Duplicity & rsnapshot helps me backup my files to remote FTPs server. I can recover file if my server harddisk failed. But if someone hacking my local server and he can get all remote server access info from cron scripts, so hacker can remove the remote FTPs server files. How can I backup it properly. (prevent harddisk failed & hacker)
How to backup the files secure and properly
backupduplicityrsnapshot
Best Answer
A simple approach is to have a "pull" backup - a separate backup server has credentials to log into the main server to pull the data required for the backup, e.g. using rsnapshot logging in via SSH to the main server.
This stops the most obvious attacks where a malicious hacker deletes files on the main and backup server - I've seen people who have reported this on various security forums, so you are right to be concerned for a web server.
The pull backup is still vulnerable to an attacker who compromises the main server (e.g. installing a compromised SSH server that then exploits a hole in the SSH client on the backup server), but that's a much more determined and skillful attack, verging on a targetted attack. Having an offline copy of your backups will address that type of attack as well.
For more details including use with other tools for encrypted backups, see this answer.