/backup directory...

    Thanks for report. We will check and fix ASAP.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    it is supposed to be owned by root:root with permissions 0755. what are your permissions?

    I came with this suggestion while I was running ispCP. It was implemented since if a user got hacked and the hacker decided to deleted everything on the users domain which happened to one of our users he could not deleted the backup. This led to the user could recover his data and fix the security flaw.

    but then is: Webtools / Daily backup


    and the description:
    Instructions to download today's backup
    Login with your FTP account
    Switch to backups/ directory
    Download the files stored in this directory
    (usually named backup_YYYY_MM_DD.tar.bz2)
    Restore backup
    Click the Restore button and the system will restore the last daily backup


    useless for the user.

    Its not useless since normally, with permissions set to root:root 0755 you can reach the directory via Ftp. Those permissions are restricted here to prevent user to remove the directory.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    On the other side:
    As user I can download the backups - lets say I have a good backup from last sunday. Now short before the last backup (this night) everything crashed (hack or whatever) so the daily backup is unusable... - The idea was to upload the sunday-backup into the backup folder and then restore this...


    Seem that things are complicated.... - maybe we need a button "open backup folder for some hours to upload an older backup"... ?


    /Joxi

    Edited once, last by joximu ().

    Quote

    Seem that things are complicated.... - maybe we need a button "open backup folder for some hours to upload an older backup"... ?


    So you setup a blinded door to keep hackers outside. But the door prevents you from entering, so then you install a big button right next to the door that unlocks it for a while when pressed. Duh! :P


    Seriously, being hacked is a good enough reason to CONTACT YOUR ADMIN, who can analyze the issue properly (because she can access all the logs), propose you a good solution, *and* restore any "old" backups you want...

    Depends on the circumstances - of course, if your ispcp account is hacked then the big button is not very usefull... if your ftp account was hacked you can change the password, upload an old backup (if you can...) and ok, if you removed the webite by mistake - just before ispcp mad a backup... then you also might try to upload an old backup...


    You always have a situation which does not fit to the automated tools...


    A customer of mine was happy to manage different backups - he could play with oscommerce and when he messed it all up after a few days he just uploded his old backup and restored it...


    /J