Register Blogs Advertise with usHelp Desk Today's Posts Search

Tools, Information and Resources for Working on the Internet.
Rate this Entry

A Warrior Disaster Plan

Share
Submit "A Warrior Disaster Plan" to Facebook
Posted 22nd January 2009 at 06:15 AM by mywebwork

This is actually a post I made a while back but I wanted to rehash it. It's a long read but contains valuable information that could save your bacon!

Security and Backups

I feel that this is an important topic, one that is too often overlooked by many Internet Marketers, occasionally with disastrous consequences. I'm hoping to convince as many fellow Warriors to take the time read this post and I assure you that it isn't a ploy to send you to my latest website or software creation – in fact I won't include one single link, affiliate or otherwise.

In the “offline world” I spend a lot of my time managing the IT resources for a small company that provides educational software to schools and students throughout the state of Hawaii. It's rewarding work as our efforts benefit children who really need extra help at no cost to them (it is funded through the No Child Left Behind act). I have created an internal network for them and designed a number of web-based services for our tutors to record their progress. I therefore run a series of web servers, Apache servers similar to what most of you are hosting your web sites on. As I prefer to work remotely I have also implemented a number of remote access systems.

Last week our main web server was hacked. In many respect we were fortunate, the damage was minimal and no data was lost. I have spent the last few days tightening security and implementing an open source firewall product – if there is a positive side to this incident it's that I'm quickly becoming an expert in Untangle!

The incident got me thinking about the last crisis we had, about a year ago when a servers RAID controller went nuts and trashed the data – and then we discovered that one of our backup tapes was defective. And THAT got me thinking about my home network and all of my web sites, so I've also spent some time in the home office and on my web properties doing some disaster prevention. I thought that some of what I've been doing might also apply to other Warriors.

A Disaster Plan - You Need This!

As Internet Marketers we represent a new breed of workers whose products are not physical objects but digital creations – our web sites, e-books, videos and articles. Physical products are in danger from fire, flood and theft. Digital products are basically patterns of ones and zeros and can fall victim to corruption or deletion. Protecting that digital property is just as vital as protecting the building that you work in. Most people will purchase insurance and install secure locks, yet many people don't have a backup scheme, or any protection from hackers. Some could lose months of work, if not years, in an instant. Personal experience tells me that this is not a pleasant feeling, and I hope most of you never get to experience it.

There are two areas that you need to attend to – Backups and Security.

Backups

Most of us host on servers provided by big hosting companies, who (hopefully) have a backup scheme in place that keeps our data safe and sound. But this is never something you should rely upon, and most hosts don't issue any guarantee that they'll be able to retrieve any data of yours should you happen to lose it. Keep in mind that it doesn't take a server crash or hacker to lose data – a silly mistake with your FTP client or a PHP coding error can do the job just as fast.

We also produce work on our workstations and notebooks, projects in progress at various stages of completion. That work is also subject to loss or corruption, and notebooks are among corporate thieves hottest targets.

There are so many ways to backup data that it's just silly not to. If your work was worth the time it took to create it's worth backing up. Use your FTP client or online File Manager and copy your entire website down to your computer. If you're making changes then do a periodic copy so you can revert back to an earlier design if you “break” your site.

Keep in mind that database-driven products like WordPress, Joomla and Drupal also need their associated MySQL databases backed up. You may also have other scripts that use a MySQL database. PHP MyAdmin is included with many hosting packages, you may have used it to create these databases in the first place. It can just as easily back them up. WordPress has it's own provision for backing up it's database ant the posts within, for Joomla I use an open source product called JoomlaPack that makes the job easy. Save the MySQL backups in folders with the associated data files.

The backups themselves should be copied to other media. I use a network attached storage device and also backup the stuff I'm currently working on to a USB flash drive. I'm also starting to use an online backup service to backup the storage device whenever a change is made.

There is no such thing as too many backups.

Security

While you may not run your own web server you still need to be concerned about security. Our hack last week was a slap in the face and a grim reminder that the danger is very real. Our corporate site is one of the least interesting on the Internet and its traffic statistics would embarrass any one of you. Yet someone (or some bot) in Nanjing Jiangsu China took a few hours of their time to break in. And the path our intruder took (cracking our SSH access code) is something that could just as easily happened to a hosted web server, despite your hosting companies best efforts.

