Support

Akeeba Backup for Joomla!

#33851 Control panel status summary Default output directory in use

Posted in ‘Akeeba Backup for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Akeeba Backup version
n/a

Latest post by nicholas on Thursday, 08 October 2020 01:46 CDT

Wednesday, 07 October 2020 09:04 CDT

avoysey

Please look at the bottom of this page (under Support Policy Summary) for our support policy summary, containing important information regarding our working hours and our support policy. Thank you!


EXTREMELY IMPORTANT: Please attach a ZIP file containing your Akeeba Backup log file in order for us to help you with any backup or restoration issue. If the file is over 2Mb, please upload it on your server and post a link to it.


Description of my issue:

I have followed the guidance under https://www.akeeba.com/documentation/warnings/q203.html and have ensured that a .htaccess file is present in the Joomla Backups area and temp areas. with the recommended settings but the warning is still appearing

Thursday, 08 October 2020 01:46 CDT

nicholas

This message appears if and only if you are you using the default backup output directory (<path to your site>/administrator/components/com_akeeba/backup or [DEFAULT_OUTPUT]) in the active backup profile. The instructions on the page you linked tell you that you need to create a new backup output directory, ideally outside your web root. Only then will the message disappear.

They also tell you that if you cannot create a new backup output directory you will probably not need to be overly worried because Akeeba Backup itself is placing .htaccess and web.config files in there to prevent direct access. Note that per our documentation, if Akeeba Backup cannot guarantee that the backup output directory is inaccessible over the web it will be automatically appending 16 random characters at the end of the backup archive name to make it far less likely that an attacker can guess the filename and download the backup over the web.

So, to sum it up.

Create a new backup output directory above your site's web root.

Edit each and every backup profile you have and:

  • Set the backup output directory to the new folder in the Configuration page.
  • Exclude the  administrator/components/com_akeeba/backup folder in the Files and Folders Exclusion page.

This will make the message go away and increase the security of your backups.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!