Downloading backup automatically

[bwaynef]

I had a perl script that downloaded the home directory backup automatically. Apparently whb has changed how they authenticate ...and require a session variable. There's mention of a cpanel/whm api and I've found the perl modules for that, but I'm still not sure how to use the api to authenticate, ...then download the backup. Any pointers would be greatly appreciated.

One point: I don't want the server to push the backup to an ftp server. I'd like to be able to run a cron job on my own computer to download/store the backup.

[Evgeniy G.]

As a part of permanent monitoring of our servers we perform service and basic OS updates.
That’s why new trends in the field of security program solutions are applied on a regular basis, and that allows us to keep the quality of our services on invariably high level.

As we can assume from the provided information, you script failed to work correct due to "Security Tokens" method used for XSRF attacks prevention. This method has been announced and successfully applied by cPanel software developers.

Let me describe the methods of security improvement applied in cPanel in simple words:

Cookie IP validation

Validate the IP addresses used in all cookie-based logins. This will limit the ability of attackers who capture cPanel session cookies to use them in an exploit of the cPanel or WebHost Manager interfaces. For this setting to have maximum effectiveness, proxydomains should also be disabled. Strict validation requires the current IP address and the cookie IP address to exactly match. Loose validation only requires they are in the same /24.

Security Tokens

cPanel has also included tokens to help combat XSRF attacks. Tokens are inserted into the URL and are unique to a single login session. Requests made without the appropriate token produce an error and result in a request for re-authentication. This action effectively thwarts XSRF attacks because the attacking URL will not contain the appropriate token.

Blank referrer safety check

Only permit cpanel/whm/webmail to execute functions when the browser provides a referrer. This will help prevent XSRF attacks but may break integration with other systems, login applications, and billing software. Cookies are required with this option enabled.

You can certainly find out more details about these methods at official site of cPanel developers:

http://docs.cpanel.net/twiki/bin/vie...curityConcepts

We do not work on scripts development, that’s why we recommend you to refer to the following official sources to find out more information regarding API use and its samples on different languages (including perl):

http://docs.cpanel.net/twiki/bin/vie...entKit/WebHome

[bwaynef]

I wasn't sure of the specific attack, but I understood what the session cookies were doing/preventing. My only question is how to access what I'd accessed before using a perl script (which is an overstatement ...as it was simply a series of wget statements). I've read that link, and attempted to join their forum to ask a question but registrations are down. They also suggest people who don't own/maintain/support a cPanel/WHM server to contact their host for support. ...Looks like a vicious cycle.

Thank you for your time. If you have any other possible leads, I'd be happy to chase them down.

[Tony]

I realize this doesn't apply to you, but for others reading: We just have a small forum on a shared server and, while I do a full site backup manually once a month, I use a php script and simple Windows FTP scripting to make and download our db daily. Thing is, our site doesn't change very often, but our database changes all the time.

[Colin]

(which is an overstatement ...as it was simply a series of wget statements)

I'm not familiar with PERL or all the techno involved with using the language, but I'm pretty sure it will support a HTTP session where it will also deal with session cookies and all the related properties.