth to host a database of around 60-80 gigs, with the ability to rsync newer copies of the database on a regular basis. We also need to store a Tomcat website, which will take up much less space, but also need to be rsynced to be kept up to date on a regular basis, though less often than
Also, we probably need Red Hat Linux specifically, as opposed to other flavors of Linux.
Of course we need root access to install the other apps we'll need. My paramount concern is the security of our companies data, much of which not only has to be protected for our companies sake, but also for laws such as HIPAA, etc. Cost is a consideration, but security, dependability, and flexibility (root access to our machine, ability to rsync between sites) is more important.
I was wondering if anyone's got suggestions for me, hosting providers they've liked for these purposes? I'm looking at Media Temple's dpv Nitro option right now ...
View 6 Replies
View Related
May 13, 2008
There is so much information on disaster recovery and backing up one's server, that I'm getting glassy-eyed trying to take it in. Maybe if I became an actual case study, and get some "group think" help, this thread could benefit many others in a similar situation.
Current Situation:
1. I'm a small hosting company, 5 years in existence, with about 350 clients. www.mlhi.net
2. Dedicated Linux server, PLESK CP w/unlimited domains license, fully managed at HostNexus (great guys). It does not have a RAID array (used to have that at Rackspace) but it does have a backup drive that everything is backed up to with a cron job every night.
3) In addition I have a Linux Sys Admin on retainer, www.linuxbox.co.uk (he is better than excellent). Two years of excellent server maintenance and security on top of the managed service I get at HostNexus.
4) I just bought a VPS plan at JauguarPC.com after much research (a lot of it here at WHT) and as they say "so far so good" with the ease of dealing with them. I have not setup anything there yet- just got the VPS provisioned a few days ago.
Fears and Concerns:
1. Data center destroyed/ my server burns up (including backup drive) etc etc.
2. DDOS attack (which did hit this data center a few months ago and I was down for hours)
3. If I had to FTP everything back to another server from my local, at 18 GB, it's not too cool.
Want to do this:
1. I want my Sys Admin to run a backup copy (and incrementals every night) to an identically configured VPS server at JaguarPC. Both servers are now running identical PLESK 8.4.
2. I want the fastest recovery possible without spending a ton of money. I know this means I don't get an "instant" recovery, but recovery within 24 hours is more than OK. None of my customers are ecommerce... just brochureware sites.
My "I'm not an expert" plan:
1. If primary server goes bye-bye forever, I can login to my BulkRegister/Enom account and change the child nameserver IPs to the IP's of the VPS. In 24 hours or less, every request for the nameservers would then be routed to the new server.
2. I can create an A record on every domain like www2.johndoeinsurance.com that would point to the IP at the VPS, so I can ease my mind anytime I want to make sure everything is safe and sound on the second server, and ready to go in an emergency.
How do I configure the DNS?
I control dns at Enom for about two-thirds of my customers. I have ALL domains pointed to ns.mlhi.net and ns2.mlhi.net. Here are my options??
1. I create two more child nameservers... ns3 and ns4 and have then pointed to the IPs at the new server, then update all the domains I control. The rest of the customers I can email and ask them to add the additional nameservers. I know... good luck on them doing it.
2. I change the ns2 IP to go to the new server. And I make sure when I make edits on a website during the day that I FTP to both servers.
3. I don't have any nameservers assigned to the new server. I just change the IP on the existing nameservers in the event of an emergency.
View 5 Replies
View Related
Feb 20, 2008
1. Install CSF
2. Install Iptables if it's not installed (apt-get install iptables on redhat/centos)
3. In WHM under "# ConfigServer Security&Firewall" click on firewall deny ips
4. Open a 2nd window, Goto Main >> Server Status >> Apache Status
5. Check if there are any spammers with lots of connections to a specific file, that's how I got a lot of the IP's.
6. Goto http://ws.arin.net/whois/?queryinput=99.225.243.201
7. Enter the IP you found at "Server Status" and enter it at ws.arin.net to get the proper CIDR which you can easily add to your CSF deny hosts file (which is open in another window)
8. Get a tea and watch the server status closely.
View 8 Replies
View Related
Jan 24, 2008
I just signed up for a shared hosting plan that uses cpanel and got a simple page up and running with no problems. I need to know if there are any steps I need to take as far as security. I have read info about password protecting directories but I'm not sure if that needs to be done on directories that are already there like /etc /mail /accesslogs or just ones that I create like /myimages for example.
