1

Today I had an email of OVH saying my server was hacked (it was nothing more than a wordpress plugin of a client messing around) but it ended with my server forced to Rescue Mode and I'm not able to boot normally anymore.

My server has 2 disks:

Disk /dev/nvme1n1: 1920.4 GB, 1920383410176 bytes, 3750748848 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: gpt
Disk identifier: F41751A6-C420-475C-BB59-E768E17AA2AB

 1         2048      1048575    511M  EFI System      primary

 2      1048576     42006527   19.5G  Linux RAID      primary

 3     42006528   3114004479    1.4T  Linux RAID      primary

 4   3114004480   3175442431   29.3G  Linux swap      primary

Disk /dev/nvme0n1: 1920.4 GB, 1920383410176 bytes, 3750748848 sectors (same as nvme1n1)

Disk /dev/md3: 1572.9 GB, 1572862885888 bytes, 3071997824 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/md2: 21.0 GB, 20970405888 bytes, 40957824 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

I followed this tutorial (using grub2 commands instead of grub) and it looked promising until the "grub-install /dev/sdx (NOTE that this is the drive and not the partition. try grub-install --recheck /dev/sdxy if it fails)". Tried everything (md2, md3, nvme1n1,...) but all I get is "grub2-install: error: cannot find EFI directory." I already checked if I had the EFI folder and it was there in /boot/efi/EFI/centos. So I have no idea what's wrong. I really need help to solve this and I'm going to pay for the help. Anyone able to help via anydesk or teamviewer? It's really super urgent.

U. Windl
  • 366
  • 3
  • 17
Jorge O.H.
  • 19
  • 1
  • What is there to fix? Why doesn't your server boot normally? Did you actually try it? – Michael Hampton Jun 09 '21 at 21:57
  • It doesn't boot normally, the server get stuck on GRUB when loading from HD. – Jorge O.H. Jun 09 '21 at 21:59
  • "*Anyone able to help via anydesk or teamviewer? It's really super urgent.*": Probably wrong site: This is to answer questions, not to provide remote support. Also several people "offering" remote support to you *might* make things worse, maybe deliberately. – U. Windl Sep 01 '23 at 07:22

2 Answers2

0

Could be that it's not mounted. You can check it with the mount | grep efi, and if it isn't, you can mount it (mount /dev/[efi device] /mnt/boot/efi).

In any case, you can specify boot/efi directory for grub install, which would look something like this: grub-install --efi-directory=/mnt/boot/efi

Maxoholic
  • 170
  • 6
  • do I have to mount it in the rescue mode? I'm really blind here, can you help me via remote? I'm facing this issue for several hours, almost 24h awake and I'm starting to be afraid that I cannot solve by myself. – Jorge O.H. Jun 09 '21 at 23:31
  • Nah, first just try to specify the `--efi-directory` path when you run grub-install and we'll go from there, if it's still complaining then `grep` it – Maxoholic Jun 09 '21 at 23:39
0

Actually the only correct action for a server that was hacked (assuming root access) is to completely re-install, and only restore any files that are definitely not corrupted.

U. Windl
  • 366
  • 3
  • 17