Move to new new server after hack

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
protelit
Posts: 13
Joined: Tue Sep 25, 2018 11:46 am

Move to new new server after hack

Postby protelit » Fri May 24, 2019 3:47 pm

Last week we got hit with the dblaunchs hack.
I was not able to trace down right where they installed it so I made a cron job to pkill it if running every 2 minutes to buy me some time. I get with our users and was having them clean up their mail boxes to make a fix faster.
Well today the hackers are at it again with new toys. I have no log files, AV is disabled, and other "fun" stuff. This server is very old, running Ubuntu 12.04 with Zimbra version 8.7.1_GA. So my thought is to just spin up a new server this time as a virtual. My issue is saving as much as possible. I a ASSuME the only way to do this is to make a new server with Ubuntu 16.04 and install 8.7.11 and then import the users and messages some how, then upgrade to 8.8.12

My questions,
1) I am assuming it will not do much good installing the 8.7.11 patch after the fact, but is it possible that would restore the log files so I could have a chance finding what and where the .sh file is?
2) What is the best practices for exporting and importing everything ? I looked at Zextras Migrate and it looks good, is it?
3) What protection is best to protect against this again?


phoenix
Ambassador
Ambassador
Posts: 26699
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Move to new new server after hack

Postby phoenix » Fri May 24, 2019 3:54 pm

Install the latest version of ZCS on a new server then use the ZeXtras Migration Tool to move everything to a new server and, yes, it really is that good. If you're behind a firewall or nat router then I'd suggest you b lock off internet access (inbound and outbound) to the old server while you do the move.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
mqaroush
Posts: 42
Joined: Sun Aug 03, 2014 4:31 am

Re: Move to new new server after hack

Postby mqaroush » Sun May 26, 2019 7:52 pm

Thanks, Mr. Phonix for your directions.
I'm using Network Zimbra 8.6 edition.
I install a new Zimbra server 8.8.12 network edition ...for migration testing using Zextras tool.
Can I use the current license file used in Zimbra 8.6 for Zimbra 8.8.12?? I upload the same file ..but need activate.
If I activate it, What will happen for the old system?

Tanks
User avatar
DualBoot
Elite member
Elite member
Posts: 1308
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: Move to new new server after hack

Postby DualBoot » Mon Jun 17, 2019 11:16 am

hello,

nothing for your old server. It dose not deactivate your license on your old server.

Regards,

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 15 guests