AutoRestore – Protect non-WordPress folders with AutoRestore

Home Forums BulletProof Security Pro AutoRestore – Protect non-WordPress folders with AutoRestore

This topic contains 15 replies, has 3 voices, and was last updated by  AITpro Admin 5 years ago.

Viewing 15 posts - 1 through 15 (of 16 total)
  • Author
    Posts
  • #5406

    AITpro Admin
    Keymaster

    This is actually a great question that I have been meaning to post about.

    1. Go to the AutoRestore/Quarantine Settings page and Turn Off the ARQ Cron first.

    autorestore-add-non-wordpress-folders0

    2. Next go to the AutoRestore Add / Exclude Static Files tab page and select the Folder File Add Option that you want – Add Top Level Folder is usually the best choice to make.

    autorestore-add-non-wordpress-folders1

    3. Enter an Add Folder or File Path to the non-WordPress folder that you want to add.

    autorestore-add-non-wordpress-folders2

    4. Go to the AutoRestore/Quarantine Settings page and turn the ARQ Cron back On.

    autorestore-add-non-wordpress-folders3

    Blue Read Me help button on the Add / Exclude Static Files tab page.

    Add Folders & Files Examples and Best Recommended Use – For non-WordPress Folders & Files ONLY

    Add Top Level Folder option
    Best Recommend use is to select the Add Top Level Folder option to add an entire non-WordPress folder to backup and to be checked by the ARQ Cron. Example: You have a Top Level non-WordPress Folder named orange. The folder path is /xxxxx/xxxxx/orange. You would select the Add Top Level Folder option and then enter the folder path to this folder /xxxxx/xxxxx/orange in the Enter an Add Folder or File Path text box and click the Add button. Additional Add options are Add a Specific Folder and Add An Individual File.

    Add A Specific Folder option
    Adding a specific folder can be used for adding ONLY a specific folder and all files in that specific folder – no subfolders of that specific folder will be added to backup and checked by the ARQ Cron. Example: You have a subfolder named orange-subfolder inside of the Top Level Folder named orange. The folder path is /xxxxx/xxxxx/orange/orange-subfolder. By adding only the specific folder orange-subfolder ONLY the files in that folder will be added to backup and checked by the ARQ Cron. Any files in the parent folder /xxxxx/xxxxx/orange/ will NOT be added to backup and be checked by the ARQ Cron and any subfolders of the /orange-subfolder will not be added to backup and checked by the ARQ Cron. Example: /xxxxx/xxxxx/orange/orange-subfolder/another-subfolder. The files in the /another-subfolder subfolder will not be backed up or checked by the ARQ Cron.

    Add An Individual File option
    Add an individual file will add just a single file to backup and be checked by the ARQ Cron. The most likely use for this would be if you are working on a particular file and you do not want the ARQ Cron to check it while you are working on it you would use the Remove Added Folders/Files Search tool to temporarily remove this file and after you are finished working on the file you would select the Add An Individual File option to add the file back to backup to be checked again by the ARQ Cron. You would enter the full path and filename in the Enter an Add Folder or File Path text box. Example: /xxxxx/xxxxx/orange/orange-subfolder/orange.php.

    #5395

    Mark Colliton
    Participant

    I’m sure this is really basic but help would be appreciated

    I’ve set-up BP-Pro for my WP installation on a domain but have a couple of other non-WP directories on the same domain which I host clients’ images galleries & virtual tours, so how do I set-up a protection for those folders & their .htaccess files which had previously been hacked ?

    Thanks in advance.

    Mark

    #5409

    AITpro Admin
    Keymaster

    A new Topic on how to add/protect non-WordPress folders with AutoRestore/Quarantine.

    http://forum.ait-pro.com/forums/topic/autorestore-protect-non-wordpress-folders-with-autorestore/

    #5411

    AITpro Admin
    Keymaster

    Your topic post has been Merged into this new Topic.