I don't have visitors yet and don't think I will for awhile but would still like to take all precautions early and get them out of the way.
View 4 Replies
View Related
Nov 7, 2007
I have moderate experience in administrating. I recently got a quarter cabinet, and I have 2 servers in there.
I have registered a company name, as a domain which is currently hosted at GoDaddy (www/mail) (mydomain.com)
But I have installed centos5 on one server, and called it web1.mydomain.com, added the web1 CNAME in GoDaddy's DNS control. Even did an rDNS to it through my provider.
I have installed Webmin on it to help me add virtual servers (who will be my customers)
And web1.mydomain.com has a mail server on it (Postfix).
Might even put DNS on it. These virtual servers will send emails as well (as I'll be hosting them)
But for now, what will be my next steps in getting my mail server (or the main server) accepted in the web world, for example, I've done SPF records, and rDNS. But what else do I need to do so my email is accepted everywhere?
The virtual domains will be sending mail using the postfix, and ofcourse it'll mean they're piggybacking on web1.mydomain.com, so I guess I need to do stuff so email from web1.mydomain.com will be accepted worldwide.
View 10 Replies
View Related
May 5, 2009
Can someone please provide me steps to install FFMPEG on centos5.
View 4 Replies
View Related
Jan 3, 2009
I've been with midphase/autica on a $10 reseller plan for several years, but I think it's time for a change. I have a personal site, and 2 small business websites.
I think I'm just going to sign up for a shared hosting plan, as I really don't need the separate cpanel access for each domain.
These are the migration steps as I understand them. Am I missing anything?
1. Sign up with hostgator
2. Set up main domain and 2 other domains.
3. FTP over all files and folders, including mail folders.
4. Set up email addresses with new host
5. Go to my registrar (namecheap) and change the name server from old to new (that hostgator gave me).
Is that about it? Am I missing any critical steps? Mainly, I just don't want to miss any emails. According to the chat at hostgator, once I switch the name servers, the change should be instantaneous. True?
View 11 Replies
View Related
Jul 14, 2009
I resell hosting and for the first time in 10 years, the hosting company's servers have gone down and my clients sites are currently down, including email (ouch!).
Any experience with this or suggestions on how to communicate and rectify the situation with my customers? None of them are doing major ecommerce so I don't think there is a significant loss of sales, but regardless, their site is down. I take pride in providing great service and want to be straight up with them and more than fair.
I was thinking of extending their current hosting and acquiring a backup host in the rare event that this happens again so at least their site will be live, even if email is not.
View 6 Replies
View Related
Oct 29, 2009
I have a few shred hosting servers I run. One of them keeps getting listed on CBL. It is very frustrating. Does anyone have an tools, tips, or tricks on finding the compromised?
So far I have confirmed that a script is using PHP to send mail out bypassing the MTA. It is faking the HELO and impersonating a well known ISP.
I used a combination of tshark and netstat. tshark can show me the HELO and EHLO. When I see the wrong entry I cross check that with netstat to see what. So Netstat only shows that it was PHP not the script path.
Here are the commands I'm running:
Code:
nohup netstat -c -p -n -e | grep -i ":25" > /var/log/monitor/netstat-smtp.log &
nohup tshark -f "port 25 and src host XX.XX.XX.XX" > /var/log/monitor/tshark-smtp.log &
Then I grep for what I'm looking for:
grep -i "HELO" /var/log/monitor/tshark-smtp.log
Is there a way to get Netstat to show the script path or complete command that is establishing the connection? Currently these scripts are eating up memory to a point that other process or getting killed off.
