They did backup - but the hacker (attacker) killed the backup server too.
How do you handle that? I mean, your server has to be able to write to the backup server - so the attacker can also.
It would need to be some sort of append only filesystem, and who does that?
I use ssh to copy the tar to a different server - remotely distant. Which I thought was enough, for fires in the datacenter, or going out of business without notice. But who protects backups from an attacker? With ssh they can attack the remote machine easily and remove the files.
Maybe I should add a cron on the remote machines to chown the files away (and hope that server also isn't vulnerable).
Pull, rather than push. (For instance, set up a cron script on your home PC to SSH into your production box and download a backup from time to time (rather than having your production box push a backup elsewhere).
How do you handle that? I mean, your server has to be able to write to the backup server - so the attacker can also.
With tarsnap you can create a write-only key file (that is, a key file which only has the authentication and encryption keys for creating archives); if you do this, you can run unattended backups from a server and someone who breaks into the server won't be able to read or delete your backups. (Tarsnap doesn't have any concept of modifying existing archives, so being able to create an archive doesn't allow you to overwrite existing data.)
It's about redundancy -- a backup on one backup server is better than nothing, but if you care about your data, you should be a little more careful than just storing it on two different machines. Store it on lots of different machines, store it on optical media and USB keys, store it in the swarm if possible, etc. People who think that having one tarball on one machine is sufficient have really not thought things through.
How do you handle that? I mean, your server has to be able to write to the backup server - so the attacker can also.
It would need to be some sort of append only filesystem, and who does that?
I use ssh to copy the tar to a different server - remotely distant. Which I thought was enough, for fires in the datacenter, or going out of business without notice. But who protects backups from an attacker? With ssh they can attack the remote machine easily and remove the files.
Maybe I should add a cron on the remote machines to chown the files away (and hope that server also isn't vulnerable).