If you use Drupal or WordPress and you have a virtual Server with SSH Login you should set up a daily Backup Script to have a Snapshot of your Blogs if Hackers insert SQL Code Injections or hack PHP Sites. Cause you cant NEVER know every EXPLOIT of every used Plugin (here less plugins is more!)
Of course you can daily or hourly RESTORE AUTOMATIC by CRON your Blogs by OVERWRITE bad inserted STUFF!
- Article comming soon !! .. sorry have current not enough time..
or read my Wiki for MYSQL and WordPress Help!
- Daily or hourly restored Stuff makes it useless to hack your blog!
- Mount /tmp and /var/tmp ALWAYS with option NOEXEC!!
- disable user access to : find,wget,curl,fetch or other commands with chmod 000 (noexec)
- at php.ini disable upload if not needed cause you use SCP to upload Files/Images
- on Apache2 install mod_security2 to blog SQL Injections, Remark: Not all code is known by the plugin!
If you use WordPress or a other Blog Software with a MySQL Database over years it is useful to do some things regularly:
- Check the Database Size weekly, that no Skript Kid has found a Backdoor and fills up the Database silent
- Purge Database Caches with default maintenance tools of the Software
- Dont forget to create a MySQL Dump Backup weekly with cron
To Check the Size login on mysql command prompt do:
$mysql -u dbuser -p #Enter Password
mysql > use dbwordpress
mysql > SELECT table_schema "Data Base Name", sum( data_length + index_length) / 1024 / 1024
"Data Base Size in MB" FROM information_schema.TABLES GROUP BY table_schema;
System Echo a Table of all of your Databases with size!
If the size is much more bigger than last week and you haven’t changed anything you can try to cleanup the Database by for example with a upgrade.php, update.php or other commandline PHP Scripts of the PHP Kit (WordPress, Drupal..) Maintenance Tools. Often many little things are cached into the MySQL Databases. If this doesn’t help, rewind to older MySQL Dump and test again. Don’t forget to keep the old WordPress-DB and rewinded WordPress-DB MySQL Dump secure! If the Database grows again fast, login to WordPress, check comments area of the posts sites. If comments are allowed by Guests, disable them to prevent Spammers.