If you use Drupal or WordPress and you have a virtual Server with SSH Login you should set up a daily Backup Script to have a Snapshot of your Blogs if Hackers insert SQL Code Injections or hack PHP Sites. Cause you cant NEVER know every EXPLOIT of every used Plugin (here less plugins is more!)
Of course you can daily or hourly RESTORE AUTOMATIC by CRON your Blogs by OVERWRITE bad inserted STUFF!
- Article comming soon !! .. sorry have current not enough time..
or read my Wiki for MYSQL and WordPress Help!
- Daily or hourly restored Stuff makes it useless to hack your blog!
- Mount /tmp and /var/tmp ALWAYS with option NOEXEC!!
- disable user access to : find,wget,curl,fetch or other commands with chmod 000 (noexec)
- at php.ini disable upload if not needed cause you use SCP to upload Files/Images
- on Apache2 install mod_security2 to blog SQL Injections, Remark: Not all code is known by the plugin!
If you want to have a full automatic Update on your System then open a Gnome Terminal / Linux Console run (# Comments):
- $sudo nano /root/update.sh
apt-get update #pull updates
apt-get dist-upgrade -y # install updates
apt-get clean #clean update database for next pull to have clean source urls
- save with CTRL+X # save+Exit
- $sudo chmod 755 /root/update.sh # make able to run
- Setup Timeplan:
- $sudo su – # change to root users console with environment
- $crontab -e # open root timer
@daily sh /root/update.sh > /dev/null 2>&1
save with CTRL+X and be happy the System pulls daily on midnight if online..
Problem: phpmyadmin interfaces are slow and often attacked by script kids, if you can don’t use it!
Solution: To backup and restore use command line
To Backup a database:
$mysqldump -u root -p wordpressdb > /backups/wordpressdb-dump.sql [Enter root password]
$mysql -u root -p wordpressdb < /backups/wordpressdb-dump.sql[Enter root password]
Remark: this is not recogized by the ONLINE SYSTEM if users visits you pages to read! There must be no shutdown of the mysql or apache webserver, its a online HOT-Dump. If you like put it into a script and set cron to backup every night.
Sample Bash MySQL Script for full automatic dumps:
## automatic dump database and add time and date stamp ##
date=`date +%d%m%Y-%H%M` # set current date value
mysqldump wordpressdb > /backups/wordpressdb-$date.sql # save+date
exit # close script after work
To save all Databases on one MySQL-Server change
mysqldump --all-databases > /backups/server-all-$date.sql
set time to run:
@daily sh /scriptpath/backup-databases.sh > /dev/null 2>&1
This runs daily backup at 00:00AM and post no message to Admin (root) if you need mails remove (>…1)