Support

Akeeba Backup for Joomla!

#8823 Cronjob issue

Posted in ‘Akeeba Backup for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Akeeba Backup version
n/a

Latest post by nicholas on Thursday, 17 March 2011 09:36 CDT

Tuesday, 15 March 2011 19:23 CDT

madseman
Hi,

I have used cronjob (Cpanel), for Akeeba backup, for a while now, and never had issues on doing that, but suddenly I get the following return on email after the cronjob is trying to run a backup:

// Start email



Starting a new backup with the following parameters:

Profile ID 1

Description "Command-line backup"



Current memory usage: 195.52 Kb



Unsetting time limit restrictions.



// End email

When I backup from backend there is no issue at all.
What can be the issue?

Best regards
Mads

Wednesday, 16 March 2011 02:36 CDT

nicholas
You'd better take a look at your PHP error logs around the time of the backup. I think that either your host disabled PHP's set_time_limit() or that suddenly the script can't load the backup engine's files.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 16 March 2011 13:47 CDT

madseman
Hi Nicholas,

Thank you for your answer.

I can now see, that it is my Joomla! configuration file that is the issue, it's because I have moved it out and away from my Joomla root for security reasons. (Some people say that it is the best way to protect it, and some the opposite - I really dont know what to think... :S)
What is your opinion?

I have now modified the jconfig.php (Akeeba backup file), so it point to the Jommla! configuration file outsite Joomla! root.


Best regards

Wednesday, 16 March 2011 18:09 CDT

nicholas
Moving the file outside of the site's root offers zero protection. If I were a hacker, I would follow either of these routes to exploit your site:

1. Using an RFI attack vector I would simply dump JConfig's properties from within Joomla!. Game over.
2. Using a rogue upload attack vector I'd append a bit of malicious code in your index.php which dumps JConfig to a file and/or send it to me by email. Game over.
3. Using a blind SQLi attack I'd create myself a Super Administrator user and use it to log in to your site's back-end. Then I'd have full access to your configuration and I'd be able to block you out as well. Double dose of game over.

Half-baked security measure can not really stand between a resourceful hacker and your site. It's like using a clay wall to stop an assaulting tank. It will stall the attack for a few minutes, but that's all there is to it.

So, no, I don't consider moving configuration.php a good idea. It's an unnecessary thing to do which makes your life miserable whenever you update Joomla! or try to use software like Akeeba Backup's CRON script.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 17 March 2011 09:25 CDT

madseman
Hi Nicholas,

Thank you for your answer, it's an answer I can use!

I will tear down my clay wall again ;)
There is no need for that, I can see, and it is really annoying when updating software.

Thank you for taking your time to explain it for me.

Best regards
Mads

Thursday, 17 March 2011 09:36 CDT

nicholas
You're welcome, Mads!

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!