The free forums are no longer in use. It remains available as read-only archive.
Log In
Home
9:53 pm
May 24, 2013
Offline
Hi Ovidiu,
As you know, the XCloner default backup folder is:
/wp-content/plugins/xcloner-backup-and-restore/administrator/backups
All backup files have the same format (Date-Time-SiteName-sql-nodrop.tar),
e.g.:
backup_2013-05-30_09-15_example.com-sql-nodrop.tar
So, this is why there is a kind of security hole.
A hacker could easily know that and set a robot trying multiple times and dates
combinations, until it finds an existing backup file, thus being able to
download the whole site.
This is the reason why I have chosen a personal folder with a very complicated name
which can’t be found.
Some other backup programs (I also use InfiniteWP) add a combination of random
characters at the end of the files, hence making them impossible to find.
Example of a backup generated with InfiniteWP:
example.com_manual_full_2013-05-30_0c6e3y37te4wrlncd4zn7l5v5yi7rbv1.zip
As you can see, 32 random characters have been added at the end of the file’s name
making it impossible to find even for a robot.
How about adding such a security measure to XCloner backup files? Needless then
to choose a personal folder for backups?
Best regards,
Bob
6:00 am
September 26, 2010
Offline
Even better than that you could:
1. deny all access to that folder by using .htaccess http://www.kavoir.co.....ccess.html
2. set the Backup Store Path to another location
All RSS1 Guest(s)
