How-to: FTP-Backup a Linux server with Duply

My Linux root server’s hosting price plan includes a 50 GB backup storage option. The backup server can only be reached using FTP, unsecured. Even though the backup server is only visible from within my server provider’s local network, I still don’t want to expose all my server settings, accounts and databases in clear text to a man in the middle. Or, I don’t want an untrustworthy subject with access to the backup server’s file system to be able to read my backup. Also, I don’t want to send my entire site to the backup storage every day as this would eat up my 50 GB within days.

This is where Duply (formerly known as FTPlicity) comes in handy. Duply claims to make your incremental encrypted backups on non-trusted spaces a child’s play. It manages backup job settings in profiles and allows to batch execute commands. It supports symmetric and asymmetric encryption using GPG.

Duply is not limited to FTP, you can also send your backups to a IMAP, WebDAV or ssh destination (and even more!). I haven’t tried the IMAP method but in theory you could send your encrypted backup to a free Google mail account as long as you don’t exceed the 7 GB provided by Gmail. However, in this sample, I’m using a FTP scenario with asymmetric encryption.

Continue reading

Banning “problem countries” from your Linux server

It’s not a secret that these days most server hacking attempts originate from chinese IP addresses. A lot of attempts originate from other countries like South Korea and Indonesia as well. It seems that in those countries (cyber-)law-enforcement and technological advancement don’t correlate. I agree that a server has to be able to sustain non-flooding attacks just by using a proper and secure server configuration. But what if almost all traffic from those countries are automated vulnerability scans? Continue reading

Setting up a Linux UT3 game server

While the installation of the Linux binary for the Unreal Tournament 3 Server is dead simple, some very brave game server administrators apparently chose to run the server with root permissions because there’s no useful server start script. This usually is an exceptionally bad idea for everything that opens ports on an Internet server.

Here’s a very simple start script that starts the UT3 server with a different account which you have to create using the groupadd/useradd command. In my case I’m using user game in group game. The script will sudo to this less powerful account and then start a botless deathmatch UT3 server. The server will continue to run after you close your shell. Well, at least until the server crashes, which it does frequently. In its current form the script has to be put into the ut3-dedicated/Binaries directory. Continue reading