Serious several problems with proxmox VE system.

T

Tim.spam

Guest
Hello,

I'm new with PVE and i hired for solve few problems.

There is a PVE system that contains 1 master and 4 nodes. All OS' has been hacked and some files are missing. Fortunately all guest hosts are running but i can't take them control. I can't log-in to any PVE control panel and can't getting list from console with "qm list" command. Most of qm commands stuck without any output.

There is no VZ guest by the way.

I need to get list of guest hosts and make them manageble again til recover and move files to another PVE system.

What would you suggest ?

Thank you.
 
Hi,
why you are sure that the hosts are hacked? Do you use insecure passwords? Not upgraded system?

Do you have any storage which are not available anymore? Look at /etc/pve/storage.cfg and fstab.
Sometimes there are strange effects if a nfs-mount not available...

To get the VMs: stop all kvm-processes, copy diskimages and config to a new server and start there again (or better use vzdump).

Udo
 
Hi udo,

Hacked not the exact words but -as the company told- systems has been damaged by a former personel. I'm trying to clean he's mess.

I removed the not working storage before my first post but nothing change. Also just fix the syslogs and i be able to get errors now. Here is my syslog output;

Dec 14 16:20:10 vz02 pvemirror[2562]: syncing vzlist from '10.10.0.135' failed: 500 read timeout
Dec 14 16:20:10 vz02 pvemirror[2562]: syncing templates
Dec 14 16:20:10 vz02 pvemirror[2562]: cluster syncronization finished (40.06 seconds (files 0.00, config 0.00))
Dec 14 16:20:30 vz02 pvemirror[2562]: starting cluster syncronization
Dec 14 16:20:40 vz02 pvemirror[2562]: syncing vzlist from '10.10.0.132' failed: 500 read timeout
Dec 14 16:20:50 vz02 pvemirror[2562]: syncing vzlist from '10.10.0.133' failed: 500 read timeout
Dec 14 16:21:00 vz02 pvemirror[2562]: syncing vzlist from '10.10.0.131' failed: 500 read timeout


10.10.0.132 the master machine that i got these lines.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!