AutoBackup 1.03 Released!

By Dave - June 21, 2011

Hello All,

We've just released a new version of AutoBackup:
http://www.interactivetools.com/add-ons/detail.php?1003

NOTE: This version requires CMSB 2.10, so don't upgrade until you're on that version (currently in beta and due for release soon)

Here's what's new in 1.03
- Backup filenames now default to server IP address instead of hostname.
This prevents duplicate backup files being created when there are multiple hostnames used to access a site.
- Auto backups will no longer be created if software isn't completely installed yet.
- Fixed typo on line 13 of autoBackup.php: "last X years" is now "last X months"

The main issue we were seeing is that sites that were accessible with multiple hostnames caused multiple backup files to be created. So www.example.com, m.example.com, etc.example.com automatically created files such as:
www.example.com-v2.10-monthly-Jun.sql.php
m.example.com-v2.10-monthly-Jun.sql.php
etc.example.com-v2.10-monthly-Jun.sql.php

These files all had the same content so they were confusing to users. Additionally, some automated vulnerability scanners used by hackers send fake hostnames, so sometimes you'd get a file starting with yahoo.ru or something like that.

So now we're using $_SERVER['SERVER_ADDR'] as the default which should give you an IP like this:

192.168.1.1-v2.10-monthly-Jun.sql.php

The reason to have a prefix on the backup file at all is to tell what server it came from if you have multiple servers (development and production servers).

Hope that helps! Please let us know if you have any questions or comments.
Dave Edis - Senior Developer
interactivetools.com

Re: [Dave] AutoBackup 1.03 Released!

By aev - June 22, 2011

Hi Dave,

is it possible to use the "Program Name / Titlebar" field as the prefix?

If yes, how do we do that and how do we handle spaces and other special characters that might be in that field?

-aev-

Re: [aev] AutoBackup 1.03 Released!

By Dave - June 22, 2011

Hi aev,

You can specify any prefix you like on this line:

$GLOBALS['AUTOBACKUP_DEFAULT_PREFIX'] = 'my-backup';

And a quick hack to get the text only from the "program name / titlebar" might be:

$programNameTextOnly = preg_replace("/[^a-z]+/i", '-', $SETTINGS['programName']); // replace non-alphabetic chars with dash
$GLOBALS['AUTOBACKUP_DEFAULT_PREFIX'] = $programNameTextOnly;


Hope that helps!
Dave Edis - Senior Developer
interactivetools.com

Re: [Dave] AutoBackup 1.03 Released!

By wcd - October 26, 2011

Hi Dave Ð

Can you explain what happens when a hacker sends a fake hostname and we get a backup file using a different domain? I noticed a bunch of these on one of our client sites today, and wanted to have an answer ready in case they ask us about whether this is a security issue.

Re: [multimedia_nj] AutoBackup 1.03 Released!

By Dave - October 26, 2011

Hi multimedia_nj,

It basically just creates an extra backup file and uses up some extra disk space, so there is no security risk.

Hackers have no way of knowing this is happening and aren't doing it intentionally, they're it's just a side-effect of automated penetration testing tools they're using. And they're likely not even targeting your client's website specifically, they just scan random websites.

Hope that helps! Let me know any other questions.
Dave Edis - Senior Developer
interactivetools.com

Re: [Dave] AutoBackup 1.03 Released!

By nmsinc - November 7, 2011

Hi Dave,

I have never used the backup plugin and I have several websites on one VPS machine with a single IP address, does this plugin backup all SQL files on the server or just the SQL cms_name files for the domain?

Thanks

nmsinc
nmsinc