Security issue: the default backup folder is not very safe | General Questions and Support | Forum Archive

The free forums are no longer in use. It remains available as read-only archive.

Avatar
Lost password?
Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters – maximum search word length is 84 characters
The forums are currently locked and only available for read only access
sp_TopicIcon
Security issue: the default backup folder is not very safe
May 30, 2013
9:53 pm
Avatar
Bob
Member
Members
Forum Posts: 14
Member Since:
May 24, 2013
sp_UserOfflineSmall Offline

Hi Ovidiu,

As you know, the XCloner default backup folder is:

/wp-content/plugins/xcloner-backup-and-restore/administrator/backups

All backup files have the same format (Date-Time-SiteName-sql-nodrop.tar),

e.g.:

backup_2013-05-30_09-15_example.com-sql-nodrop.tar

So, this is why there is a kind of security hole.

A hacker could easily know that and set a robot trying multiple times and dates

combinations, until it finds an existing backup file, thus being able to

download the whole site.

This is the reason why I have chosen a personal folder with a very complicated name

which can’t be found.

Some other backup programs (I also use InfiniteWP) add a combination of random

characters at the end of the files, hence making them impossible to find.

Example of a backup generated with InfiniteWP:

example.com_manual_full_2013-05-30_0c6e3y37te4wrlncd4zn7l5v5yi7rbv1.zip

As you can see, 32 random characters have been added at the end of the file’s name

making it impossible to find even for a robot.

How about adding such a security measure to XCloner backup files? Needless then

to choose a personal folder for backups?

Best regards,

Bob 

May 31, 2013
6:00 am
Avatar
Ovidiu Liuta
Admin
Forum Posts: 2484
Member Since:
September 26, 2010
sp_UserOfflineSmall Offline

Even better than that you could:

 

1. deny all access to that folder by using .htaccess http://www.kavoir.co…..ccess.html

2. set the Backup Store Path to another location

Forum Timezone: America/Chicago
Most Users Ever Online: 867
Currently Online:
Guest(s) 1
Currently Browsing this Page:
1 Guest(s)
Top Posters:
mlguru: 30
Django29: 29
Andy: 21
D: 21
Marcus: 20
Jamie F: 19
Member Stats:
Guest Posters: 737
Members: 9946
Moderators: 2
Admins: 3
Forum Stats:
Groups: 3
Forums: 7
Topics: 2397
Posts: 8236
Newest Members:
Vargas
Moderators: TriP: 0, Steve Burge: 0
Administrators: Ovidiu Liuta: 2484, Victor Drover: 1, Valentin Barbu: 0