Last week we got hit with the dblaunchs hack.
I was not able to trace down right where they installed it so I made a cron job to pkill it if running every 2 minutes to buy me some time. I get with our users and was having them clean up their mail boxes to make a fix faster.
Well today the hackers are at it again with new toys. I have no log files, AV is disabled, and other "fun" stuff. This server is very old, running Ubuntu 12.04 with Zimbra version 8.7.1_GA. So my thought is to just spin up a new server this time as a virtual. My issue is saving as much as possible. I a ASSuME the only way to do this is to make a new server with Ubuntu 16.04 and install 8.7.11 and then import the users and messages some how, then upgrade to 8.8.12
My questions,
1) I am assuming it will not do much good installing the 8.7.11 patch after the fact, but is it possible that would restore the log files so I could have a chance finding what and where the .sh file is?
2) What is the best practices for exporting and importing everything ? I looked at Zextras Migrate and it looks good, is it?
3) What protection is best to protect against this again?
Move to new new server after hack
Re: Move to new new server after hack
Install the latest version of ZCS on a new server then use the ZeXtras Migration Tool to move everything to a new server and, yes, it really is that good. If you're behind a firewall or nat router then I'd suggest you b lock off internet access (inbound and outbound) to the old server while you do the move.
Re: Move to new new server after hack
Thanks, Mr. Phonix for your directions.
I'm using Network Zimbra 8.6 edition.
I install a new Zimbra server 8.8.12 network edition ...for migration testing using Zextras tool.
Can I use the current license file used in Zimbra 8.6 for Zimbra 8.8.12?? I upload the same file ..but need activate.
If I activate it, What will happen for the old system?
Tanks
I'm using Network Zimbra 8.6 edition.
I install a new Zimbra server 8.8.12 network edition ...for migration testing using Zextras tool.
Can I use the current license file used in Zimbra 8.6 for Zimbra 8.8.12?? I upload the same file ..but need activate.
If I activate it, What will happen for the old system?
Tanks
- DualBoot
- Elite member
- Posts: 1326
- Joined: Mon Apr 18, 2016 8:18 pm
- Location: France - Earth
- ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
- Contact:
Re: Move to new new server after hack
hello,
nothing for your old server. It dose not deactivate your license on your old server.
Regards,
nothing for your old server. It dose not deactivate your license on your old server.
Regards,