    #5805

    Mark Colliton
    Participant

    Hi

    So I followed this process which was easy enough which setup protection on my chosen non-wp folders.

    However in no time my inbox was flooded with 2000+ alerts of files that had been quarantined as the virtual tours I host are each made up of a huge number of jpegs which form the overall panorama for each tour.  I then had to no choice but to turn off the ARQ Cron & try to remove the folder paths that I had just created however I have not been able to achieve this as when I search for the added path the results display nothing to check & complete the removal etc.  Also as soon as I turn the ARQ Cron back on my inbox becomes a joke.

    I’ve since had to leave this for a week as I get a headache very quickly from this kind of stuff but please do advise me on what to do ?

    Thanks

    Mark

    #5807

    AITpro Admin
    Keymaster

    First off you really do not need to monitor or protect images files (jpg, png, gif, etc).  They are not vulnerable to exploitation/being hackable.

    If files are being generated with random names then these files are dynamically generated files and the file names will always be different, therefore you cannot use AutoRestore to protect these randomly named files because this would not work.

    The basic concept of AutoRestore/Quarantine is this:

    AutoRestore/Quarantine checks that files in AutoRestore backup match your actual website file.  So if you have randomly/dynamically generated files then there is not going to be a matching file in backup, unless you create that backup file by clicking the AutoRestore Backup Files buttons for WordPress files.  For non-WordPress files you would click the Add button.  The non-WordPress file and folder feature is NOT designed to monitor dynamic files and should instead be used ONLY to monitor static files that do not change on a regular basis.  In order to monitor dynamic folders and files, it would be a big pain to do this on a regular basis since you would have to turn off AutoRestore and click the Add button every time files change to create new backups of those files so that they match your actual website files.  In general you do not want to monitor dynamic folders/files at all with AutoRestore and instead want to create Exclude rules in AutoRestore to NOT monitor folders where files are dynamically updated or dynamically created/generated.

    Please look at the AutoRestore/Quarantine Guide to see how AutoRestore/Quarantine works and specifically look at the section about Website File Types.

    http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/

     

    #5808

    AITpro Admin
    Keymaster

    Here is an example of the correct usage for adding a non-WordPress folder to AutoRestore.  Let’s say you have an application/folder outside of WordPress that is doing something with image files.  The folder name for that application is /image-maker and it stores dynamically generated image files in a folder called /image-maker/images.

    You want to monitor and protect the /image-maker folder, but not the /images folder, because the /images folder has randomly/dynamically generated image files stored in that folder.

    You would choose the “Add a Specific Folder” option in AutoRestore Add Folders & Files and type in the path to the /xxxx/xxxx/image-maker folder.  This means that only the /image-maker folder will be monitored and protected by AutoRestore/Quarantine, but the subfolder /images would NOT be monitored.

     

    #5865

    Young Master
    Participant

    There is something I dont understand about adding a top level folder. For example if i have a top level folder with a name results then the path which am going to add will be /home/username/public_html/results. Am I right or I just misunderstood you.

    #5867

    AITpro Admin
    Keymaster

    Add Folders & Files Examples and Best Recommended Use – For non-WordPress Folders & Files ONLY

    Add Top Level Folder option
    Best Recommend use is to select the Add Top Level Folder option to add an entire non-WordPress folder to backup and to be checked by the ARQ Cron. Example: You have a Top Level non-WordPress Folder named orange. The folder path is /xxxxx/xxxxx/orange. You would select the Add Top Level Folder option and then enter the folder path to this folder /xxxxx/xxxxx/orange in the Enter an Add Folder or File Path text box and click the Add button. Additional Add options are Add a Specific Folder and Add An Individual File.

