• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Simple question about Plesk backups

msospc

New Pleskian
Server operating system version
AlmaLinux OS 8.x 64-bit
Plesk version and microupdate number
Plesk Obsidian Web Admin Edition - Version 18.0.67 Update #3
Good evening,

sorry, I wanted to set our plesk to make a backup on our remote PC that always remains on.

So we saw the entry: FTPS.

1742401908241.png

We have seen this simple guide, which explains how to install filezilla server on our remote PC:

The question is:

1) By installing filezilla server do we expose our remote PC to risks of external access? (since the guide indicates to open network ports)

2) we have seen that it is possible to set: "FTP over TLS" by creating a LET'S ENCRYPT certificate. Question: does this certificate only encrypt communication or also protect access to the PC where the backups will be received? We would not like to remain only "username and password" as access.

3) Are there any other solutions that you recommend? We have seen that there is a plesk backup proposed in the plesk panel at about €49 per year (excluding space) or File Zilla Enterprise that costs €199 per year but includes space.

Thank you
 
Opening ports in the firewall will always expose you to risks. As long as the software you're using is kept up to date and have other checks in place (Fail2Ban for example) then you can lower the risks but it's still a risks. All web servers has that risks. If the remote server you're using for backup only needs specific IP addresses connected to it you can minimize the risk further by locking down the ports further by restricting it to said IP addresses of the plesk server (or servers).

As for certificate, it's for SSL only which only tells the client that it can be trusted assuming that DN matches up. If used for backups and not using a DNS name then honestly you don't need one since if you're making the connection via TLS it'll be encrypted anyways. It has nothing to do with signing in so if you rather not use a username and password then filezilla server is not what you want and what you do want will costs a lot of money since now you're talking enterprise level features.

As for other solutions, it depends on what you want to do. I have mine backup to an Amazon AWS S3 Bucket, others have it backed up to OneDrive or Google Drive, some has it backup to a FTP server, etc. So there's no wrong answer just depends on what your use cases are.

And if you ask me, I wouldn't rely solely on backups to one location but to at least 2 different locations and would also take snapshots (if it's a VM).
 
Thank you very much for your considerations.
I have carefully evaluated them.

I have seen that if I install FileZilla Server Free on my PC I can make an FTPS backup very easily and set a whitelist of the accepted public IP address.
So I think that the simplest solution could be that.

As you say, I don't need the LetsEncrypt certificate much, so I don't install it.
It seems to me a sufficiently secure solution for my needs.
Also, every month I manually make a backup of wordpress. So I'm calm.

Other questions:

1 - What do you think of the solution I chose?
1 - I understand that with FileZilla Free I can't install Fail2ban. Does anyone have experience? I would have added that function too.

Thanks
 
Back
Top