Just an idea a back up box for Christmas?

Want to chit chat about anything, do it here ... posting here won't increase your post count (or shouldn't!). Please do not post any "phpBB" specific topics here unless they do not fit into the category above. Do not post bug reports, feature or support requests!
Forum rules
Please do not post any "phpBB" specific topics here unless they do not fit into the category above.

Do not post bug reports, feature or support requests! No really... Do not post bug reports, feature or support requests! Doing so will make Bertie a very sad bear indeed. :(
Post Reply
zeth
Registered User
Posts: 2
Joined: Fri Feb 11, 2005 10:18 pm

Just an idea a back up box for Christmas?

Post by zeth »

Just an idea. Is there anyone else who has been inconvienced by the PHPBB site being vandalised? If so then how many other people are there like you and me?

How much would it really cost to buy them a backup box so it doesn't happen again? If your company uses PHPBB for mission critical things then sending 10 dollars as a guarantee that you will always have access to the support forum doesn't sound like a bad deal.

If you are just a hobbyist then sending 2.5 dollars if you work and 1.25 if you are unwaged/student etc doesn't seem like a lot for people in the western world.

If someone can setup a pay-pal box or something and a target figure and work out how much it would cost each (i.e. if 5% of PHPBB users donated something how many cents each would a box cost that can hold a backup), I'd be willing to send a few pounds.

If you are a big company and want to donate the whole box then even better, you could even spray your company name on the side of the case. If you do then I'll personally visit your site, I'll even send you a Christmas card and hold you in high esteem - isn't that better than a few stupid text ads that no-one clicks on?
Magnotta
Registered User
Posts: 80
Joined: Wed Feb 09, 2005 12:49 am

Re: Just an idea a back up box for Christmas?

Post by Magnotta »

phpBB already has their hosting donated to them by a hosting company: http://www.doreo.com/" target="_blank

Also, their stance is that they don't except donations. I'd guess this would fall under that category.
zeth
Registered User
Posts: 2
Joined: Fri Feb 11, 2005 10:18 pm

Re: Just an idea a back up box for Christmas?

Post by zeth »

Oh okay, then maybe already have a plan if any loser tries to pull something like that again.
User avatar
stubbers
Registered User
Posts: 406
Joined: Sat Oct 23, 2004 10:36 pm
Location: LoSt
Contact:

Re: Just an idea a back up box for Christmas?

Post by stubbers »

a backup box wouldn't fix this problem. they could have had the site back up immediatly through backups i'm sure. but why put the same site back up with the same vulnrability.
Nippoo
Registered User
Posts: 93
Joined: Fri Mar 26, 2004 11:38 am
Location: London, Teh UK
Contact:

Re: Just an idea a back up box for Christmas?

Post by Nippoo »

Well, the vulnerability was in awstats, so they could have just disabled that. :D
DeadEye686
Registered User
Posts: 448
Joined: Mon Jul 21, 2003 7:18 pm
Contact:

Re: Just an idea a back up box for Christmas?

Post by DeadEye686 »

Nippoo wrote: Well, the vulnerability was in awstats, so they could have just disabled that. :D
The server was compromised... you can't "just disable it".
Nippoo
Registered User
Posts: 93
Joined: Fri Mar 26, 2004 11:38 am
Location: London, Teh UK
Contact:

Re: Just an idea a back up box for Christmas?

Post by Nippoo »

stubbers wrote: but why put the same site back up with the same vulnrability.
The vulnerability was in AWStats. Therefore,if they had had a backup, removing AWStats from the backup then reuploading the site (they would have had a backed up disk image) would have removed the vulnerability.
KevKEv
Registered User
Posts: 9
Joined: Wed Feb 16, 2005 8:49 am

Re: Just an idea a back up box for Christmas?

Post by KevKEv »

It wasn;t the SITE it was the ENTIRE box. The box was comprimsed and "rooted" the only solution is to restore to a rediculously old backup (to make sure you get to a date prior to the compromise) or completely reinstall the entire box.

Let me put it this way. I once had a box get rooted. The binaries for things like ls, cat, sh, bash, etc had been altered to the attacker's whims.

When a box gets rooted you take it down, retrieve whatever data you can that is reasonably safe to retrieve and then start from scratch. Having an up to date "image" of the system can be useful but you still have to patch it and get it up to date with all of your applications/services/date/etc.

There is no quick fix for a compromise of this magnitude.
Nippoo
Registered User
Posts: 93
Joined: Fri Mar 26, 2004 11:38 am
Location: London, Teh UK
Contact:

Re: Just an idea a back up box for Christmas?

Post by Nippoo »

Arf, KevKev.. I know! I know exactly what they did to the box. What I'm saying is, following on from the title of this thread, if phpBB did have a backup box that took a complete disk image every day or so and kept the backups for a week or so, is that they could have restored from the most recent backup (which would have been about a day old) then removed AWStats. Basically, if they had had a backup box, they would have been able to minimize downtime. :D

Makes sense?

Nippoo
Einar
Registered User
Posts: 19
Joined: Tue Jul 20, 2004 11:03 am

Re: Just an idea a back up box for Christmas?

Post by Einar »

I make full increamental backups with historty twice a day. Use mysqldump, rsync and rdiff-backup with a SSH2 tunnel. Goes really smootly ... no problems with it.

And as backup server .. I use my an old laptop (Pentium 120Mhz) connected to my LAN.

Read more:
http://dev.mysql.com/doc/mysql/en/mysqldump.html" target="_blank
http://www.enterprisenetworkingplanet.c ... _1573881_2" target="_blank
http://www.jdmz.net/ssh/" target="_blank
http://www.nongnu.org/rdiff-backup/" target="_blank
Post Reply