Secure my backups in AWS S3

Operating System & Version
CENTOS 7.7
cPanel & WHM Version
v86.0.18

ImperialTrader

Well-Known Member
Aug 31, 2014
174
20
68
Egypt
cPanel Access Level
Root Administrator
I'm using AWS S3 for my backups.

How can I make sure that my backups in S3 are secured if my server or my WHM got hacked?

I need to prevent the hacker to access my S3 backups (to not delete them) from the connection between my WHM and AWS S3.

Kindly check the 2 screenshots from my current backup settings in WHM and my AWS S3 bucket permissions.
 

Attachments

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,266
313
Houston
I don't think I fully understand the concern here, if your server was hacked, they still wouldn't be able to access your bucket because the password is stored in a hashed file. Furthermore, any security measures taken for the backup server would need to be done using the AWS instructions which would be best retrieved from AWS themselves.
 

ImperialTrader

Well-Known Member
Aug 31, 2014
174
20
68
Egypt
cPanel Access Level
Root Administrator
I don't think I fully understand the concern here, if your server was hacked, they still wouldn't be able to access your bucket because the password is stored in a hashed file. Furthermore, any security measures taken for the backup server would need to be done using the AWS instructions which would be best retrieved from AWS themselves.
Yea, I know that the password is stored in a hashed file.
But, is there no other way for the hacker to use the same connection between WHM and S3 to delete the backups with the same method as WHM backing up the data?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,266
313
Houston
They'd need to have your password to establish a direct connection to the backup server. Otherwise the only other method your backups could be removed say through the automated backup system would be if your preferences for retention are changed, this wouldn't be something which would expose your password though. This would mean they had direct access to your WHM and modified your backup preferences. A restriction that would prevent something like this (though I've never seen it done before) would be utilization of host access control, information on which can be found here: Host Access Control | cPanel & WHM Documentation
 
  • Like
Reactions: ImperialTrader

ImperialTrader

Well-Known Member
Aug 31, 2014
174
20
68
Egypt
cPanel Access Level
Root Administrator
They'd need to have your password to establish a direct connection to the backup server. Otherwise the only other method your backups could be removed say through the automated backup system would be if your preferences for retention are changed, this wouldn't be something which would expose your password though. This would mean they had direct access to your WHM and modified your backup preferences. A restriction that would prevent something like this (though I've never seen it done before) would be utilization of host access control, information on which can be found here: Host Access Control | cPanel & WHM Documentation
Yes, you are correct.
I think the best idea for this case is to copy the backed up data in my AWS S3 to another bucket in S3 using any automated function in AWS side.

Thank you :)