For the last 4 years my data backup solution for our Windows PCs has been Owncloud (it’s like an open-source Dropbox). It runs on an Odroid C2 (it’s like a RaspberryPi) in the office, plugged into the router and a USB hard drive. The app on each PC watches for files that change, then it copies them to my Owncloud Server. It also has the neat ability for my wife and I to share a folder.
Typically you leave Owncloud servers open to the internet all the time so you can browse your files from your phone at the doctors office or on vacation. Well I did just that, and now I have suspicions someone has gained root access. Possibly though one of Owncloud’s many vulnerabilities. Or because the Odroid has media server software installed from the factory. idk, don’t care too much atm.
My question is what do you use for data backup?
I could do a fresh Ubuntu/Owncloud install and never allow access outside the house. Or maybe I could do some sort of Rsync with my Windows PC? Or there’s that GIT thing I have never once looked into. IDK. With nearly 400GB to keep backed up, offsite backup just isn’t affordable. Thoughts?
Going to have to do this myself at some point soon. Currently still running MacOS and have not had troubles in 20+ years of having my server open to the internet. Seems unlikely to me that the problem is from OwnCloud but certainly I could be wrong about that. My gut tells me that there was some security setting in either Odroid or PHP that was not configured as it should have been or perhaps a password that was just too easy.
Wish I were further down the path on knowing what .nix server to use next. As far as the cloud part of that I am thinking nextcloud as it is a fork of the same thing with apparently more development going on. Kind of like LibreOffice which I moved to after OpenOffice? If you find out how they got in I hope you share it with us. Good luck in figuring out what the next step is. I like RSYNC but am not technical enough to try to write it directly. I use Carbon Copy Cloner which is basically just a very well done GUI implementation of RSYNC IIRC. Once again a Mac thing so not able to meet your needs.
What I do is to take an image of my HD every week and it has the added advantage of having the operating system on it so recovering from a HD failure is pretty much a non-issue. If you want to dedicate a HD you can also clone the drive so that it can immediately be swapped in if needed. Important files that I want to keep between images I put into a Veracrypt file (PGP’ed) and then store it in a Google drive account. Files that I want to access from anywhere I put into a password protected Word document as objects and then into my Google drive account.
I am suspicious because “chkrootkit” has suspicions, and the logfiles I have are dated very wrong. BUT chkrootkit often does give false positives, and I don’t think the Odroid has a RealTimeClock, so reboots reset the system time. As far as logins, both ‘root’ and ‘josh’ require a certificate. Though the certificate IS in owncloud, it is also password protected. And that password is encrypted in a KeyPass file. I do worry about what mistakes may be within that odroid image you need to install after purchase. Perhaps some accounts with weak security, or media server software I don’t understand. (Thinking of that /HNAP1 thing hackers poke for.)
I do have servers at DigitalOcean that have never had issue, so I don’t think anything I ever setup is flawed.
If anyone’s interested, here’s the chkrootkit results: (the fail2ban stuff is expected false positives)
Contents of suspicious file /usr/lib/jvm/.java-1.8.0-openjdk-arm64.jinfo (Though it looks benign, that Ebury/Windigo thing sounds like a misuse of existing abilities, so this is still suspicious to me)
Because the logrotate never worked properly for unknown reasons, I need to ocasionally delete the log files. By the time I became concerned, I had the server firewalled from the outside world for a few weeks. And the logs are always swamped with Owncloud syncs that are normal. So idk.
I would want to know what is in those .htaccess files. Reading those might give you an idea of what the suspicious java thing might be up to. I don’t know much but can usually figure out what a .htaccess file is trying to do.
Those are the fail2ban test files that come with fail2ban. I should probably look through each one to be sure they haven’t been re-written. But here is one for you to have a look at:
/usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htaccess
FYI, that path (/var/www/html/) is the Apache default folder that installs with Apache. But I personally created a new default folder and adjusted Apache settings accordingly on the day I installed Apache. That means that calling the path such as this file does, leads to a dead folder. Pretty good foresight for my first server setup, ey?
I’m running a dual boot Win10 and Mint Cinnamon 20 system and using Macrium Reflect free imaging software. It runs from Windows so when I want to create an image of a) both systems, b) Win10 alone, or c) Cinnamon alone I boot into Win10 and then go from there. Afterwards I can restore any of those 3 images back to the HD or another HD as the case might be.
On a straight Linux system Clonezilla should work just fine.
