Backup is your only real defence
You don't really own a website until you have a) made a backup of it, which you have b) actually tested to make sure it works. It is probably inevitable that you will have to learn this lesson the hard way, but for whatever it is worth at this point you should:
- Download your entire site, including the trust_path folder (remember your database is in there).
- Make a second copy that you can store off site (eg. put it on a USB drive and take it home).
- Wouldn't hurt to make a third copy, that you store in a cloud-based account such as Google Docs, where you can get it when you're travelling.
Since Tuskfish CMS uses SQLite the database is actually stored as a text file. This means that when you back up your website file structure you also get a backup of the database, unlike (say) MySQL where you have to backup the database separately using other means.
Make backups of your site regularly. I recommend that you keep a time series of them so that you can ‘step back’ to various points in the past. If you’re a Linux Nerd I recommend setting up rsnapshot, which makes periodic copies of your site at various time intervals (several copies a day, week and month) and rotates them automatically. It's free and knowing how to set it up will serve you well. I have a few notes on setting it up for the Pi.
Restoring your database from backup
To restore your database from backup simply:
- Upload the database file into your trust_path/database directory. You may wish to rename the existing live copy first (if present) to prevent it from being overwritten.
- Check that the database file permissions are set to 0600 (read-write by the owner, only) in order to guard against unauthorised access. This step is essential.
Restoring your entire site from backup
All you need to do is to upload the file structure back onto your webserver. Don't forget that the trust_path directory should sit outside of your web root (ie. outside of public_html). You should also verify that the file permissions are correct, as they can be changed during upload:
- public_html/mainfile.php must be set to 0400 (read only by the server).
- trust_path/configuration/config.php must be set to 0400 (read only by the server).
- trust_path/database/yourdatabase.db must be set to 0600 (read-write by the server, only).
The permissions for the database file are absolutely critical, as access to SQLite databases are solely controlled in this way.
Copyright, all rights reserved.