I currently do daily backups to rsyncpalace Daily, weekly, monthly. cPanel does a backup of all user accounts to a folder and they are rsync'd offsite via ssh.
My questions are: Should I be comfortable or concerned that all of my website(s)' data are neatly bundled, stored in plaintext (tar) formats and only protected by a single login and password?
Am I exposed to any more or less risk of tampering with my data than on my webserver itself?
I am planning to use CGI for my web installations and there appears to be a whole lot of conflicting info about setting file permissions in the user's folder.
What are the permissions actually required for reading and writing into the web users directory?
A lot of them say 755, but that doesn't make sense as it gives any user read and write permissions to the whole web directory tree.
Other than the initial index .php, .cgi or some other files that need to be ready by the webserver process shouldn't every other file be 700 or 600 as every subsequent file access is done under the control of the cgi program?
Unless a file is to be served directly by the web server process and is not in a ScriptAlias directory or is not marked as a CGI shouldn't the permissions on that file be 600 or 700?
I'd also like to know if there are some guides as to how the CGI security issues operate.
My website, a free classified ads site, is hosted by XO, the hosting company. I'm introducing a feature where advertisers can, for free, post pictures of the things that they're advertising -- that is, where advertisers can upload a JPEG or a GIF. I understand that this can open my site up to the uploading of malicious code, and that I should put safeguards in place to make sure that only JPEGs and GIFs get uploaded. However, I'm wondering if XO doesn't include some built-in safeguards that would keep malicious code from getting executed. In other words, since a profesional hosting company runs the servers -- not me -- do I need to be worried about security at all?
View 1 Replies View RelatedThere are always people who would like to know what the php settings are on the server. Is it a security risk to share the phpinfo.php file on a website, with anybody who visits that website, able to view it?
View 4 Replies View RelatedI was thinking of starting service provider of online backup service located in USA the data is stored in a vault (off site server)
Data replicated to another server at a another location.
Critical data is 128-bit encrypted, compressed, and then uploaded to a REMOTE server hosted by my company via Secure Sockets Layer (SSL) with enhanced security.
The client chooses what kind of encryption they want to use and they choose their Password (I don't have access to this info)
With out their password they can NOT restore their information back
Lose the password and the Data can not be restored its loss
I have no idea what the passwords are.
Now all the info will be stored on this server
The question that comes to mind if the USA Government wanted to look for any information located in this storage server
Can they force the clients to give them access to this data ?
Talking to someone at storage pipe.com
He was saying that in Canada this info is protected and can not accessed by law
He was saying a lot of company's because of this are looking for off site storage in Canada because of this issue.
So from what I can understand if the storage server is located in the USA if the Government wants to look at the files they will force the clients to provide them access to these fies
either by asking or by court order
But in Canada this not an option the files are protected by Law
Now a lawyer I am not be it seems that if the company has nothing to hide it will not be and issue.
But like I said I have no idea what people or company's are backing up.
It can be anything!
All I do is store the backup data.
All I know is the amount(size) of Data stored on the server.
The last thing I need is people banging on my door asking me to access these files.
Now if I had my server located in Canada they would be protected by law.?
I have two VPS's, VPS1 has one vbulletin community. VPS2 has about 10 cpanel accounts, mostly email, a blog site, etc. Both VPS's well under 10 gig in size not including any backups stored on the VPS.
For the more important VPS, VPS1, I am packaging the cpanel account (50mb) and SCPing it to VPS2.
I am also running pckgacct on the cpanel accounts on VPS2 (about 2 gig total, 1 tar.gz is 1.5gb, three others around 250mb, others smaller) and storing them on VPS2.
I then have WS_FTP scheduled to download the cpanel tar.gz files each night to a local machine.
I also have WHM setup to do daily incremental backups, but am not moving any of these offsite.
So, it seems I have three options:
Keep doing what I am doing.
Keep moving VPS1 tar.gz files to VPS2, but also start moving VPS2 tar.gz files to VPS1.
Start moving tar.gz files (or raw files with rsync) to offsite storage.
I'm curious on some feedback about the three options. These are personal sites, I am not reselling any sites/packages.
It seems like from a data security standpoint (email and stuff), the more 'locations' introduced into the loop, the less security there will be. Does anyone get concerned about moving their email and other data to offsite storage services?
As I said, I have a technical solution currently working, but I am wondering about the theory/data protection aspects of the various options for going forward.
I thought this problem was fixed in Plesk 11.5 but I'm still getting the following backup warnings in Plesk 12..."For security reason backup is performed on behalf of subscription system user...."
My phpbb forum creates cache files which have apache ownership and Plesk backup manager gives warnings that it cannot backup the files due to ownership errors.
I have searched for days for a solution without success. If I change the permissions to owner instead of apache the forums don't function correctly.
Is this a Plesk bug that is still evident in Plesk 12?
My basic VPS backup plan is to have WHM create a backup for me, save it somewhere on my local VPS, and then rsync it off site.
As a beginner with linux, I'm not sure where to have WHM put this file. Is there a recommended place to place this backup file -- it will only be there temporarilly, but I don't know a secure place to put it.
e.g. /home or should I create a new directory called /backups? (and if so -- once again, where in the directory tree do I put it?)
