New on LowEndTalk? Please Register and read our Community Rules.
Need help with kimsufi rescue mode server
Hello,
i have a server at kimsufi for which i got a mail saying its hacked so they have put it in rescue mode.
and they sent me rescue mode details,
can anyone please help me getting data from it?
(they told me to mount partitions but i am not able to see my files)
Kindly someone PM me or post here how to get back my files.
thanks.
Comments
If you are sure you have mounted the right partitions and your data isn't where you expect it to be maybe it has been deleted? If that's the case you should be extremely careful not to write anything to the disk and safe a raw disk image asap. You can then try if you can restore at least some of the data from a copy of said image.
Hello @mksh thanks for the response.
i have tried
fdisk -lthen i have tried
mount /dev/sda3 /mnt/but when i cd into /mnt/ , i don't see my files.
any idea?
Do you see anything at all there (try
ls [remove-this-stupid-cloudflare...] -al)? Also what about sda2 (sda1 is your boot partition i guess)?Avoid read-write mount's. Best to
mount -o ro ...(likemount -o ro /dev/sda3 /mnt/foo)Also, if you run a
tune2fs -l /dev/sda3you'll get some stats on when it was created etc. See if that matches with when you installed your server or if it is newer.