Warrior Disaster Plan - Please Read

14 replies
I apologize in advance for posting such a long post but I feel that this is an important topic that is too often overlooked by many Internet Marketers, occasionally with disastrous consequences. I'm hoping to convince as many fellow Warriors to take the time read this post and I assure you that it isn't a ploy to send you to my latest website or software creation - in fact I won't include one single link, affiliate or otherwise.

In the "offline world" I spend a lot of my time managing the IT resources for a small company that provides educational software to schools and students throughout the state of Hawaii. It's rewarding work as our efforts benefit children who really need extra help at no cost to them (it is funded through the No Child Left Behind act). I have created an internal network for them and designed a number of web-based services for our tutors to record their progress. I therefore run a series of web servers, Apache servers similar to what most of you are hosting your web sites on. As I prefer to work remotely I have also implemented a number of remote access systems.

Last week our main web server was hacked. In many respect we were fortunate, the damage was minimal and no data was lost. I have spent the last few days tightening security and implementing an open source firewall product - if there is a positive side to this incident it's that I'm quickly becoming an expert in Untangle!

The incident got me thinking about the last crisis we had, about a year ago when a servers RAID controller went nuts and trashed the data - and then we discovered that one of our backup tapes was defective. And THAT got me thinking about my home network and all of my web sites, so I've also spent some time in the home office and on my web properties doing some disaster prevention. I thought that some of what I've been doing might also apply to other Warriors.

As Internet Marketers we represent a new breed of workers whose products are not physical objects but digital creations - our web sites, e-books, videos and articles. Physical products are in danger from fire, flood and theft. Digital products are basically patterns of ones and zeros and can fall victim to corruption or deletion. Protecting that digital property is just as vital as protecting the building that you work in. Most people will purchase insurance and install secure locks, yet many people don't have a backup scheme, or any protection from hackers. Some could lose months of work, if not years, in an instant. Personal experience tells me that this is not a pleasant feeling, and I hope most of you never get to experience it.

There are two areas that you need to attend to - Backups and Security.


Most of us host on servers provided by big hosting companies, who (hopefully) have a backup scheme in place that keeps our data safe and sound. But this is never something you should rely upon, and most hosts don't issue any guarantee that they'll be able to retrieve any data of yours should you happen to lose it. Keep in mind that it doesn't take a server crash or hacker to lose data - a silly mistake with your FTP client or a PHP coding error can do the job just as fast.

We also produce work on our workstations and notebooks, projects in progress at various stages of completion. That work is also subject to loss or corruption, and notebooks are among corporate thieves hottest targets.

There are so many ways to backup data that it's just silly not to. If your work was worth the time it took to create it's worth backing up. Use your FTP client or online File Manager and copy your entire website down to your computer. If you're making changes then do a periodic copy so you can revert back to an earlier design if you "break" your site.

Keep in mind that database-driven products like WordPress, Joomla and Drupal also need their associated MySQL databases backed up. You may also have other scripts that use a MySQL database. PHP MyAdmin is included with many hosting packages, you may have used it to create these databases in the first place. It can just as easily back them up. WordPress has it's own provision for backing up it's database ant the posts within, for Joomla I use an open source product called JoomlaPack that makes the job easy. Save the MySQL backups in folders with the associated data files.

The backups themselves should be copied to other media. I use a network attached storage device and also backup the stuff I'm currently working on to a USB flash drive. I'm also starting to use an online backup service to backup the storage device whenever a change is made.

There is no such thing as too many backups.


While you may not run your own web server you still need to be concerned about security. Our hack last week was a slap in the face and a grim reminder that the danger is very real. Our corporate site is one of the least interesting on the Internet and its traffic statistics would embarrass any one of you. Yet someone (or some bot) in Nanjing Jiangsu China took a few hours of their time to break in. And the path our intruder took (cracking our SSH access code) is something that could just as easily happened to a hosted web server, despite your hosting companies best efforts.

The first and probably most vital thing to do is to create secure passwords. I said "passwords" as in plural, you should have unique passwords for EVERY account. Not only that, they need to be secure passwords, not the name of your child, spouse or pet fish Eric. Yes it's a pain in the rear to remember 18 passwords like "z4N@x!3jG23!" but these are the sort of passwords we created for every entry point into our network. Your Internet Marketing business deserves no less protection.

Also consider the passwords you use for less secure functions, like joining a web site to receive a free download. Now I'll quickly point out that there is usually no risk here, but just keep in mind that this information ends up in someones database, which itself is probably not impervious to hacking. I can certainty see using a common password for these types of sites, but it's probably not a good idea to use the same password that you also use for your bank and for the WordPress admin account on all your websites. That's just being silly.

Another security precaution is the files and directories you have on your site. All files and folders have properties that can make them visible or invisible, read-only or writable. If you've ever installed a script you may have needed to run a "CHMOD" command, this is LINUX voodoo for changing file permissions. A file or folder should always have the minimum permissions it needs to do its job, no more. You almost never want folders to be browseable. This is often easier said than done, and if you';re not sure what you're doing find someone who is and get them to evaluate your security.

On your own workstation you definitely want to use and update your virus protection software. I do a lot of my work on an Ubuntu workstation which is somewhat less susceptible to viruses but I still take precautions. And you should too.

There is no such thing as too much security.

Disaster Plan

After you instigate a backup strategy and a security plan you should plan for everything to fail. What would you do if your web site (or all your web sites) were wiped out tomorrow? How fast could you be back in business? Would you lose customers or subscribers? How badly would your business be damaged.

The best way to understand a complete disaster is to actually have one, unfortunately that's also the worst way to learn. Next best bet is to simulate one.