    Add A Specific Folder option
    Adding a specific folder can be used for adding ONLY a specific folder and all files in that specific folder – no subfolders of that specific folder will be added to backup and checked by the ARQ Cron. Example: You have a subfolder named orange-subfolder inside of the Top Level Folder named orange. The folder path is /xxxxx/xxxxx/orange/orange-subfolder. By adding only the specific folder orange-subfolder ONLY the files in that folder will be added to backup and checked by the ARQ Cron. Any files in the parent folder /xxxxx/xxxxx/orange/ will NOT be added to backup and be checked by the ARQ Cron and any subfolders of the /orange-subfolder will not be added to backup and checked by the ARQ Cron. Example: /xxxxx/xxxxx/orange/orange-subfolder/another-subfolder. The files in the /another-subfolder subfolder will not be backed up or checked by the ARQ Cron.

    Add An Individual File option
    Add an individual file will add just a single file to backup and be checked by the ARQ Cron. The most likely use for this would be if you are working on a particular file and you do not want the ARQ Cron to check it while you are working on it you would use the Remove Added Folders/Files Search tool to temporarily remove this file and after you are finished working on the file you would select the Add An Individual File option to add the file back to backup to be checked again by the ARQ Cron. You would enter the full path and filename in the Enter an Add Folder or File Path text box. Example: /xxxxx/xxxxx/orange/orange-subfolder/orange.php.

    #5868

    Young Master
    Participant

    The only thing I dont understand is what do xxxx in the folder path above mean. do I need to put them or if my folder is in the root of my website.

    #5870

    AITpro Admin
    Keymaster

    xxxx means example because everyone’s folder names will be different.

    /home/username/public_html/results = /xxxx/xxxx/xxxx/results

    /home = /xxxx

    /username = /xxxx

    /public_html = /xxxx

    #6741

    Mark Colliton
    Participant

    ok so my problem now is that after adding a custom folder path to those image files & the subsequent endless quarantining I am now unable to remove the path to stop the monitoring of the folder.

    I tried completely uninstalling BPS Pro & then re-installing it but as soon as I reactivate ARQ the added path monitoring persists from the previous installation & again every jpg is quarantined etc.

    so when I recall the added folder path simply using the show all folders, then putting this path into the “search a specific folder” text area, the search returns no results to then check for removal of this path

    so please tell me how I can remove the added folder path so I can turn ARQ back on ?

    #6746

    AITpro Admin
    Keymaster

    How and where did you add a custom folder path?  Please give an exact/specific description so we are on the same page.

    Example:

    I have a non-WordPress folder here:  /full-path-to-folder/custom-folder-example/

    I used the Add Folders & Files Tool and chose the Add Top Level Folder option and entered this path:  /full-path-to-folder/custom-folder-example/

    I am trying to remove a custom folder and am using the Remove Folders & Files tool.

    I enter my custom folder name in the Remove Added Folders/Files Search window and click the Search button.

    When the search results are displayed in the Dynamic Form Search Results For Added Files To Remove I have selected the Remove option and click the Remove button.  My custom folder has either been removed successfully or there was this error message:  X.

     

     

    #6753

    Mark Colliton
    Participant

    yes I’m using the “remove folder & files tool” on the “add/exclude static files”

    having already added a certain non wp folder path eg /full-path-to-folder/custom-folder-example/ which in my case contains a huge no. of jpgs all of which are triggering the quarantine, I now wish to simply remove the path from ARQ

    when I enter the path eg /full-path-to-folder/custom-folder-example/ in the “remove added folders/files search” there are no search results, but instead entering “custom-folder-example” does return all the files of the path /full-path-to-folder/custom-folder-example/ but in my case there’s a huge no. to go through individually by checking each radio button delete

    so why is there no way of removing the path as easily as it was to add it in the first place ?  or even a bulk edit option to delete the files from the path in the search results etc ?

    Thanks

    #6754

    AITpro Admin
    Keymaster

    I am looking at this right now to test and see what the issue is.  It has been a long time since I have looked at this tool.

    Which option did you choose under   Top Level Folder?  So that I can simulate the exact scenario.

Viewing 15 posts - 1 through 15 (of 16 total)

You must be logged in to reply to this topic.