The free forums are no longer in use. It remains available as read-only archive.
May 24, 2013
As you know, the XCloner default backup folder is:
All backup files have the same format (Date-Time-SiteName-sql-nodrop.tar),
So, this is why there is a kind of security hole.
A hacker could easily know that and set a robot trying multiple times and dates
combinations, until it finds an existing backup file, thus being able to
download the whole site.
This is the reason why I have chosen a personal folder with a very complicated name
which can’t be found.
Some other backup programs (I also use InfiniteWP) add a combination of random
characters at the end of the files, hence making them impossible to find.
Example of a backup generated with InfiniteWP:
As you can see, 32 random characters have been added at the end of the file’s name
making it impossible to find even for a robot.
How about adding such a security measure to XCloner backup files? Needless then
to choose a personal folder for backups?
Even better than that you could:
1. deny all access to that folder by using .htaccess http://www.kavoir.co…..ccess.html
2. set the Backup Store Path to another location