Support

Akeeba Backup for Joomla!

#32892 Necessity get rid of random string added at jpa file names

Posted in ‘Akeeba Backup for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Akeeba Backup version
n/a

Latest post by on Friday, 05 June 2020 17:17 CDT

ad3web
I have seen the new addition of a random string in the name of the jpa files. I have read the post #32721 ( Strange File Name Just Started) and (IMHO) understand and approve this change.
But for my workflow it is absolutely necessary that the name of the file does not change, because it is based on the exact name of the files and on the possibility of overwriting the old versions of the files in the external space dedicated to backups.
I hadn't known about this change beforehand until my backup space was full and backup uploads stopped ... :-(
If I'm not mistaken, I don't find anywhere the option to disable this behavior.
But I hope I was wrong ... ???
Maybe a [NORANDOM] switch for naming?
Otherwise, in my opinion the option could be enabled (if you want, by default for new installations) but leave the possibility to disable it, if you want with a warning.
Can I hope for this?
Or after so many years do I have to look for a new backup system for all my sites?

Thanks!

dlb
This includes a little more information than #32721. If you have a space issue it seems the quota system would be the way to address that, not depending on overwriting an existing file.

Starting with Akeeba Backup 7.1.0 and in in an effort to protect the security and privacy of our clients' sites we will make the backup archive filenames practically impossible to guess by automatically adding -[RANDOM] (dash followed by 16 random alphanumeric characters) to the backup archive filename in the following potentially hazardous configuration conditions:

1. You are using the default backup output directory; OR

2. You are using a backup output directory that is under your site's root and for which we cannot positively detect that it's inaccessible over the web.

The test for whether the backup output directory is accessible over the web takes place when you visit Akeeba Backup's Control Panel page and activate the backup profile in question from the dropdown list. First, Akeeba Backup will place a .htaccess, web.config, index.html and index.html file if they are not already present. For this reason it's IMPERATIVE that your backup output directory is NOT the parent folder of a web accessible location. The check will then try to write a randomly named file in your backup output directory and access it over the web. This may create an entry in your server's error log. If this happens do not worry; it's normal and it means that everything is working correctly.

Also note that if you are using the default backup output directory, regardless of whether it is accessible over the web, you will see a potential issue warning in the Control Panel, the Backup Now page and your backup log file titled Q203 Default output directory in use. This is deliberate. The link for that message, that I included here, explains our reasoning.

You cannot disable either behavior in Akeeba Backup for the same reason you cannot disable seat belts in a car. It is a security feature, put in place to protect you.

If you want to avoid having the random characters appended to your backup archive's name and / or prevent Akeeba Backup from issuing a warning about the default backup output directory being in use you will need to address the conditions above, i.e. follow our advice to create a dedicated backup output directory. A short version follows.

Ideally, this should be placed in a directory above your site's root. If this is not possible, please use a directory inside your site's root. A hard to guess name like "qebPw234wD_backups" is preferred to an easily guessable name like "backups". Do not place your backup output directory in a CMS system directory, such as Joomla's cache, tmp, media etc directories or WordPress' wp-content directory. After creating the backup output directory go to the Configuration page to change your backup output directory to it. This needs to be done once per backup profile. Remember to exclude your old backup output directory (default: administrator/components/com_akeeba/backup) from your backup to prevent backing up any existing backups which may still be in there.

When you next visit Akeeba Backup's Control Panel, Akeeba Backup will try to protect the backup output directory and check if your directory is accessible over the web, as explained above.

If the backup output directory is EITHER above the site's root (therefore by definition inaccessible over the web) OR positively identified as being inaccessible over the web THEN and only then Akeeba Backup will stop adding the -[RANDOM] suffix to the names of your backup archives.

Thank you for your understanding wile we make using Akeeba Backup safer for you.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

ad3web
All very clear - and cleaver.
I have updated my configuration on all sites, everything is ok again.
As far as it matters, I fully agree with your choices.
But maybe there had to be a warning when updating the component - or maybe I missed it.
For information, this is my scenario that the update had "broken":
For many sites for the backup I use some Dropbox free accounts, from 10-13 GB, overwriting the files, because Dropbox still keeps the old copies for a month, without counting the space.

Thanks for everything, and keep up the good work!

dlb
There would have been some description of the change in the Release Notes for the update. I confess that I only read the release notes when something unexpected happens. (Don't tell Nicholas and Davide!)

I'm glad I could help.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!