Question Backup FTP Storage Security

[WebHostingAce]

Hi,

I hope to migrate to Vultr Hosting. As I know they offer Daily Snapshot but only one and only you can restore the whole server.

I just want to know, If I'm backing up my server daily and upload to a external FTP Storage,

In worst case scenario, if hackers get into my server would they be able to get the username and password for backup FTP Storage server as well?

Thank you

 

[Bitpalast]

The hacker can see the username by looking at the BackupsSettings table of the psa database, but he will not be able to see the password, because neither the FTP account password, nor the backup encryption password is stored in plain text. Both are encrypted. If a hacker manages to access your server, the maximum the hacker can find out is the name of your FTP backup server and the name of the user account that is used for login.

But note, that a hacker who gains root access can install a software that intercepts FTP transactions. So the hacker will be able to connect to your backup account without actually knowing the password. He might not be able to access your FTP backup server immediately after breaking into your server, but he will be able to access the account next time the automatic backup is done. So it is not perfectly safe to have the external FTP backup. You'd need a backup of the backup, too, which should be controlled separately from Plesk.

 

[IgorG]

Additionally to @Peter Debik words, I would suggest you read more about Password-protected Backups - https://docs.plesk.com/en-US/onyx/a...nd-recovering-websites/backing-up-data.65198/

 

[WebHostingAce]

Thank you..

Much appreciated!

What would be the best way to have a backup? I just dont want to loose all the data server and ftp backup server both.