What's the best way to set up an automatic file backup to Amazon's S3 service? I have a Linux cpanel VPS. I have minimal VPS administration knowledge but at least the VPS is managed by a good team
Is there any way to do incremental backups to save on the bandwidth charges?
(a full backup for me would be about 15 gigs each time)
I'm thinking about moving an account with one main domain and a bunch of addons from one cpanel host to another, using a whole site backup .tar.gz file. SSH does not appear to be an option at this point.
I just extracted the tar.gz to a local pc to get a look at what's in it. It has these 12 folders: bandwidth, cp, cron, dnszones, logs, meta, mysql, resellerconfig, userdata, va, vad, vf. Below these folders are also 14 unfoldered files, ranging from "addons" to "version."
So, will this work?
1. Does this mean the domains and all the addons will be set up with their original user names, passwords, and email accounts with all the same passwords, if I move everything to the right location? Will all the email accounts I've set up in my email client software work just as they do now with the current host?
2. How can I know where all these uploaded folders and files have to be moved once they're there?
3. Can I just upload the extracted contents to one location, or do I have to upload the unextracted tar.gz to a server, extract there, then move the contents wherever they need to be moved (but I don't know where things need to be moved now)?
I have created a Cpanel full backup of my website. The file is 2.65GB in size, but when I log in with my FTP client, I get a LISTERROR - [filename] and the filename doesn't appear in the directory window.
Can I still use a custom command to download this file?
I have a backup file at my old server like:
[url]
What is the command line I have to give to get this file by wget to my new server?
Please keep in mind that I have to give my old server user/password in this command line.
Is it possible to export the MYSQL DB from an Hypervm backup file?
If possible,how to?
As I fail several times to restore it in Hypervm.
How I can import my backups from remote backup space to my VPS.
View 6 Replies View Relatedwhen i want to Restore full backup see this error
Restore for cpmove-wwwpakh.tar.gz
Searching /home....
checked 25 files.....
No Restorable archives found!
Searching /usr/home....
checked 0 files.....
No Restorable archives found!
Searching /web....
checked 0 files.....
No Restorable archives found!
Searching /home2....
checked 0 files.....
No Restorable archives found!
Searching /home3....
checked 0 files.....
No Restorable archives found!
Searching /root....
checked 12 files.....
No Restorable archives found!
Searching /usr....
checked 16 files.....
No Restorable archives found!
No archives where found for user wwwpakh.tar.gz!
This feature will restore full backups, cpanel backups and cpanel move files in the format of:
cpmove-user.tar.gz, user.tar.gz, backup-date_time_user.tar.gz
The files must be in one of these directories on the server:
/home,/usr/home,/web,/home2,/home3,/root,/usr
You must upload the file to one of the above locations before using this feature.
why i see this error ?
I'm trying to recover a subdirectory from a full cpanel backup (tar file).
I placed the backup on the /home/<userdir>/
Then I listed the content of the tar file and the directory is in there:
backup-3.1.2006_11-36-43_userlin2/homedir/public_html/php/viacache/
I need to restore /viacache to the original location
Code:
tar -xvf backup-3.1.2006_11-36-43_userlin2.tar /public_html/php/viacache
response:
tar: /public_html/php/viacache: Not found in archive
also (absolute path)
Code:
tar -xvf backup-3.1.2006_11-36-43_userlin2.tar /home/userlin2/public_html/php/viacache
Not found in archive....
I lately decide to change my server provided and I decided to go for pre-installed Plesk12 service , plesk installed with os installation and in the beginning was looking ok , till I faced two problems .
The first problem I found is on Backup manager , I set a daily backup with maximum of 5 but every day I receive the error :The backup backup_website.com_info_1505272137.xml and backup_website.com_info_1505262137.xml was not created , I check the current backup task and the two task shows fails.(picture attached)
The second problem I found It may be related , is concerning the File permission , the user root and on group root are not able to change any file permission but the user pinco on group root is able to change it as well as the user Pinco on group psacln/psaserv , I updated the plesk12 to latest release to see if maybe was some changes but unfortunately nothing
Not migration for domains and was fresh install for os and plesk12
Plesk version:12.0.18 Update #48
OS: CentOS 6.2 (Final)
I restored Plesk Panel from web-gui up to 11 hours, is it normal?I have more that 300 accounts.
View 1 Replies View RelatedWhich protocol I should use for performing a backup of important server files and folders. I do make a snapshot but i found that's not enough.
My Centos 6.6 has ProFTPD configuration setup only for webhosts so no root access. I came across SCP, but don't know how to secure that like a Pro. I have also heard about SSHFS for linux.
I am configuring a new Plesk server 12.x based on Linux. I already have a Plesk server in 10.x on Windows and i would like to transfer all the data we have on this one to the new server.
I tried to do a backup of the old server using the web interface but the zip file created was not compatible with the one using Linux.
I'm trying to upload backup ms sql server file. But the Control panel tells me error: "Error: copy_file failed: filemng cp failed:"
"The issue usually occurs due to exceeded disk quota. Check it."
