Tweet
Your beta version has the new "backup and restore" functionality however, there are just two options to restore from: Acronis and cPanel. We use R1Soft off the server and most sites are also automatically backed up daily via Softaculous. Are there any plans to implement both of these or at least R1Soft?
Since Softaculous backups arent so immune to infection (attackers often place malware in the backup folders) Im not sure how reliable that option would be. We do occasionally grab the database from that backup (after inspecting it) if it is more recent than the R1Soft copy. Still, I suppose if the detection was fast enough there might not be an issue.
We are still left with the issue of the sudden appearance of new files where they ought not logically be. Since WordPress and just a handful of other apps (Joomla, Magento, PrestaShop, PHPList, DadaMail and 5-6 others) comprise 99% of what is commonly installed cant there be a comparison of what is found elsewhere in the herd and when new files appear outside the norm they are quarantined and the user is notified to accept or deny these additions? If they arent recognized a backup and then a rollback could be done wiping the restoration path first. To take it s step further there could be an option for the user to respond with password changes for cPanel/ftp/MySQL(in the case of MySQL the old password would be updated in and config files as not to break the app).
I know its a tall order but we really need to address the whole payload. Also/alternately, if a file is infected can a scan be done to find all changes/new files within a period and quarantine those as well? Once an infected file appears I guess what has been done so far could marginally mitigate the damage until a human can respond.
With the power of file replacement Id like to see if the manual process we now do be replaced:
1. Find point/time of intrusion
2. Roll back to snapshot prior to intrusion
3. Change credentials
4. Heightened monitoring for recursion for a set period.
Since Softaculous backups arent so immune to infection (attackers often place malware in the backup folders) Im not sure how reliable that option would be. We do occasionally grab the database from that backup (after inspecting it) if it is more recent than the R1Soft copy. Still, I suppose if the detection was fast enough there might not be an issue.
We are still left with the issue of the sudden appearance of new files where they ought not logically be. Since WordPress and just a handful of other apps (Joomla, Magento, PrestaShop, PHPList, DadaMail and 5-6 others) comprise 99% of what is commonly installed cant there be a comparison of what is found elsewhere in the herd and when new files appear outside the norm they are quarantined and the user is notified to accept or deny these additions? If they arent recognized a backup and then a rollback could be done wiping the restoration path first. To take it s step further there could be an option for the user to respond with password changes for cPanel/ftp/MySQL(in the case of MySQL the old password would be updated in and config files as not to break the app).
I know its a tall order but we really need to address the whole payload. Also/alternately, if a file is infected can a scan be done to find all changes/new files within a period and quarantine those as well? Once an infected file appears I guess what has been done so far could marginally mitigate the damage until a human can respond.
With the power of file replacement Id like to see if the manual process we now do be replaced:
1. Find point/time of intrusion
2. Roll back to snapshot prior to intrusion
3. Change credentials
4. Heightened monitoring for recursion for a set period.
Comment