A beautiful frosty day dawns on the outskirts of Melbourne, the coffee is rich and fulfilling, and all seems well…
But no – someone has hacked one of our sites and deleted a number of folders…. grrr. Unfortunately that is open of the downsides to using the most popular website management systems, there are people out there with nothing better to do than disrupt peoples lives by being yucky.
Naturally we plan for this situation. Backups & Restores are a key to reliable service. Sites who pay for a premium service have their sites backed up on daily, weekly, monthly & annual cycles. The Daily backups are stored on a local folder not the website making it easy to restore accidental deletions and the like. While the weekly and monthly backups are stored on other servers in the cloud and locally at the Adams Factory.
This morning I found that this latest nasty person had deleted a number of folders, and there were a few files I didn’t recognise. Unfortunately the daily backups had been deleted as well.
The problem is, I don’t know exactly when the site was attacked and when he nasty activity began. So I restored the site from a backup from 3 months, a fairly safe length of time. I then selectively restored files from the weekly backup and the site was back and operational again.
Why did the attack happen?
I am not sure. The site was on the latest versions apart from a couple of plugins (updates are made on a weekly cycle), unfortunately we can’t be certain what the problem was, but we do know we have the site back all good now, with only content from the last few days lost.
EDIT (March 2017): since this event in 2014, we have made numerous upgrades to the services supporting our sites, there are now Application and Server firewalls in place with additional monitoring and block of known ‘not so nice’ computers (IP blocking).
Backups and Restores
Restoring a site is not easy without a full backup. We strongly recommend a daily, weekly and monthly backup cycle at a minimum, with at least one copy kept in a separate location to the production location (off-site backup).
Our preferred system (20x full backups) which we use for our production sites includes:
- 6 daily copies of the database are stored locally (content restore points)
- 6 weekly full site backups are stored in the cloud (AWS S3 bucket).
- 11x Monthly full backups are created directly to the AWS-S3 bucket
- The current Monthly saved to a hard-drive at the Adams Factory.
- An Annual full backup is created with a copy in the cloud and a copy kept at the Adams Factory.
In Summary the regular backup process results in 20 full back-ups and 6 content (incremental) backups for each hosted site. With the cost of the storage on AWS so low, this seems excessive yet after 4 years running is still less than a cup of coffee a month.
Is It Worth IT?
Absolutely!
Backups & restores are a vital tool for maintaining production websites.
I have upgraded and rebuilt sites and with this breadth of restore reference data, I have successfully recovered lost files, often images, that have been corrupted through the process.
Also the speed to restore to a point in time is fantastic. I can then selectively restore updates from more recent back-ups – so my time has not been lost and I can sleep well knowing that I have a solid backup and restore process in place for my websites.