Never Trust Your Hosts With Your Backups

On Saturday, 123-Reg informed their customers that one of their scripts had gone wrong, resulting in around 67 servers being accidentally deleted. As these were all un-managed VPS servers, there were no backups.

This came just days after someone posted on Server Fault  asking for help after one of his scripts also went wrong, deleting the accounts and data of all 1,500 of his customers. All his backups were also deleted by the same script.

While the latter case is now claimed to have been a publicity stunt, it does raise an interesting question about the safety and security of web hosts own backup solutions.

The Dangers Of Trusting Your Backups To Your Web Host

Often a web host will offer a backup solution for an additional price on top of the hosting package. This is often configured as a location on a remote backup server, which is mounted as a drive on the web server for easy access.

This seems to be the kind of backup solution offered in the second example above, and as we can see it proved to be next to useless. Sure, it would help in the event of a physical hardware failure on the server, but for every other case, it is of no use. It doesn’t protect against mistakes made by the host, it wont protect against hackers or viruses penetrating the server, and it certainly doesn’t help in the event of the host going bankrupt.

If the lights go out at your hosting provider – how do you access the backup to restore your data on your new server?

The Preferred Way – A Third Party

The only way you should ever consider doing backups is with a third party company. In almost all cases, they will provide you with a piece of software that does the physical backups. This creates a nice air gap between your server and the backup, keeping them safe from viruses and hackers. The fact that they are owned by a different company protects you against bankruptcy, and they will almost certainly be in a different physical location, again offering protection from extended failures or loss of a data centre.

Anyone not using a third party for backups is just putting all their eggs in one basket. And we all know not to do that, don’t we?