How it works?

Introduction

BountySite backups websites into a version control system. Call it a version control hosting if you like. BountySite’s design allows storage nodes to be placed anywhere on the internet which adds security and speeds up backups/restores by placing the nodes close to hosting server.

Multiple remote copies of the data can be kept in any geographical location.

Just like storage node, the frontend control panel too can be hosted anywhere on the internet, preferably closer to customers for a fast UI experience. The frontend talks to storage node over SSL REST API. Each account on storage node is provisioned as individual user, providing a multi tenant secure environment.

Control Panel

BountySite control panel is a decentralized frontend which communicates to backend storage over API, to provide backup details to a site owner.

Here are some highlights:-

  • Simple and fast UI
  • Control Panel node is dedicated for every partner(except for PayAsYouGo plan) and is reseller friendly
  • The node only stores login and encrypted credentials
  • Post login, one time session tokens are issued by BountySite token server, which is used by frontend to communicate to storage nodes
  • Multi user with RBACL
  • Several layers of login security to protect your account
  • And lots more

Storage Node

Storage is the backup node where the backup data is stored, which is the one talking to the hosting server for periodic backups. Here are some highlights on storage nodes:-

  • Connects to the hosting server to download website and database in a seamless manner
  • Multi tenant account isolation
  • Several layers of security
  • Web files and tables are revisioned separately giving granular control on restores
  • Support for SFTP/FTPS for transfer protocol and MySQL/Mariadb for database backup
  • Industry standard AES-256 bit encryption

Remote Data Copies

Since BountySite storage nodes are placed close to hosting server, multiple copies of data can be stored anywhere in the globe, for handling disaster recovery. Keep a copy on S3 compliant storage or commodity hardware at n locations.

Apart from this, site owners(customers) can also keep 1 copy of data on their own S3 compliant storage.

Known File Archive

BountySite identifies stock files of known open source applications, to tag file as known. Files are tagged unknown by default. This helps site owners to investigate website hacks on their own. For example, unknown new php file added to a wordpress website can confirm that it is a malware. Archives are optimized to give accurate enumeration within an hour.

Overview

BountySite performs initial first time full backup followed by differential backups. This significantly reduces hosting server resources and also saves storage by saving only delta changes.

Website code and database are revisioned separately. Site owners can restore:-

  • individual file or db table from any previous snapshot
  • all web files of a specific snapshot with touching database
  • all db tables of a specific snapshot without touching any file

Website Integrity Monitoring System

Site owners can track changes per backup or per file or per database table. Integrity monitoring system helps site owners stay ahead of website hacks and keep tabs on changes made on the website. BountySite allows site owners to keep tabs on web file changes as well as pre-selected tables changes.

Early detection of unauthorized changes can help site owners address issues quickly, without which a website hack could go unnoticed for several days, leading to blacklisting of the site. This methodology also beats all malware scanners. Site owner is the best judge. This is where human common sense beats all Artificial Intelligence and Machine Learning, and makes things simple, affordable and reasonable.

File/Table Change detection

Site owners are notified on file addition/modification/deletion. Site owners can choose tables(post first backup), for which they want to be notified on change. For eg, wordpress user table could be added for monitoring, to detect unauthorized admin user addition.

Site owner can also choose to exclude files from backup, for which change notifications are not required.

Operating Modes

BountySite offers the following operating modes:-

  • Active : Default backup mode for regular backup.
  • Development : During website development, site owner will not receive file change notifications. Backups will continue as is.
  • AutoRevert : Idle sites can choose this mode to auto revert any file changes wrt a specific snapshot. This is useful for dormant sites running old versions, which gives site owner time to investigate the root cause and fix. This solution is reactive but still effective.
  • Disabled : This mode disables backup for the specific site.

Flexible

BountySite can be deployed on cloud or commodity hardware and is highly customizable. Logs are provided within the control panel for site owner/hosting provider to troubleshoot.

Threat Detection

Site owners/Hosting providers can report malware hash, which can help other infected sites from the same malware. This can help mitigate Cross Site contamination cases.

One Threat One Dollar : The most cost effective solution to detect code vulnerabilities early without making any tall false promises.