I also tried to force all mail through the MTA, but When I enable SMTP_BLOCK in my firewall config I get and error:
*WARNING* Cannot use SMTP_BLOCK on this VPS as the Monolithic kernel does not support the iptables module ipt_owner - SMTP_BLOCK disabled.
If there is a better way I'm game. Maybe some IDS that can tell me more of what is going on with the server?
View 14 Replies
View Related
Dec 15, 2008
I have read many helpful feedbacks regarding choosing a reliable web host. Most of the concerns are centered around costs. However, I am more particular about the relative security of my website in addition to other perks such as space, speed and bandwidth. I rate my concerns on a 1-10 scale:
Security 9/10
Bandwidth 7.5/10
Disk space 6/10
E-mails, backups, etc: 8/10
Cost: 7/10
View 10 Replies
View Related
Sep 17, 2007
Ok...posting this here to hopefully get someone's attention at gnax.net.
I've written their abuse@gnax.net and engineer@gnax.net multiple times and even called into their support line and spoke with Stephen (or Steven). No one there seems to care.
They have a group of Vietnamese hackers on their network that are launching attacks from several of their servers. They also have a google phising site on one of the servers.
Spoke with Stephen at Gnax support and his answer was that it wasn't his job and I needed to send a e-mail to abuse. After telling him that I'd done that multiple times he basically said oh well that he didn't know what to do.
Seems like the admins of gnax.net are either very irresponsible, stupid or just ignorant.
Here are the URL's.
[url]
[url]
Just replace the 1's with t's and you can see for yourself. The fwooshnet.com attempts to download a trojan to your system so if you don't know what your doing don't visit either URL.
Hopefully admins from Gnax watch this forum.
View 6 Replies
View Related
Jan 8, 2008
I just received a fairly scary WHMCS notice, you can view the details here:
<<please don't paste the file names, there are accounts that may have these on them>>
What are your thoughts on the entire situation? Personally, I'm a tad fearful (luckily, I hadn't upgraded to the next version yet as I was letting the other users play beta-testers) given the fact that there wasn't any versioning / modification 'notification' system in place on their end.
I'm fearing further updates. In essence, my concern is that the WHMCS development team isn't entirely certain how they were backdoored or to what scale they were backdoored.
Are their own billing systems & servers hosted in the same environment, were our billing details also released? etc. I want to know the scale of the attack.
View 14 Replies
View Related
May 27, 2008
whose has 5 email accounts and several computers Windows and Mac.
Some spam has been sent out to people in his address book. I received one and have the email headers.
What tools are there for identifying which account/machine has been compromised?
View 3 Replies
View Related
Jun 19, 2008
Even worse, they didn't even notice until I called. If you're a 1and1.com customer I recommend you change your username and password now!
I included some log snippets to help you make sure your account hasn't been compromised.
1and1.com hacked
View 6 Replies
View Related
Sep 12, 2007
I heard from some technicians that SAS disk recovery is going to be much more difficult than the current generation of hard disk. Is it true? Anyone tried recovering from a spoilt SAS hard disk before?
View 0 Replies
View Related
Aug 14, 2008
who you have used in the past to recover damanged hard drives that have been dropped. I got a client that damanged his HD, and it needs to be sent out to someone who is reliable is not gonna cheat and steal the data.
View 4 Replies
View Related
Sep 20, 2008
Which hosts allow you to reinstall the OS yourself, very important if your just starting out or want to try another distro etc.
Netdirekt
Hetzner (in German only)
Vectoral (No, KVM on request only)
View 6 Replies
View Related
Jan 15, 2008
if someone have for mistake cancelled a cpanel account and in the same dir was the backup file of this account, should be possible to recovery at least the backup file from the deleted files? Or the entire dir cancelled?
View 1 Replies
View Related