

Ask HN: How to stop a hacker from deleting your off-site backups? - eliot_sykes

I'm trying to come up with a half-decent backup strategy for a web server.<p>The strategy so far is to store backups locally on the server and have a cron job copy the latest backups over to an Amazon S3 bucket daily.<p>To do this, Amazon S3 user credentials would be stored on the web server.<p>If the web server gets hacked, the hacker would have access to the web server and the Amazon S3 credentials. With this they could delete all local and off-site backups.<p>Anyone got a good way of keeping backups on S3 and protecting themselves from this scenario?
======
wwortiz
Maybe look here: <http://www.tarsnap.com/security.html> it looks like you can
create keys to only write and maybe keep decrypting keys offsite for just this
situation.

~~~
cperciva
_keep decrypting keys offsite_

Yes, you can do that with Tarsnap. More importantly, Tarsnap also allows you
to keep _deletion_ keys offsite.

~~~
wwortiz
I like your service I just didn't really explain my comment well :/

------
oomkiller
Setup pull backups. Rsync.net does this for me. How it works is they ssh into
your box using an SSH key and pull down the backups. That way the password is
never stored on the box that is being backed up.

~~~
cperciva
People who care about security generally don't want to give strangers either
(a) SSH access to their servers, or (b) unencrypted access to all of their
data.

------
eru
Perhaps you can go from a push-system to a pull-system for the backups?

~~~
eliot_sykes
I might go this route, although I'm trying to avoid introducing another system
to be maintained.

Would be good if Amazon S3 could do the pulls.

