Web Site Backups: Surprising Vulnerability

Mishawaka, IN.   Web site data is an area of hidden vulnerability for many companies, as illustrated by recent experiences at CompStar Technologies. CompStar is familiar with a variety of web hosting companies as a result of its web visibility and web development client relationships. Several of these hosts' servers became infected during the first outbreak of the Code Red worm. (This alone was an indication of less than ideal procedures, since a server with up-to-date operating system security patches would not have become infected.)

In most cases, the servers were up and running within a few hours of the infection occurring. In the case of one web hosting company, however, sites remained down or damaged for a period of days. When CompStar pressed the web host to correct the problem, they replied that they were having to repair data on each web site they hosted.

"We pointed out that this kind of recovery effort was very time-consuming, and that while the work was taking place many sites were still down," said Roger Dooley, Managing Director of CompStar. "We suggested that they either do a full server restore from backup, or blow away the corrupted web sites and have the site owners re-upload their content."

Both of these options proved to be impossible. Apparently, the host did not have a functional backup that would enable a full server restore with recent data. An even bigger shock was the reason why they couldn't ask their users to republish their web sites. "Nine out of ten site owners say they can't republish the sites, because they don't have the content at their location," explained the web host's technical representative. In some cases, the sites may have been created and forgotten, with the source pages being lost in the meantime. Or, a web design firm no longer used by the company may have published the site and not furnished the owner with a copy. In many cases, site owners were following the hazardous practice of making changes directly to the pages on the web site, rather than editing them locally and republishing to the web.

Whatever the reason, it was clear that many of these site owners were in a dangerous position - they had no way of recovering their web site content if it was lost. 

Even sites that follow normal protocols and keep a full local copy of their site may find they don't have everything they need. Most sites have content that changes as users visit the site: traffic logs, visit reports, mailing lists, forms completed by customers, order data, discussion forums, etc. Some of this content may not be critical, but some of it certainly would present a hardship if it is lost.

Based on this experience, CompStar prepared a checklist of questions to help insure data is safeguarded. (Note: this list is typical for most small to medium-sized web sites; major sites processing many customers transactions should have a greater level of redundancy since even a short outage could be extremely costly.)

Questions for your Web Host: 

1. How frequently is the server and each web site backed up?
2. What procedures exist for removal of backup tapes to a different site?
3. How long will it take to restore a web site from the time the site owner requests it?
4. Describe the procedures in place to keep server software patched and secure.
5. List technical support contacts, including a telephone number (or at least a pager) that is available for emergencies 24/7/365.
6. In the event that the server hosting my web site becomes corrupted, how rapidly can my site be moved to a new server and be fully available to web visitors?

Questions for your internal web staff: 

1. Where is a full copy of the web site located on local systems? Which software is used to maintain and publish it?
2. How frequently is the local copy of the web site backed up, and how often is a copy moved off-site?
3. What content exists on the web site that is not duplicated locally? (e.g., web form results, databases, discussion postings, script settings, traffic logs or summaries, etc.) How frequently is this data backed up locally in the event that the web host's backups are not usable?

It goes without saying that if your web host can't provide satisfactory answers to your questions, it's time for a new host!  Remember that factors other than server disasters can cause loss of web site data.  "One of our clients inadvertently corrupted his local web site copy, and then uploaded the bad data to the web host, overwriting the live web site," says Dooley. "Fortunately, the web host was able to restore the site from a backup tape very quickly.  If a recent backup had been unavailable, repairing the site might have taken days."  

If your web host is performing regular backups and storing some of them off-site, and you are maintaining a local copy of the site and periodically backing up web-only information locally, the chances of a disaster wiping out your site are greatly reduced. Even if the worst happens, and the primary site is irreparably damaged, you should be able to recover very quickly with minimal loss of information.

Web Services.  For information on web visibility, e-commerce, web development, and related services, e-mail us or complete the form below

 IT Indiana - Home

- - - - - - - - - - - - - - - - - - - - - - - - - - - -

CompStar Technologies is a leading Indiana-based provider of networking, technology, and communications services. With offices in Mishawaka (serving South Bend, Elkhart, Warsaw, Michigan City, Fort Wayne, Niles, St. Joseph, and Benton Harbor, Michigan) and Indianapolis, CompStar provides network design / support, network security, wireless networking, business telephone systems, VoIP (voice over IP), and cctv / video surveillance systems. CompStar is the Technology Division of Direct Line Communications, headquartered in Mishawaka, Indiana.