Support

Hi Dale!

I believe you were looking for the cloud backup documentation page where I mention all the advanced setup options for S3 :)

Yup, the different sections need to be cross-linked.

If you give the user DeleteObject and GetObject privileges, you're back to square one from a security perspective. If a hacker breaks into your site's backend (with Super Administrator rights) and reads the Amazon S3 access and secret keys, he can do the following:
- With DeleteObject he can easily calculate the paths and names of your backups and create a small script (using s3cmd on Linux) to delete your off-site backups before altering anything else on your site.
- With GetObject he can use a visual tool, like S3Fox, to list your backups and download them; he can not, however, delete your existing backups.
- With none of the above, he could try to overwrite existing archives with zero-byte files.
Nothing is bullet proof. By not giving DeleteObject and GetObject privileges you will stall the attacker, but not stop him.

Likewise, if the attacker has read only file access to your site –but not Super Administrator login access- he could always read the encryption key, the configuration.php file, connect to the database, decrypt Akeeba Backup's preferences and extract the Amazon S3 credentials. If he has write access, he can easily install a tiny script to create a new Super Admin user and apply the attacks outlined in the first paragraph.

Pitfall: all of these methods assume that you are being attacked by a hacker who knows what he's doing. The thing is, if you are attacked by someone like that, you're screwed, big time. Think about an evil version of me let loose upon a site.

IMHO, the best security practice is:
- Use a different bucket per site
- Use a different Amazon S3 user per site
- Don't let the user of site A access the bucket for site B
- Keep multiple copies of your backups, on S3
- Keep multiple copies of your backups, on your hard disk
- Keep multiple copies of your backups, on flash drives
- Keep multiple copies of your backups, on CDs
- Keep multiple copies of your backups, on stone, holographic crystals, carbonite, positronic brain...
- You can never have too many copies of your backups

I know, automation always has some gotchas. That said, using s3cmd with a CRON job on your CentOS box to fetch the latest backup files is always possible. See their sync how-to. The —skip-existing switch is the key. Just don't use --delete-removed since you don't want to automatically removed deleted archives (that's why you're downloading them in the first place).

Hey, you're a Linux guy. There is no such thing as "impossible to automate" in Linux :)