The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Backup security

Discussion in 'Security' started by adapter, Jun 9, 2005.

  1. adapter

    adapter Well-Known Member
    PartnerNOC

    Joined:
    Sep 17, 2003
    Messages:
    391
    Likes Received:
    0
    Trophy Points:
    16
    Hi

    i use whm backup script with remote backup server, now i have see that u need to enter the username and password of the remote server backup and whm show the psw in clear, how this is possibol? if the hacker get root password he can delete also my backup files and i am out!

    solutions?
     
  2. anup123

    anup123 Well-Known Member

    Joined:
    Mar 29, 2004
    Messages:
    897
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    This Planet
    How about incremental backup over nfs if it's a remote server (ie if the remote backup service provider provides this facility to you). In case you would want to have incremental backup over nfs, pm me ... you can get a 100GB space for 25$/Mo

    Anup
     
  3. adapter

    adapter Well-Known Member
    PartnerNOC

    Joined:
    Sep 17, 2003
    Messages:
    391
    Likes Received:
    0
    Trophy Points:
    16
    my question was different:)

    what is "over nfs" ?

    we already have a NAS 1TB
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    If a hacker got root access he could spike your backups to make them useless anyway. If they have root access to the server it doesn't matter what method you use to remotely store them, they're likely to be able to gain access in one way or another if not simply editing the backup script. It would probably be better to expend energies of making sure that root access is not gained that trying to prevent something that would be extremely difficult to do.
     
  5. adapter

    adapter Well-Known Member
    PartnerNOC

    Joined:
    Sep 17, 2003
    Messages:
    391
    Likes Received:
    0
    Trophy Points:
    16
    yes true but if u secure also the backup solution is a additional security level, i think that a crypt psw field is easy to add in whm backup section, why Cpanel dont add it?
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I do understand what you're saying and what you are looking for. It's actually not that easy to do because to use FTP the backup script will still need access to an unencrypted password which means that the code to en/decrypt the password would still have to be on the server. Then, of course, that password is still sent in clear text via FTP and can be simply intercepted by putting a false FTP server onto the server, redirect the backups script traffic to it and snaffle the password. I guess I'm just not sure about the level of benefit compared to the level of risk. It would be much more secure to use SFTP or rsync over SSH with key pairs, but then you're still stuffed if a hacker gains root access.
     
  7. jester.ro

    jester.ro Well-Known Member
    PartnerNOC

    Joined:
    Feb 6, 2004
    Messages:
    304
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Bucharest, Romania
    cPanel Access Level:
    DataCenter Provider
    you could solve PART of the problem by using some timing scripts.

    on the backup server, start the ftp daemon (or allow connections from iptables) only few minutes before the cpbackup starts, and then, on the backup server check to see if the backup username is still logged in, if not, put back the firewall or stop ftp daemon.


    of course, it's just an idea, that does not protect you if you get haked while doing the backups :)
     
Loading...

Share This Page