Backups and file safety

Good afternoon. The data backup service is available only for customers who use cloud plans. This system uses the Box tariff and OneBox is installed on the client's server. The client independently provides server maintenance and backup. The terms and conditions can be found here: https://1b.app/ru/prices/#korobochnye-resheniya-on-site-ustanovka-na-svoy-server If you need to back up data and store it on third-party servers, describe the TOR (where to store, how many copies to store, how often to backup ....etc.) and we will appreciate.

Artur I will add a few comments from our practice. the best way to do it - the Russians hacked the server on Hetzner and changed the records in NGINX - apparently the site on the box was not instantly updated. They confirmed it manually, ordered it. Ale does not mean that hackers have access to all database data, files, and backups, which are located on the same server. They could see everything and the efficiency of discovery is even small, as there is no Snapshot of the entire system (and it can be done manually from Hetzner's account). Techpіdtrimka it seems that the user himself is responsible for blocking the input ports. Vidpovidno first - set it up like this, so that it is protected at the entrance, for example, proxy/firewall/internal network IP. Dali mabut varto separate code/files/database on different services. AWS/GCP may need functionality, but splitting and porting may generate only DevOps alerts. As a minimum - the code and files are left out as is, and the database is transferred to another server. Dali about the copies themselves - varto robiti okremo backup of the database (by the way /opt/ and roam only) and files (/your_box/www1/media do not roam) to any external server or service. Here it is necessary to work so that the access passwords are not available in the export of backups, otherwise the attackers can see the data on the backups as well. І at the end - a dark version of the OS transfers automatically online copies of all Box data in three directions and switches to another copy may be mittevo so that you do not hesitate. This way looks like the most progressive, but maybe the most expensive.

[quote] Susyak Igor integrator wrote: Artur I will add a few comments from our practice. the best way to do it - the Russians hacked the server on Hetzner and changed the records in NGINX - apparently the site on the box was not instantly updated. They confirmed it manually, ordered it. Ale does not mean that hackers have access to all database data, files, and backups, which are located on the same server. They could see everything and the efficiency of discovery is even small, as there is no Snapshot of the entire system (and it can be done manually from Hetzner's account). Techpіdtrimka it seems that the user himself is responsible for blocking the input ports. Vidpovidno first - set it up like this, so that it is protected at the entrance, for example, proxy/firewall/internal network IP. Dali mabut varto separate code/files/database on different services. AWS/GCP may need functionality, but splitting and porting may generate only DevOps alerts. As a minimum - the code and files are left out as is, and the database is transferred to another server. Dali about the copies themselves - varto robiti okremo backup of the database (by the way /opt/ and roam only) and files (/your_box/www1/media do not roam) to any external server or service. Here it is necessary to work so that the access passwords are not available in the export of backups, otherwise the attackers can see the data on the backups as well. І at the end - a dark version of the OS transfers automatically online copies of all Box data in three directions and switches to another copy may be mittevo so that you do not hesitate. This way looks like the most progressive, but maybe the most expensive. [/quote] Thank you for your advice. [quote] Tasun Sergey Vladimirovich OneBox production wrote: Good afternoon. The data backup service is available only for customers who use cloud plans. This system uses the Box tariff and OneBox is installed on the client's server. The client independently provides server maintenance and backup. The terms and conditions can be found here: https://1b.app/ru/prices/#korobochnye-resheniya-on-site-ustanovka-na-svoy-server If you need to back up data and store it on third-party servers, describe the TOR (where to store, how many copies to store, how often to backup ....etc.) and we will appreciate. [/quote] Then there will be two servers. If it makes sense and it will be safer, then copy the code and files to a separate server, and copy the database to a separate server. It is important that with the help of these copies it would be possible to restore everything from scratch if the main server burns down. Make copies every week, for example from Sunday night to Monday. Keep copies of the 4th, that is, after each copy, we remove the oldest copy. Here immediately the question is, will everything have time to be processed and will the site work correctly in the morning? If it is possible to put some extra. protection for the server, then tell me pliz what, otherwise I don’t really understand this. (Calculate this pliz separately in hours what can be done other than white-list ip access). How many hours do you need to implement?

Good afternoon. [quote] Tretyak Artur OneBox Insiders wrote: Make copies every week, for example from Sunday night to Monday. Keep copies of the 4th, that is, after each copy, we remove the oldest copy. [/quote] Creating a backup will not affect the performance of the server. An accurate assessment will be when you say exactly where you will store copies of the data (is it a separate server, or is it a remote storage, which copy protocols are supported by this storage) Approximately 4 hours. Given that the client's files in the box take up about 150GB, and ~ 98% are jpg and mp3 - which are not compressed when archiving, I see no reason to store 4 such copies. And the copies of the database, because all settings are stored there, it makes sense to copy every day. These copies will allow you to restore the box. If you want to have a copy of the entire server - so that in case of problems with the server, you can restore everything at once, then contact your hoster, they may provide server snapshot services. Having a snapshot of the system, the hoster will be able to completely restore the server (with all data and settings).

[quote] Tretyak Artur OneBox Insiders wrote: If it is possible to put some extra. protection for the server, then tell me pliz what, otherwise I don’t really understand this. (Calculate this pliz separately in hours what can be done other than white-list ip access). [/quote] It is not entirely clear what kind of protection we are talking about. What do you want protection from (what problems do you want to solve).

[quote] Tasun Sergey Vladimirovich OneBox production wrote: [quote] Tretyak Artur OneBox Insiders wrote: If it is possible to put some extra. protection for the server, then tell me pliz what, otherwise I don’t really understand this. (Calculate this pliz separately in hours what can be done other than white-list ip access). [/quote] It is not entirely clear what kind of protection we are talking about. What do you want protection from (what problems do you want to solve). [/quote] From D-DOS attacks and attempts to connect to the server by searching for passwords. Probably so)