If all you want to do is have a way to quickly repair files that have been damaged by hackers, why not just use the Unix "rsync" command to create a mirror of your site on another computer. Then if a hacker changes anything (index files or any file really), just use rsync again to restore everything to a "clean" place.
NOTE-- The following assumes that rsync and ssh is available on your host computer. If it's not (ie, not running sshd, etc.), you will need to get it set up. Ask your hosting admin.
<i>The rsync remote-update protocol allows rsync to transfer just the differences between two sets of files across the network link, using a efficient checksum-search algorithm...</i>
So, assuming you can SSH into your site, you can securely use rsync to make as many local copies as you want.
For you mac users, rsync is already built into OS X. Linux users should also have it already. Windows users can use a port I just found called CWrysnc or install cygwin, a kind of "Linux for Windows" which will then let you install rsync.
For example, let's use the Macintosh. Let's say you have a site "mysite.com", and you regularly log onto it via SSH from Mac OS X to make changes or whatnot. First, create a directory on your Desktop called "mysitebackupdir". Then, from the Terminal, use this command (which should be typed on a single line):
Wait a while, and you'll have a local copy of your entire site on your machine. The next time you run the command above, it will download MUCH faster, since rsync only copies files that have changed (or been deleted) since the last time it was run.
You can do regular backups this way (and even create dated "point" backups off your local directory whenever you want). Then, if you ever get hacked, you can just copy the entire backup folder in its entirety to restore the site. (Alternatively, you could use rsync again to update only the files that differ from your backup archive)
If you really want to be extra cool, you can set up SSH to use public keys automatically rather than having to type a password every time, and you could even set up the rsync to be done regularly at some pre-determined interval. See the SSH man pages for how to set up SSH keys between your backup machine and the web site. (Hint: You'll probably want to add --quiet to the rsync command so it doesn't dump too much to the Console)
Just some thoughts,
W
EscortCossie Lieutenant
Joined: Feb 21, 2004
Posts: 235
Location: Stavanger, Norway
Posted:
Thu Mar 25, 2004 2:43 pm
Thanks Waldo.. But in fact I could simply backup all the index files to my harddrive, and upload them again if something gets altered?
Thanks Waldo.. But in fact I could simply backup all the index files to my harddrive, and upload them again if something gets altered?
Yes-- you can back up your ENTIRE site to your hard drive and upload them again if something gets altered. But the advantage of rsync is that it automates that process. Over time, you'll find yourself patching the site or making changes or customizations, updating files, etc. Instead of copying over the entire site to your hard drive from the beginning each time you make a change, you can use rsync to download only the CHANGED files so that your backup can be updated in a small amount of time.
You can use rsync to maintain symmetry between directories on two computers-- you can make changes on your local copy, then rsync to your web site, or vice-versa. It's not unlike how you can sync addresses or your calendar between your computer and your cell phone or PDA.
Another cool thing about rsync is it supports encrypted file transfers, so unlike with FTP, you can be reasonably sure that your passwords and files aren't being sent in cleartext.
Again, just a thought. Your site is more than just the "index.php" files-- you want to have a backup of ALL the files.
W
Jeruvy Lieutenant
Joined: Jul 09, 2003
Posts: 293
Posted:
Fri Mar 26, 2004 4:44 am
Quote:
Another cool thing about rsync is it supports encrypted file transfers, so unlike with FTP, you can be reasonably sure that your passwords and files aren't being sent in cleartext.
Can you elaborate on this? I use sftp and obviously don't worry about such things but I'm confused how rsync can encrypt your files without server side configuration?
Thanks,
_________________ J.
j e r u v y a t y a h o o d o t c o m
Jeruvy Lieutenant
Joined: Jul 09, 2003
Posts: 293
Posted:
Fri Mar 26, 2004 4:45 am
Ah nevermind, I noticed it uses ssh.
_________________ J.
j e r u v y a t y a h o o d o t c o m
Emb Nuke Cadet
Joined: Oct 25, 2005
Posts: 4
Posted:
Sun Dec 04, 2005 12:40 am
Supremo: i need this file, but i can't download of this forum. Can you send me of any way? Thanks...!!!!
All days, a guy hack my site, replacing/editing "index.php"
_________________ -----
EMB
tkx Sergeant
Joined: Oct 31, 2003
Posts: 85
Posted:
Fri Jan 13, 2006 3:51 pm
Any1 figure out where the security hole is? Rather than getting together some crazy disaster recovery plans, can we not get down to the core of the problem?.
Evaders99 Site Admin
Joined: Aug 17, 2003
Posts: 12482
Posted:
Fri Jan 13, 2006 8:45 pm
Could be a phpBB security issue, a phpNuke security issue, anything that involves uploading, even a server security hole. Without access logs, we really cannot solve this one
ya I know... it's too bad though, because a lot of people are hacked like this, so it would be nice to see if someone caught how these buggers are doing it. I'm pretty sure it is somewhere in the apache/phpnuke, as no-one has had other problems on their server side.
Anyways, does any1 have this file available? I would like to check it out.
deram Nuke Soldier
Joined: Jan 30, 2006
Posts: 17
Posted:
Mon Jan 30, 2006 11:31 pm
Am I right in assuming that since I have a webhotel. If someone gets in and changes the files on their server, I can just connect my Dreamweaver and reupload all the files (which takes about 15 minutes)?
Can I do a "get" of the database every night and thereby be safe? (because if I "get" it , I assume I have the newest version and can just re-upload it if something ever happens, right?
sting Site Admin
Joined: Jul 24, 2003
Posts: 1986
Location: Apparently ALWAYS Online. . .
Posted:
Tue Jan 31, 2006 5:50 am
Quote:
ya I know... it's too bad though, because a lot of people are hacked like this, so it would be nice to see if someone caught how these buggers are doing it. I'm pretty sure it is somewhere in the apache/phpnuke, as no-one has had other problems on their server side.
One thing that would be helpful would be for any one of the 'lot of people' would post examples of their log files or at least some sample entries minus any info specific to giving away the identity of the hacked site so we could try to determine where the hack was taking place.
Just an observation.
-sting
_________________ Is it paranoia if they are really out to get you?
-------------------------------------------------------
sting usually hangs out at nukehaven.net
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
