Index
 |
Announcement: Importance Of Regular Site Backups ! | ||
Discussion by miCRoSCoPiC^eaRthLinG with 18 Replies.
Last Update: June 22, 2006, 4:54 pm (View Latest) | Page 1 of 2 pages. | ||
 |
|||
[tab][/tab]This is to inform all our members that recently we've been facing a lot of hacking attempts from various upcoming groups - whose sole purpose seems to be defacing our members' sites. In most cases it's just a minor botheration though I've no clue what they're gaining out of it.
[tab][/tab]Pertaining to this I'd like to mention that we don't employ a server-side backup mechanism anymore. Long time back we used to perform weekly backup of all our members' sites - but this service has been discontinued for a while now owing to some conflict with the quota system.
[tab][/tab]Recently one of our members lost his site to a defacing attack. The hackers got in and completely trashed his site including his MySQL DBs. Unfortunately he didn't have any backups on his own part and neither did we.. hence the whole site was lost and he'd probably have to start from scratch again. Re-desgning pages are still ok - but what hurts most is all the lost posts/content in case you're running a Forum and/or CMS.
[tab][/tab]Thus I'd like to stress on the necessity of maintaining regular backups of your site on your own - in case you come under such an attack. To facilitate your backing up job, the cPanel Site Backup option has been enabled to allow you to perform a single-click backup of your whole site. You should do this as often as possible - and at least once every week. Make this into a habit since it's a job that'll take up just a few minutes of your time once a week - but might save you a lot of tears in the long run.
[tab][/tab]Moreover, most such hacking attempts are usually successful if you're using a weak dictionary based cPanel password - which can be easily cracked using some brute-force password generator/cracker. Thus I'd highly recommend you to keep changing your cPanel passwords from time to time apart from making them as cryptic as possible using combinations of both numerals and upper-case, lower-case letters and if possible punctuation marks. If you find it difficult to remember such passwords, there are plenty of Free and Good Password Managers available for download - where you can store such passwords sitewise for future reference.
Best Regards,
miCRoSCoPiC^eaRthLinG
[tab][/tab]Pertaining to this I'd like to mention that we don't employ a server-side backup mechanism anymore. Long time back we used to perform weekly backup of all our members' sites - but this service has been discontinued for a while now owing to some conflict with the quota system.
[tab][/tab]Recently one of our members lost his site to a defacing attack. The hackers got in and completely trashed his site including his MySQL DBs. Unfortunately he didn't have any backups on his own part and neither did we.. hence the whole site was lost and he'd probably have to start from scratch again. Re-desgning pages are still ok - but what hurts most is all the lost posts/content in case you're running a Forum and/or CMS.
[tab][/tab]Thus I'd like to stress on the necessity of maintaining regular backups of your site on your own - in case you come under such an attack. To facilitate your backing up job, the cPanel Site Backup option has been enabled to allow you to perform a single-click backup of your whole site. You should do this as often as possible - and at least once every week. Make this into a habit since it's a job that'll take up just a few minutes of your time once a week - but might save you a lot of tears in the long run.
[tab][/tab]Moreover, most such hacking attempts are usually successful if you're using a weak dictionary based cPanel password - which can be easily cracked using some brute-force password generator/cracker. Thus I'd highly recommend you to keep changing your cPanel passwords from time to time apart from making them as cryptic as possible using combinations of both numerals and upper-case, lower-case letters and if possible punctuation marks. If you find it difficult to remember such passwords, there are plenty of Free and Good Password Managers available for download - where you can store such passwords sitewise for future reference.
Best Regards,
miCRoSCoPiC^eaRthLinG
Sat Jun 3, 2006 New Discussion
If I may add, if you run a forum, CMS, or any other kind of software that uses databases on your web site, try to find a plug-in that sends a database backup to your e-mail every day. It can be very useful in case you lose all your data.
Sat Jun 3, 2006 New Discussion
QUOTE (pyost)
If I may add, if you run a forum, CMS, or any other kind of software that uses databases on your web site, try to find a plug-in that sends a database backup to your e-mail every day. It can be very useful in case you lose all your data.
Link: view Post: 79888
True - that'd help a lot too. In any case it shouldn't be all that difficult. I think if you search around the Database forum I'd posted a script long time back - called autobackupsql or something on those lines.. that generates automated full-backups of your specified MySQL DBs at specified intervals. You can just add in another small script in your crontab to mail gzip this file and mail it out to you at regular (weekly) intervals.
