How To Restore a cPanel Server

This article will guide you through the necessary steps to restore your data from a previous cPanel environment that is no longer functional. Examples are when a harddrive is dying and is no longer bootable, when a system is compromised via root, or even if you are moving from an old server to a new one (although the netcat over SSH method is preferred).


  • You have a fresh and clean environment onto which you have installed the OS and cPanel. The old drive or partition needs to be local to the server (or available via an NFS mount if you so desire).
  • You have the old drive mounted a /olddrive and that it is readable in some fashion. For dying drives this is easier said than done and the drive may fail completely during this process (lots of reads), so be warned!
  • The data still exists. If the inode tables have been lost then everything is going to be dumped into /lost+found and this method will not work. If the hacker deleted your data, then you should be glad you had the foresight to maintain another backup medium!

Data Restoration

Restoring the data is just a matter of rsync-ing over certain directories and configuration files.

rsync functions different than users might expect with regards to trailing slashes; careful use of them is needed to ensure data is copied correctly. When syncing a directory, adding a trailing slash to the source directory will cause all directories/files inside that directory to be synced with the destination, as opposed to the directory itself. This can be seen for example in the difference between the /etc/ sync below, and the Apache rsync that follows.

Let's begin by syncing over important /etc/ configuration files:

cd /olddrive/etc/
rsync -avHz user* trueuser* domainips secondarymx domainalias valiases vfiltersexim* backupmxhosts proftpd* pure-ftpd* logrotate.conf passwd* group* *domain* *named* wwwacct.conf cpbackup.conf cpupdate.conf quota.conf shadow* *rndc* ips* ipaddrpool* ssl hosts spammer* skipsmtpcheckhosts relay* localdomains remotedomains my.cnf /etc

You may also want to copy /etc/crontab and /etc/cron.d/ if you have custom cron scripts.

Next up is Apache and its configuration:

rsync -avHz /olddrive/usr/local/apache/conf /usr/local/apache
rsync -avHz /olddrive/usr/local/apache/modules /usr/local/apache
rsync -avHz /olddrive/usr/local/apache/domlogs /usr/local/apache

Next is named (bind). This is only needed if you run your own DNS:

rsync -avHz /olddrive/var/named /var

Next we'll do cPanel and it's related configurations:

rsync -avHz /olddrive/usr/local/cpanel /usr/local

Next up, MySQL databases:

rsync -avHz /olddrive/var/lib/mysql /var/lib

Misc cPanel files and templates:

rsync -avHz /olddrive/var/cpanel /var

Client and server SSL certificates:

rsync -avHz /olddrive/usr/share/ssl /usr/share

User bandwidth data:

rsync -avHz /olddrive/var/log/bandwidth /var/log

Exim's mail queue:

rsync -avHz /olddrive/var/spool/cron /var/spool

Root user MySQL configuration:

rsync -avHz /olddrive/root/.my.cnf /root

Finally, all user data (mail, web files, etc.):

rsync -avHz --exclude=virtfs/ /olddrive/home/* /home

Updates and Cleanup

Because we've changed some cPanel files around and imported a bunch of user data, we'll want to make sure that these changes are picked up:

/scripts/upcp --force
/scripts/eximup --force
/scripts/mysqlup --force
/etc/init.d/cpanel restart

Since we copied over the contents of /var/cpanel, your previously saved Apache/PHP build options will be retained when /scripts/easyapache is run above (select Previously Saved Config).

WHM Setup

Since this is a “new” install of cPanel, you'll have to run through the WHM Setup Wizard once again upon first login. Just enter the settings as you prefer them/as they were before. If you do not recall some of your previous settings such as nameservers, hostname, or contact email, they can all be found in /etc/wwwacct.conf.

Mail Sync

If you have recovered from a recent backup or otherwise have a stale copy of your data and want to synchronize mail from another server, you can do so over the network with the following command:

for i in  `cat /etc/trueuserdomains|awk '{print $2}'`;do rsync -avHz -e "ssh" --progress /home/$i/mail/* ip.ip.ip.ip:/home/$i/mail;done

In the example above the command is run from the source machine where ip.ip.ip.ip is the destination machine. Since this loops through all the users, it's going to ask you for a password each time. To avoid this authenticate the source machine using an ssh key before running the command:

ssh-keygen –t rsa
ssh-copy-id root@ip.ip.ip.ip


  • This was last tested to work as of cPanel/WHM 11.26. Newer versions might change the functionality of scripts and/or add additional configuration files.