Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
25% Recurring Discount on NVMe VPS
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

OVH won't let me backup my data - Dedicated server

nmolinacanmolinaca Member
edited October 2021 in Help

The OVH team has notified me that my server has been compromised with Hacking and Phishing.

When I was immediately notified I took action to correct the site of a client that has nothing to do with my company then they sent me another email that another domain was verified.

Here comes the headache, immediately and arbitrarily they terminated my contract and suspended my account as follows:

"Hello,

Your server is on rescue-SSH, to permit backup. Your services and account was closed.

It's final decision.

Your abuse case #SDTPNWLBKC linked to the service ns54xx78 [.] Ip-xx-xx-xx [.] Net is now closed.

Cordially,

The OVHcloud Abuse Team "

But this is not possible because I only have access to FTP and it does not work for me to backup my data found in WHM.

I have written many new emails and they have not responded. I have my clients down for about 2 days.
_
I JUST NEED A BACKUP FROM THE SERVER PLEASE IF YOU CAN HELP ME I NEED IT PLEASEE_

I need help with this please.

Comments

  • jmgcaguiclajmgcaguicla Member
    edited October 2021

    PS: They say it's on rescue SSH, so why not SSH in and take your stuff?

  • Did you rent server directly with OVH? Why you only have FTP access? It clearly it rescue mode, you can enter by ssh/console and transfer your data.

  • jarjar Patron Provider, Top Host, Veteran
    edited October 2021

    If you have it in rescue mode and your only instinct is to either use FTP or WHM, it's not difficult to imagine how you arrived at this problem. I'm sorry that you're having this trouble, but you're probably going to need to pay someone like rack911 to help you out of it. You weren't ready to manage your own server where it was important and production. This is where you find out that the savings was only temporary. Save on management, spend it on recovery.

  • @jar said:
    If you have it in rescue mode and your only instinct is to either use FTP or WHM, it's not difficult to imagine how you arrived at this problem. I'm sorry that you're having this trouble, but you're probably going to need to pay someone like rack911 to help you out of it. You weren't ready to manage your own server where it was important and production. This is where you find out that the savings was only temporary. Save on management, spend it on recovery.

    This was an incredibly kind way to say what everyone who views this thread is thinking, kudos.

  • @jmgcaguicla said:

    PS: They say it's on rescue SSH, so why not SSH in and take your stuff?

    The root user for ssh on server been disabled to login with "password". We can only able to login with the private key.

    I need them to provide the private key to login the rescue server or mount the disk partitions on the rescue server so that we can able to access the data and migrate them to new server.

    The FTP access that they gave me doesnt have the data is all empty.

  • jmgcaguiclajmgcaguicla Member
    edited October 2021

    @nmolinaca said:
    I need them to provide the private key to login the rescue server or mount the disk partitions on the rescue server so that we can able to access the data and migrate them to new server.

    The FTP access that they gave me doesnt have the data is all empty.

    Well that sucks but probably nothing you can do until/if they reply.

  • stefemanstefeman Member
    edited October 2021

    OVH will not terminate on first abuse, unless it was on colossal scale.

    You likely had tons of bad customers over long time to get your account terminated.

    100up for example sells directly to script kiddies via discord, and their nodes are full of CNC's and infected servers, DMCA content, stresser/booter sites and even direct ddos. Even they only get warnings every now and then (according to their discord server announcements), so I can only imagine what your customer did to get you burned instantly lol.

  • deankdeank Member, Troll

    Nice (not) way of attempting to distort a bigger picture.

    Anyway, what do you expect us to do about it? We have nothing to do with OVH. All we can do is get naked, dance around a camp fire, and hope for your misfortune.

  • edited October 2021

    Without specifying your abuse case, we can only assume it was so bad OVH thought it would be wise kick you out entirely and not deal with it.

  • JamesFJamesF Member, Host Rep

    If you want your data and you have no offsite backup. Best to get a pro like rack911 / JoneSolutions and ask them.

    Thanked by 1jonesolutions
  • Your data in rescue won't be visible unless you mount your drives, you need to have SSH CLI knowledge, please hire a professional to get your backup. Running hosting environment with only GUI help is very dangerous, there are lot of things your server could have been compromised like weak configuration or setting, improper firewall setup, client or reseller would have been compromised first etc.

    Server security and constant management and monitoring is very much needed, people skip this step and offer low cost hosting and in the end it will end in such tragedy. No Data center will tolerate a compromised server in his network, which will create problems to others. You have learnt your lesson, hope you be careful next time.

    Thanked by 1hackerman
  • jarjar Patron Provider, Top Host, Veteran

    Since it's a cPanel box this will show you how to make backups over chroot: https://docs.cpanel.net/knowledge-base/general-systems-administration/full-disaster-recovery/82/

    This + rsync elsewhere is what you need someone to do for you.

  • @sdglhm said:
    Without specifying your abuse case, we can only assume it was so bad OVH thought it would be wise kick you out entirely and not deal with it.

    I got hacked in a client domain They say it ese phishing

  • @johndoemaniac said:
    Your data in rescue won't be visible unless you mount your drives, you need to have SSH CLI knowledge, please hire a professional to get your backup. Running hosting environment with only GUI help is very dangerous, there are lot of things your server could have been compromised like weak configuration or setting, improper firewall setup, client or reseller would have been compromised first etc.

    Server security and constant management and monitoring is very much needed, people skip this step and offer low cost hosting and in the end it will end in such tragedy. No Data center will tolerate a compromised server in his network, which will create problems to others. You have learnt your lesson, hope you be careful next time.

