I have a multi-part question about back-ups:

1. Assuming all my attachments are in the database and not kept in another folder, same with avatars (I've never had to move a folder during an update to get images, so I'm assuming they are) is there any need to back up anything other than the mySQL database?

2. I run a cron job backup script every night which puts a mySQL backup on a folder in my server root, then another job to rsync that backup folder with a separate host an hour after that. Is this enough redundancy for a worst-case scenario, or should I set up an automatic sync with my home computer or some other backup solution?

3. If, hypothetically, someone hacked into my account on my shared server, couldn't they get the key generated to rsync into my backup on the separate server, or am I missing something?

Thanks for any help.

1. You only (really) need to backuip the database, in that case. Just make sure you keep track of what modifications you have installed and make sure you have a copy of those files.

2. A "worst case" scenario would be being both servers crashing ;). If you add another node, the worst case scenario would be that node crashing as well. Get the point? :)

3. Yes.

1. You only (really) need to backuip the database, in that case. Just make sure you keep track of what modifications you have installed and make sure you have a copy of those files.

2. A "worst case" scenario would be being both servers crashing ;). If you add another node, the worst case scenario would be that node crashing as well. Get the point? :)

3. Yes.

I get all my mods from vb.org, so I should be good to go there as I mark them as installed, and I also keep copied on my home computer.

You're right about number 2, I'm just wondering if I have a sufficient level of protection. I guess nothing is really sufficient, though I think downloading onto my computer is a good idea as well.

As for number 3, is there any way to make that more secure? Obviously keeping the server safe is down to two things: my host, and my use of a complex password. But is there anything else, as it seems like the generated key is the weak link here. Shouldn't rsync also require the other (receiving) server's password (I know it doesn't from my understanding), so that if the key is compromised there's still a layer of security? I guess that may defeat the point of a key, but I'm still wondering.

Thanks for the answers, I appreciate it. :)

Some modifications may be moved into the graveyard from time to time (eg. due to a found exploit, or the author requesting it to be removed), so you should keep a local copy of the modification files yourself.

I've also found it a good idea to keep a copy of the vBulletin files you downloaded last when updating it so that you have a set of default files in case a mod screws up the working ones on the server. I'd also say that you might still want to backup the stuff stored in files, because while that getting deleted wouldn't stop your board running, it wouldn't be very popular for your users or for your free time uploading it and finding all the things again...

I don't allow member uploads and I think all my uploads are stored as part of the dB (I could be an idiot here, it's happened before). I can't find them anywhere and I didn't have to move them over during my last upgrade.

Admin CP > Attachments > Attachment Storage Type

Admin CP > Attachments > Attachment Storage Type

Thank you very much. I'm assuming for a small site it's okay to have them on the dB, per my reading in the vB manual, so I think I'll leave it like that for now. Plus it makes backing up much easier.

We have about 20,000 posts right now, so still pretty small.