I found the script I'd posted earlier. It's called automysqlbackup and can be found at this thread:
Auto-backup Your MySQL DBs Daily/weekly/monthly
Sat Jun 3, 2006 New Discussion
Hmm... Is this defacing thing common? Or is it just a handful of individuals that have their websites defaced?
I have a suggestion. I don't think we can change our username. I'm new here so I could be wrong. When we submit our application, we were ask about our username. I think when we actually sign up using the process form, we need to specify our username. There might be a chance that both of the usernames matches. In fact, there is a high chance if users reply to the application form truthfully.
As such, I suggest that approved applications be totally removed from view after maybe, let's say, 2 weeks? Then whoever that tries to use a password generator would have a tough time becoz he/she needs to guess the username as well.
I have a suggestion. I don't think we can change our username. I'm new here so I could be wrong. When we submit our application, we were ask about our username. I think when we actually sign up using the process form, we need to specify our username. There might be a chance that both of the usernames matches. In fact, there is a high chance if users reply to the application form truthfully.
As such, I suggest that approved applications be totally removed from view after maybe, let's say, 2 weeks? Then whoever that tries to use a password generator would have a tough time becoz he/she needs to guess the username as well.
Sat Jun 3, 2006 New Discussion
QUOTE (yeh)
Hmm... Is this defacing thing common? Or is it just a handful of individuals that have their websites defaced?
Link: view Post: 79894
All web hosts usually have this problem. Sometimes it is more than defacing but a hacker gets into the server and just creates or deletes some accounts.
QUOTE
I have a suggestion. I don't think we can change our username. I'm new here so I could be wrong.Yep, you can't change your server username. The only way to change it is to delete your account and create it again.
QUOTE
As such, I suggest that approved applications be totally removed from view after maybe, let's say, 2 weeks? Then whoever that tries to use a password generator would have a tough time becoz he/she needs to guess the username as well.
Usernames need to be 6 characters. So you can still use a brute force tool to associate a username with a password.
There really isn't anything that can be done to prevent a hacking attempt. Just save your data.
btw, I'm probably going after a degree in network security. I've read the books.
[N]F
Sat Jun 3, 2006 New Discussion
Thanks for the heads-up, m^e. I keep copies of my files both on my hard drive and on a USB flash drive already. But man I would hate to have to re-create all my junk just because some punks thought that trashing Web sites was fun.
I'd like to add one more piece of advice on passwords: don't use the same password for all of your sites. Even just using a variation from one site to the next is better than having the exact same thing everywhere you go on the Internet.
I'd like to add one more piece of advice on passwords: don't use the same password for all of your sites. Even just using a variation from one site to the next is better than having the exact same thing everywhere you go on the Internet.
Sun Jun 4, 2006 New Discussion
I just started changing up passwords for things on the internet and on my website stuff. Not that I've been hacked (yet), but, more and more by reading this forum and the like I've come to the conclusion that people as a whole cannot be trusted on the net. And when my site is more developed, I'm definitly gonna need to make sure I know how to back it up. Especially that database thing. And I'll also have to look up that cron job thing about the site back-up too. Thanks for the heads up M^E. I mean, I always knew it was a possibility, but now I know some ways to protect myself.
Sun Jun 4, 2006 New Discussion
I posted the link to that MySQL Automated Backup Script - check it out guys.. it surely is helpful. I'll see if I can come up with some small shellscripts that'll mail out the backed-up data to you at pre-specified intervals..
Any other bright suggestions about protecting your data, most welcome
Regards,
m^e
Any other bright suggestions about protecting your data, most welcome
Regards,
m^e
Sun Jun 4, 2006 New Discussion
Alright, Joe! Thanks for the warning. Man, I feel so bad for that guy who lost his site! I think some government officials should do something about this... or you guys should report this at least. Do you guys have logs and stuff? There should be like a way to track where the attacks came from... it's so not fair for us - just random attacks. I mean, this is just like property assault/damage!!
Mon Jun 5, 2006 New Discussion
Hey, I've got a problem! My campus server doesn't allow me to connect to port 2083 anymore. Does anyone know of a method to bypass this thing or any other way to backup data? I've tried tunneling using your-freedom but it isn't working.
Mon Jun 5, 2006 New Discussion
A little backup help for WordPress (WP) running site owners. The Only way till now is to back up WP via MySQL manual backup or by plug-ins. In either case i am still not able to find a complete backup solution, where with one click i can back up the WP DB and also the complete folder where WP is installed (root). Well here's what i've found, but if anyone has more useful plugins then please do share with us.