I have a computer that I've setup with Ubuntu LINUX and the LAMP (LINUX, Apache, MySQL & PHP) package. All of this stuff is free open source software. I use it as a development server so I can test PHP code and site changes before I deploy to my actual servers, and I constantly keep it in sync with my actual sites. Keeping it in sync often involves tearing it down and completely rebuilding it, an exercise everyone should try (or have their tech guru try) as it simulates what you'd actually have to do to build back from scratch. I have a similar development server at work that I use for the same purpose. The server itself doesn't require any great hardware, mine is just an older Pentium 4 desktop that used to run XP and it performs just fine.

Again my apologies for such a mammoth post, and if you've made it this far I appreciate your taking the time to read this. Hopefully if nothing else it will cause you to evaluate your own disaster plan and perhaps upgrade it, and if it saves even one Warrior from disaster then it was well worth the time to write it.

"An ounce of prevention is worth a pound of cure" - Ben Franklin


#backup #disaster #plan #read #security #warrior #web site
  • Profile picture of the author Daniel Scott
    Killer post dude.

    Your expertise shows and it's great that you gave some specifics.


    Always looking for badass direct-response copywriters. PM me if we don't know each other and you're looking for work.

    {{ DiscussionBoard.errors[428826].message }}
  • Profile picture of the author mywebwork
    Thank you Dan, I appreciate your kind words.

    {{ DiscussionBoard.errors[428840].message }}
  • Profile picture of the author dogisland
    You can also test your recovery plan with a linux virtual machine running on windows.

    My ideal (which I don't have yet) is a script that would auto restore from backups all my sites to a clean linux server. i.e. restore all user accounts, create database, copy in site files etc. This would minimise downtime.

    Currently I backup my sites to amazon S3 automatically every sunday.
    {{ DiscussionBoard.errors[428855].message }}
  • Profile picture of the author mywebwork
    Aloha dogisland

    Yes indeed, there are several ways to do it, a virtual machine running LINUX is another valid method. If you have the programming skills to automate some (or all ) of the process it would be worthwhile to take advantage of them.

    And if you don't then implement a manual process and make it a task you schedule for yourself periodically and follow through with it. The main thing is to do it!

    The S3 scheme sounds interesting, care to elaborate? I'm sure many would find that interesting.

    {{ DiscussionBoard.errors[428891].message }}
    • Profile picture of the author dogisland
      Originally Posted by mywebwork View Post

      The S3 scheme sounds interesting, care to elaborate? I'm sure many would find that interesting.

      If you do a search for "s3 backup scripts" you'll find a lot of free resources.

      Amazon charges by the amount of space you use which for me is a few pennies a month.
      {{ DiscussionBoard.errors[447376].message }}
  • Profile picture of the author JustDean
    As far as the servers are concerned I hope this doesn't come across as arrogant, I hope the servers I use are secure other wise why pay for the service and get get my own server.
    With regards to the back up quote to be honest until I red this post I didn't even give it a thought.
    Bill you have saved my bacon, I am definitely gonna look at what actions I have in place.
    Thank you for all the information
    I hope to hear more from you, especially with me being wet behind the ears still i appreciate any and all advice.


    cts of Random Kindness
    Pay It Forward
    {{ DiscussionBoard.errors[447263].message }}
  • Profile picture of the author IainBuchanan
    Great post, you've covered a lot (I'm a freelance IT consultant by trade) so won't go back over it.

    Just a quick tip when it comes to passwords - KeePass Portable is your friend. Stick it on a USB stick on your keyring to always have your encrypted passwords to hand. Backup the password file to your desktop.
    {{ DiscussionBoard.errors[447308].message }}
  • Profile picture of the author TheRichJerksNet
    Good post...

    I have been saying this for awhile now ...

    If you are running anything other than the following then you are at serious risk..

    Unix Server running Php 5.2.5 (or php 4 is fine), Cpanel 11 and apache compiled with SuExec installed.

    I have posted this several times, no server should be using any kind of 777 permissions and if it does then change servers.

    A recent report by the Congressional Research Service stated that the financial impact of computer hackers amounts to $226 billion annually. Another report calculated that hackers could be taking up to six cents of every Internet dollar of revenue.

    {{ DiscussionBoard.errors[447322].message }}
  • Profile picture of the author Tim Dixon
    Really, really useful post Bill and a kick up the backside for many of us I'm sure, myself included!!

    For anyone that's interested, there's quite a neat program I've used for a while now for the desktop side of things called SyncBack and there is a free version available which you can get from their site here:

    2BrightSparks | SyncBackSE

    I would be interested in the automatic backup to S3 as well.

    {{ DiscussionBoard.errors[447361].message }}
  • Profile picture of the author mywebwork
    Thanks to all for the comments, and many thanks for suggesting Amazon S3, KeePass Portable, and SyncBack - all excellent solutions for backup and security.

    Sadly it often takes a big data disaster to wake some folks up to the dangers of ignoring this.

    {{ DiscussionBoard.errors[447833].message }}
  • Profile picture of the author dealers
    Thanks Bill.
    I recently had a Wordpress blog, the database and the backup disappear. My web host was confounded. I hadn't backed it up myself. Now I must rebuild it all...

    Friends and acquaintances are the surest passport to fortune. ~ Arthur Schopenhauer
    {{ DiscussionBoard.errors[501987].message }}
  • Profile picture of the author lacraiger
    thank you for this post!
    {{ DiscussionBoard.errors[502059].message }}
  • Profile picture of the author dmarze
    Thank you Bill. I did backups for my most important sites after I read your post.

    Get Unique Content Rich Website... I Will Build And Promote It For You (WSO)

    {{ DiscussionBoard.errors[502890].message }}

Trending Topics