Hey Guys,
This week I’ve written an article setting up Duplicati backups, hopefully it will help some of you guys 
If you haven’t got backups running, you should definitely get some sorted unless you like a bit of data loss!
Best Wishes,
CyberHost
1 Like
This means if the server gets compromised, backups too. Am I right?
Yes, technically as Duplicati holds the login details for your storage service, a hacker could compromise all existing all backups.
The best practice for an onsite backup would be to physically detach the backup device once the backups are completed.
This is one of the reasons I like Borgbackup. You can set some SSH keys to run Borgbackup in “append only” mode, which means that new stuff can be appended to the backup, but no destructive actions (like deleting the backups) can be done. If the server being backed up is compromised and the attacker attempts to delete the backups too, you can essentially revert all of the changes they made to the backups.
The downside of Borgbackup is that it currently only supports SSH destinations, as it runs Borg on the remote machine. You can backup locally then rclone to some other destination, but then you miss out on some of the benefits.
1 Like