Backing up your DB (WordPress Site)
Restoring ur DB (WordPress Site)
DB Admin Tools (WP's Plugin Database)..
WordPress Backup Shell Script
On-Click Backup (Worth a Try)
Hope this helps
Regards
Dhanesh.
Backing up your DB (WordPress Site)
Restoring ur DB (WordPress Site)
DB Admin Tools (WP's Plugin Database)..
WordPress Backup Shell Script
On-Click Backup (Worth a Try)
Hope this helps
Regards
Dhanesh.
Mon Jun 5, 2006 New Discussion
So has anyone tried the cPanel Single Click Backup Tool yet? It looks like a definite time-saver, and the log it sent to my e-mail after backing up my Website looked quite thorough. But I thought it better to ask you guys, in case you have other opinions about it .
.
Mon Jun 5, 2006 New Discussion
Hey, M^E, please explain to me how exactly the "Backup Site" function in Cpanel works. Cause my site is around 65MB now, and I can't afford to download the whole thing again and again!
By the way, if anyone's using phpBB2 forum out there, then there is an option for "Backup MySQL Database" and "Recover MySQL Database" in the Administration Panel. That's pretty useful, as you can download the GZipped DB which turns out to be very small in size! Unless you use other DBs that is!
Hope m^e reads this soon, I've worked real hard to build my site, and its not even completely up yet!
Tue Jun 6, 2006 New Discussion
QUOTE (Omkar)
Hey, M^E, please explain to me how exactly the "Backup Site" function in Cpanel works. Cause my site is around 65MB now, and I can't afford to download the whole thing again and again!
By the way, if anyone's using phpBB2 forum out there, then there is an option for "Backup MySQL Database" and "Recover MySQL Database" in the Administration Panel. That's pretty useful, as you can download the GZipped DB which turns out to be very small in size! Unless you use other DBs that is!
Hope m^e reads this soon, I've worked real hard to build my site, and its not even completely up yet!
Link: view Post: 80097
You can find this option under Site Management Tools in cPanel - the first icon in the last row. It's simply named Backup and when you click it, it gives you an option of backing up your site in your home folder or on a remote FTP server. Usually you'd choose your home folder.
What it does is, grab every single file in your site as well as you MySQL and PostGRE-SQL databases and packs all those files in a tar archive. Final step is gzipping this archive. Once done, you'll find a file named like backup-[date].tar.gz.
Upon successful backup you should receive a mail somewhat on these lines:
QUOTE
pkgacct started.
pkgacct version 4.1 - running with uid 0
using time::hires for speedups
Copying Reseller Config...Done
Copying SSL Certificates, CSRS, and Keys...Done
Copying Mail files....Done
Copying frontpage files....Done
Copying proftpd file....Done
Copying www logs.............
.........
.........
.........
.........
.........
.........
.........
Done
Grabbing mysql dbs............
.........
Done
Grabbing mysql privs...Done
Grabbing PostgreSQL databases............
Done
Grabbing PostgreSQL privileges...Done
Copying mailman lists....Done
Copying mailman archives....Done
Copying homedir....Done
Copying cpuser file.......Done
Copying crontab file.......Done
Copying quota info.......Done
Storing Subdomains....
Done
Storing Parked Domains....
Done
Storing Addon Domains....
Done
Copying password.......Done
Copying shell.......Done
pkgacctfile is: /home/backup-6.6.2006_11-17-14_SITENAME.tar.gz
Creating Archive ....Done
md5sum is: cd8c232192c344a3743e834dd4913c95
What you stated about backing up MySQL DB is done in this step too - except there you're backing up only your DBs - and this one works on every kind of file and data of your site.
Regards,
m^e
Tue Jun 6, 2006 New Discussion
QUOTE (abhiram)
Hey, I've got a problem! My campus server doesn't allow me to connect to port 2083 anymore. Does anyone know of a method to bypass this thing or any other way to backup data? I've tried tunneling using your-freedom but it isn't working.
Link: view Post: 80035
Try using the standard HTTP way to log in using port 2082.
If not, use a proxy server.
xboxrulz
Tue Jun 6, 2006 New Discussion
 |
 |
|
 |
 |
| Reply / Comment | Ask a Question? | Share / Bookmark | E-Mail a Friend |
 Two New BBCodes For Astahost (13)
|
(0) Hosting Application Approval Time How long will it take? 
|