This script was initially designed to run on cPanel based webxites, but it can actually run on any shared host, I have used it on Plesk based 1and1 hosting as well. cPanel is one of the most popular control panels for web hosts. If you have a shared hosting account that uses cPanel then you may have discovered that backing up your mysql data and the physical files in your webspace is not an automated process. In addition if you only have plain FTP and not sFTP access, transferring all your web files and SQL data over an insecure connection could be a security risk.
NOTE: This script/instructions are not complete. Use it as a starting point for something of your own.
The following script has the following features:
- run from the command line using PHP
- run on a schedule via cron
- dump the MySQL DB
- create an archive of all files in the cmsms install including the SQL data
- encrypt the above archive using OpenSSL
- allow download via ftp for local storage
- Ability to run commands such as mysqldump, gzip, rm etc from PHP
- Access to cron
- An encryption tool installed
Step by step
1. As hosting accounts can be setup differently so there are a few requirements to fulfill first. Run phpinfo.php either from your cPanel or create it yourself;
This will give you a clue as to what encryption methods are available to you on your system. For example 1and1 have openssl and mcrypt. I am going to use OpenSSL as I couldnt get mcrypt working
2. Copy and paste the following code into a blank file and call it test.php, upload via FTP to your server and run it from the browser.
<?php $command = 'rm --help ; tar --help ; gzip --help ; openssl list-standard-commands ; mysqldump --help 2>&1'; $output = shell_exec($command); echo $output; ?>
This will hopefully give you a lot of text on screen, basiocally the help files for the commands we need to use. You could run each one by one to make it more readable. The 2>&1 outputs the command line to the browser.
<?php $output = shell_exec('rm --help 2>&1'); echo $output; ?>
Now you have worked out whether you can run the commands required for this script and what type of encryption method you can use. If anything differs, for example if you can use mcrypt, google ‘mcrypt man’ to learn abou how to use that method.
3. Now paste the following into a file, change things like paths and usernames/passwords etc. Upload and call from the browser.
<?php // Change the following to suit your environment $secret_phrase = 'yourSecretPassword'; $dbusername = 'dbusername'; $dbpassword = 'dbpassword'; $dbhost = 'localhost'; $document_root = '/home/username/'; $folder = 'public_html'; // Dont change anything below here $today = date('d-m-y'); $compath = $document_root . $folder; $halt = '5';// Step 1 - Dump the SQL data $command = 'mysqldump -u' . $dbusername . ' -p' . $dbpassword . ' --host=' . $dbhost . ' --opt -A > ' . $compath . 'sqlbackup_.sql'; $command .= ' ; sleep ' . $halt . ' ; '; // Step 2 - Compress the SQL data $command .= 'gzip -f -q ' . $document_root . 'sqlbackup_.sql'; $command .= ' ; sleep ' . $halt . ' ; '; // Step 3 - Archive the web files in public_html $command .= 'tar -cvf ' . $document_root . 'backup_.tgz ' . $compath . ''; $command .= ' ; sleep ' . $halt . ' ; '; // Step 4 - Encrypt the tar archive and SQL gzip files $command .= 'openssl enc -aes-256-cbc -salt -in ' . $document_root . 'backup_.tgz -out ' . $compath . '/username_backup.enc -pass pass:' . $secret_phrase . ''; $command .= ' ; sleep ' . $halt . ' ; '; $command .= 'sleep ' . $halt . ' ; '; // Step 5 - Remove the tar and gzip files $command .= 'rm -f ' . $document_root . 'backup_.tgz ; '; $command .= 'rm -f ' . $document_root . 'sqlbackup_.sql.gz'; $output = shell_exec($command); ?>
You should, hopefully get a file in yourpublic_html directory called ‘username_backup.enc’. If you dont, then comment out each step and start at the beginning, one step at a time checking for errors and successful file creation.
4. Once everything worls as expected, move this test file outside of the webroot. Setup a cron job from cPanel to run this script at a specified time interval, one week should suffice unless your site changes daily.
5. Setup your FTP program as a schedule task in Windows to run after the above cron script has run. This will be trial and error depending on the size of your website. Work this out by timing step 3 then add a fudge factor. I am using Filezilla on WinXP. Version 2x allows command line usage of the program, v3x doesnt, so check with your FTP manual first. The specific arguments for Filezilla can be found here. Get your chosen FTP program to download the *.enc file to your local hard drive.
6. Note: As I said this script is something to base yours on. I did try the reverse operation, i.e. decrypting the OpenSSL archive, but it failed. It WILL need some testing by you.