Support

Hello,

After updating to Solo 7.2.2 our backups now have random characters applied when backup post-processing sends the file to Backblaze:

name_of_backup.net-2020-07-21-OYAlzL75-1bxtLs4

Usually, we only add the date as the name of the backup.  This is a big problem for us because we regularly do automated Restores onto some of our Dev systems. 

I have double checked and the Backup Archive Name has not changed - still set to [HOST]-[YEAR]-[MONTH]-[DAY]

Thanks,

Pat

Starting with Akeeba Backup 7.1.0 and in in an effort to protect the security and privacy of our clients' sites we will make the backup archive filenames practically impossible to guess by automatically adding -[RANDOM] (dash followed by 16 random alphanumeric characters) to the backup archive filename in the following potentially hazardous configuration conditions:

1. You are using the default backup output directory; OR

2. You are using a backup output directory that is under your site's root and for which we cannot positively detect that it's inaccessible over the web.

The test for whether the backup output directory is accessible over the web takes place when you visit Akeeba Backup's Control Panel page and activate the backup profile in question from the dropdown list. First, Akeeba Backup will place a .htaccess, web.config, index.html and index.html file if they are not already present. For this reason it's IMPERATIVE that your backup output directory is NOT the parent folder of a web accessible location. The check will then try to write a randomly named file in your backup output directory and access it over the web. This may create an entry in your server's error log. If this happens do not worry; it's normal and it means that everything is working correctly.

Also note that if you are using the default backup output directory, regardless of whether it is accessible over the web, you will see a potential issue warning in the Control Panel, the Backup Now page and your backup log file titled Q203 Default output directory in use. This is deliberate. The link for that message, that I included here, explains our reasoning.

You cannot disable either behavior in Akeeba Backup for the same reason you cannot disable seat belts in a car. It is a security feature, put in place to protect you.

If you want to avoid having the random characters appended to your backup archive's name and / or prevent Akeeba Backup from issuing a warning about the default backup output directory being in use you will need to address the conditions above, i.e. follow our advice to create a dedicated backup output directory. A short version follows.

Ideally, this should be placed in a directory above your site's root. If this is not possible, please use a directory inside your site's root. A hard to guess name like "qebPw234wD_backups" is preferred to an easily guessable name like "backups". Do not place your backup output directory in a CMS system directory, such as Joomla's cache, tmp, media etc directories or WordPress' wp-content directory. After creating the backup output directory go to the Configuration page to change your backup output directory to it. This needs to be done once per backup profile. Remember to exclude your old backup output directory (default: administrator/components/com_akeeba/backup) from your backup to prevent backing up any existing backups which may still be in there.

When you next visit Akeeba Backup's Control Panel, Akeeba Backup will try to protect the backup output directory and check if your directory is accessible over the web, as explained above.

If the backup output directory is EITHER above the site's root (therefore by definition inaccessible over the web) OR positively identified as being inaccessible over the web THEN and only then Akeeba Backup will stop adding the -[RANDOM] suffix to the names of your backup archives.

Thank you for your understanding wile we make using Akeeba Backup safer for you.