The first and probably most vital thing to do is to create secure passwords. I said “passwords” as in plural, you should have unique passwords for EVERY account. Not only that, they need to be secure passwords, not the name of your child, spouse or pet fish Eric. Yes it's a pain in the rear to remember 18 passwords like “z4N@x!3jG23!” but these are the sort of passwords we created for every entry point into our network. Your Internet Marketing business deserves no less protection.

Also consider the passwords you use for less secure functions, like joining a web site to receive a free download. Now I'll quickly point out that there is usually no risk here, but just keep in mind that this information ends up in someones database, which itself is probably not impervious to hacking. I can certainty see using a common password for these types of sites, but it's probably not a good idea to use the same password that you also use for your bank and for the WordPress admin account on all your websites. That's just being silly.

Another security precaution is the files and directories you have on your site. All files and folders have properties that can make them visible or invisible, read-only or writable. If you've ever installed a script you may have needed to run a “CHMOD” command, this is LINUX voodoo for changing file permissions. A file or folder should always have the minimum permissions it needs to do its job, no more. You almost never want folders to be browseable. This is often easier said than done, and if you';re not sure what you're doing find someone who is and get them to evaluate your security.

On your own workstation you definitely want to use and update your virus protection software. I do a lot of my work on an Ubuntu workstation which is somewhat less susceptible to viruses but I still take precautions. And you should too.

There is no such thing as too much security.

Disaster Plan

After you instigate a backup strategy and a security plan you should plan for everything to fail. What would you do if your web site (or all your web sites) were wiped out tomorrow? How fast could you be back in business? Would you lose customers or subscribers? How badly would your business be damaged.

The best way to understand a complete disaster is to actually have one, unfortunately that's also the worst way to learn. Next best bet is to simulate one.

I have a computer that I've setup with Ubuntu LINUX and the LAMP (LINUX, Apache, MySQL & PHP) package. All of this stuff is free open source software. I use it as a development server so I can test PHP code and site changes before I deploy to my actual servers, and I constantly keep it in sync with my actual sites. Keeping it in sync often involves tearing it down and completely rebuilding it, an exercise everyone should try (or have their tech guru try) as it simulates what you'd actually have to do to build back from scratch. I have a similar development server at work that I use for the same purpose. The server itself doesn't require any great hardware, mine is just an older Pentium 4 desktop that used to run XP and it performs just fine.

Again my apologies for such a mammoth entry, and if you've made it this far I appreciate your taking the time to read this. Hopefully if nothing else it will cause you to evaluate your own disaster plan and perhaps upgrade it, and if it saves even one Warrior from disaster then it was well worth the time to write it.

“An ounce of prevention is worth a pound of cure” - Ben Franklin
Views 2271 Comments 2
Total Comments 2

Comments

  1. New Comment
    onlineleben's Avatar
    Thanks for this insightful post - I know it is a hassle to remember all the different passwords and make them long enough to be (nearly)unbrakable. Always have a terrible time to convince my better half of coming up with funny, easy to remember two word combinations instead of those that you warned of.
    Regarding backups, I always do a full download of my sites to the Pc at home and then also save on CD-ROM. I started using USB sticks (one stick per site - one purpose (backup) only) but it is difficult to file them. All of a sudden you have a box full of sticks and somehow one (the important one ou need right now!) is missing. On CD-ROM you can also write with a marker pen and usually you have enough space to save thousands of html pages, scripts and logfiles.
    Disaster Recovery is also an important point. To have a decent plan in place is a number one necessity when you run your sites as a bussiness. I once had to fully restore my site Orchid Care - Orchid Growing - Tom's Orchid Flowers Help when I tried to install a funny script. Just opening my desk drwaer and pulling out the CD-ROM and sending everything back onto the server took me 10 minutes.
    permalink
    Posted 19th October 2009 at 06:32 AM by onlineleben onlineleben is offline
    Updated 19th October 2009 at 06:37 AM by onlineleben (removing typos)
  2. New Comment
    Greg D's Avatar
    Thank you for the awesome post. I think you should put together a pdf, some videos and maybe a plugina nd you would have an AMAZING WSO on your hands.

    Greg
    permalink
    Posted 17th November 2010 at 08:26 PM by Greg D Greg D is offline
 


All times are GMT -6. The time now is 11:37 PM.