    I Dont have the credentials for ssh thats the problem

  • stefemanstefeman Member
    edited October 2021

    if you can access rescue system thats enough.

    If they actually killed the server and themselves ported "some" data over to a seperate FTP server, then ur fucked and just gotta restore client data from backups.. You do have daily backups on external server as a webhost, right?

  • stefemanstefeman Member
    edited October 2021

    @nmolinaca said:
    The OVH team has notified me that my server has been compromised with Hacking and Phishing.

    When I was immediately notified I took action to correct the site of a client that has nothing to do with my company then they sent me another email that another domain was verified.

    Here comes the headache, immediately and arbitrarily they terminated my contract and suspended my account as follows:

    "Hello,

    Your server is on rescue-SSH, to permit backup. Your services and account was closed.

    It's final decision.

    Your abuse case #SDTPNWLBKC linked to the service ns54xx78 [.] Ip-xx-xx-xx [.] Net is now closed.

    Cordially,

    The OVHcloud Abuse Team "

    I JUST NEED A BACKUP FROM THE SERVER PLEASE IF YOU CAN HELP ME I NEED IT PLEASEE_**

    I need help with this please.

    The same email (or seperate one right after) should contain username and password to access the rescue system.

    Access via putty or something similar by using those details, and follow the guide which Jarland posted to recover the data, or hire someone competent enough to do it for you and ur customers. How would you even have FTP without SSH or are you actually using SFTP but don't know how to use SSH with same details?

    I pity whoever bought hosting from you.

    Running an autoinstall script for web hosting panel and connecting it to a fancy WHMCS template turned out to be a disaster in your case.

  • @stefeman said:

    @nmolinaca said:
    The OVH team has notified me that my server has been compromised with Hacking and Phishing.

    When I was immediately notified I took action to correct the site of a client that has nothing to do with my company then they sent me another email that another domain was verified.

    Here comes the headache, immediately and arbitrarily they terminated my contract and suspended my account as follows:

    "Hello,

    Your server is on rescue-SSH, to permit backup. Your services and account was closed.

    It's final decision.

    Your abuse case #SDTPNWLBKC linked to the service ns54xx78 [.] Ip-xx-xx-xx [.] Net is now closed.

    Cordially,

    The OVHcloud Abuse Team "

    I JUST NEED A BACKUP FROM THE SERVER PLEASE IF YOU CAN HELP ME I NEED IT PLEASEE_**

    I need help with this please.

    The same email (or seperate one right after) should contain username and password to access the rescue system.

    Access via putty or something similar by using those details, and follow the guide which Jarland posted to recover the data, or hire someone competent enough to do it for you and ur customers. How would you even have FTP without SSH or are you actually using SFTP but don't know how to use SSH with same details?

    I pity whoever bought hosting from you.

    Running an autoinstall script for web hosting panel and connecting it to a fancy WHMCS template turned out to be a disaster in your case.

    Hello my friend, i dont have the access for SSH, they just let me de FTP-rescue mode. Dont you think that if i. would have the SSH access i wouldnt have this problem?

  • the SSH config where you defined private key is swapped out when the rescue system/image is loaded. How are you not able to login with the provided details?

  • jarjar Patron Provider, Top Host, Veteran
    edited October 2021

    Since when do they have an FTP only rescue mode? I'm not saying it doesn't exist but that would be new to me.

    Get /etc, /home, and /var. Best you can do.

  • MikeAMikeA Member, Patron Provider

    @jar said:
    Since when do they have an FTP only rescue mode? I'm not saying it doesn't exist but that would be new to me.

    Unknown to me.. they just reboot the server using the rescue option, which is automated and sends you an email with the rescue image root SSH password..

  • jmgcaguiclajmgcaguicla Member
    edited October 2021

    @jar said:
    Since when do they have an FTP only rescue mode? I'm not saying it doesn't exist but that would be new to me.

    Probably got off on the wrong foot with the way the original post was worded making op seem absolutely clueless (aside from not having backups ofc), he seems to know at least how to SSH in.

    Didn't say it had "only FTP", it was just only FTP was accessible (since when did OVH's rescue mode have an FTP server running by default?). According to a reply, root SSH password login is disabled and only allows private keys which apparently he does not have.

    @nmolinaca said:
    The root user for ssh on server been disabled to login with "password". We can only able to login with the private key.

    I need them to provide the private key to login the rescue server or mount the disk partitions on the rescue server so that we can able to access the data and migrate them to new server.

  • I gotta love the fact that, first thing you do when you notice that everything is down and you have no access to backups and/or experience to move forward:

    Lets open thread to LET and ask for free help cause why not?

    You should be scouring google for disaster recovery service right now find a competent consultant to investigate available options.

    Do you really have no backups other than RAID1 on the suspended machine?

  • nmolinacanmolinaca Member
    edited October 2021

    @stefeman said:
    I gotta love the fact that, first thing you do when you notice that everything is down and you have no access to backups and/or experience to move forward:

    Lets open thread to LET and ask for free help cause why not?

    You should be scouring google for disaster recovery service right now find a competent consultant to investigate available options.

    Do you really have no backups other than RAID1 on the suspended machine?

  • @stefeman said: Lets open thread to LET and ask for free help cause why not?

    They got one on WHT too, verbatim too. I suppose the premium subscription there gives you better content other than the usual circle jerk over there.

    I say just let the VPS go. You know what they say, you don't backup things you don't have any value too. let your customers know their worth!

Sign In or Register to comment.