Restore failure.

Hi

One of my virtual servers failed to restore.
Actually the virtual server was set up but the database did not restore.

Here is the log –

Downloading archive from Amazon S3 server …
… done

Extracting backup archive files …
… done

Re-creating virtual server sd5.info …

Creating administration group secdown ..
.. done

Creating administration user secdown ..
.. done

Creating aliases for administration user ..
.. done

Adding administration user to groups ..
.. done

Creating home directory ..
.. done

Creating mailbox for administration user ..
.. done

Adding new DNS zone ..
.. done

Adding to email domains list ..
.. done

Adding default mail aliases ..
.. done

Adding new virtual website ..
.. done

Adding Apache user apache to server's group ..
.. done

Performing other Apache configuration ..
.. done

Setting up scheduled Webalizer reporting ..
.. done

Setting up log file rotation ..
.. done

Creating MySQL login ..
.. done

Creating MySQL database secdown ..
.. done

Setting up spam filtering ..
.. done

Setting up virus filtering ..
.. done

Creating status monitor for website ..
.. done

Adding analytics tracking to website configuration ..
.. done

Creating Webmin user ..
.. done

Re-starting DNS server ..
.. done

Applying web server configuration ..
.. done

Re-loading Webmin ..
.. done

Saving server details ..
.. done

Restoring backup for virtual server sd5.info …

Restoring virtual server password, quota and other details ..
.. done

Updating administration password and quotas ..
.. done

Restoring Cron jobs ..
.. done

Extracting TAR file of home directory ..
.. done

Setting ownership of home directory ..
.. done

Re-creating records in DNS domain ..
.. done

Restoring Apache virtual host configuration ..
.. done

Checking restored PHP execution mode ..
.. mode FCGId OK for this system

Updating home directory in PHP configuration ..
.. done

Restoring Webalizer configuration files and Cron job ..
.. done

Restoring Logrotate configuration ..
.. done

Deleting old MySQL databases ..
Restore failed : SQL drop database `information_schema` failed : Access denied for user 'root'@'localhost' to database 'information_schema'

Any idea why this might have happened and how it can be fixed ?

Many thanks.

Hmm, this message is an odd one:

Restore failed : SQL drop database information_schema failed : Access denied for user ‘root’@‘localhost’ to database ‘information_schema’

It shouldn’t be trying to drop that particular database.

Do you know how this particular Virtual Server was backed up? Was that using the Virtualmin backup function?

Also, what distro/version was used when creating that backup?

-Eric

HI,

Yes the backup was done with VirtualMin Pro onto my Amazon S3 server account.

Thats why I needed to get my VirtualMin Pro back up and running.

The virtual server SD5.info has been restored and when I look in the Edit Databases under the
VirtualMin tab - I see the database " information_schema".

And it gives me access to tables like CHARACTER_SETS, ENGINES, EVENTS.

This looks pretty dangerous !

My server was “rooted” a couple of weeks ago and I had to have the server software all reinstalled and then re-loaded my websites. I have only reloaded 6 of them so far as these are my main ones that I want live.

Could this access to “information_schema” be something a hacker did ?

Any idea how I sort this out ?

There is something else that also looks wrong.

When I look at my fethiye-guide.com VS and edit databases
I see this –
(I screen captured it)

http://www.sd5.info/dbs.jpg

As you see there are 2 databases.

Then when I select one I get the field list –

http://www.sd5.info/dbs1.jpg

When I click on the link to go back to the database list, I can see ALL of them.

( Maybe this is normal because I am logged in as root. )

BUT there is also 2 databases extra called –

information_schema
mysql

http://www.sd5.info/dbs2.jpg

Is this normal ?

Thanks.

Just curious

How do you know that the backups were created BEFORE the hacker gained access to your system?

I dont.

But my server admin told me to backup before he did a complete system reload.
Then to reload my websites.

By restoring the websites - will that open the door for the hacker again ?

I have only restored a few of them.

Maybe I should take the “funny” behaving ones off again ?

What do you think "

.

If you (or your host) don’t know how and when the hacker gained access, you should assume that the backups are compromised as well. And you should also assume that the hacker probably can use the same hack again.

Typically “websites” are the weakest link (for hackers to attack). For example wordpress, joomla or drupal have lists with vulnerable extensions.