I started using CrashPlan a few years ago when they had a $50/year unlimited backup plan for one pc. I just sync’ed all important data to one PC with a big hard drive, and backed everything up from there. That worked ok, but that’s my wife’s main computer, and the client (for linux, anyway) is java, and it slows the PC down a lot, sometimes.
They got rid of that plan, and I’ve been on the $10/month plan for a while. I have just a hair over 1TB backed up with them, so it’s not a terrible deal.
I just restored most of the data after the hard drive started failing, and I think I’m going to switch to duplicati with the storage on Backblaze B2. Your 400GB would be $2/month on B2.
Since you seem to like to roll-your-own, my second choice to replace CrashPlan is duplicati backing up to one of these running minio.
Git is for source code versioning. Some people use it to “back up” configuration files, but that’s because they’re text files, and they want them versioned. It’s not a general backup solution, especially for binary files.
It’s a good idea to have an on-site and an off-site backup in case of local disaster (e.g. fire) that takes out the original data and the backup simultaneously. I use Arq going to FreeNAS for on-site and Backblaze B2 for off-site. Arq is similar to Duplicati and a few other backup applications. There are many cloud services that can host the data, but B2 is one of the cheapest.
You also don’t really want to rely on OwnCloud or Dropbox file-sync type services because if something happens to the local copy (e.g. corruption, deletion), the sync’ed copy may end up with the same problem. Arq and Duplicati will save a versioned history of every file, allowing you to go back in time (a la Apple’s Time Machine).
I am in the same boat as you, I use nextcloud open to the internet.
My next go around (whenever I do a complete re-install) I will not leave anything open to the internet. Instead I plan to use wireguard server on my router, then I’ll put the wireguard app on anything that needs access remotely. I’m using wireguard already for some access and it has been a very pleasant experience.
Also checkout urbackup for backups, I like it much better for backups than nextcloud. It will do OS level images, and/or file only backups. It also has a decent bootable restore CD.
If you look around a bit, there’s lots of Synology and QNAP units that have been going on sale quite frequently. If you want offsite, they all have the capability of doing AWS cloud or other cloud storage, or remote rsync to another (second) unit located elsewhere (like your parents/brother/sister/grandparents/friends house, etc) if you know how to port forward their router and maybe do dynamic dns in some cases.
larger hard drives are getting fairly cheap, although I’d recommend “NAS” rated drives and not standard “Desktop” type or “Green” ones. Right now there’s a Seagate Exos 14tb drive that is sitting in a pretty good price point (under $300 US), but that may still be a bit much for some folks.
Get a 4 or more bay if at all possible for your primary and do raid-5 for the best performance & capacity.
You will see a 2-bay go on sale, probably for a very sweet price, and that can be a nice secondary backup box if you can get the drives to size it up as an offsite backup target, but with a 2-bay your only options are raid 0 / JBOD (they aren’t the same thing, but in either case, 1 drive failure and you’re hosed) or raid-1 “mirroring” which is a true raid, but you only get 1/2 the capacity: if you buy 2x 14tb disk, you dont get 28tb storage, you only get 14tb. (really you probably get about 12tb, but lets not go there)
If that 14tb drive I mentioned is too much for some folks (especially 4 of them!) look for smaller drives, but look for Exos, Ironwolf, or WD Red Pro if at all possible. If you find a drive, see if it appears somewhere in one of Backblaze Hard Drive Tests . They test a bunch of hard drives quarterly and publish the results.
“It’s a good idea to have an on-site and an off-site backup in case of local disaster (e.g. fire) that takes out the original data and the backup simultaneously.”
after Hurricane Katrina, my son’s La. client base (medical) was very appreciative of his off-site restorations. all on-site data was/were flooded.
Well a corrupted sector won’t trigger a sync, so the other copy would still be good. Also, Owncloud has a versioning system. For example, I once used an old file as a template to start a new project. I messed up and clicked ‘save’ instead of ‘save as’ after I made all my changes. It sync’d, and situation seemed dire. But I just logged into the Owncloud web panel, downloaded an older copy of the file, and I was back in business.
As for fire, I do have one more layer of protection I didn’t mention. I have another USB drive in a fireproof safe. I get it out a few times a year, plug it into the Odroid/Owncloud server, and run an “rsync” command. Then when it’s updated, it goes back in the fireproof safe.
Nextcloud didn’t exist back when I setup my Owncloud server, I was all for them for a while, but it seems lately they have been adding a lot of bloat. So idk.
I looked at urbackup, I feel there are better options.