WHMCS and SFTP

easyhostmedia

Well-known member
Hi all

Don't expect WHMCS backups to work if you secure your servers.

All my servers are set to use SFTP only and using a custom port.
so in WHMCS under the Database Backups i have Daily Remote FTP Backup set up and i know all the settings are correct, but the cron always states

Cron Job: ERROR : FTP Backup - Could not connect to backup.hostname

so contacted WHMCS support who told me to make sure my servers have the port open which they have and the IPs whitelisted.
(how i like how they reply to you as if you were a child and not know such things)

anyway after checking and telling them they are all set and open and whitlisted i get this

Hello Terry,

Port ***** seems to be SFTP and not regular FTP. I believe this is why it is not working, as SFTP is not supported at this time.

so they don't support secure servers and yet they are always going on about making your WHMCS installation secure
 
Seems like this has been something going on for quite some time.

here's a thread from 4 years ago, looks to be dealing with the same problems. It's marked as "under consideration" but no timeline;

https://requests.whmcs.com/topic/advanced-backup-options

Pretty sad state when they don't offer sFTP ability.

yes it is sad and even this

Limitations
As a DB grows, it becomes too big for a PHP script like the WHMCS cron to handle backing up due to the amount of data within it causing various server limits to be exceeded, usually around the 20MB mark. Unfortunately being big simply means that for a PHP script to loop through and save that data into temporary memory in order to generate a full backup is not possible - either the memory limits or max execution time limits on the server side of things will kick in way before that completes and terminate the script. So the only option at that stage is to look at using an alternative backup means such as WHM automated backups or manual phpMyAdmin exports.

why dont they do as they preach when a client has issues and tell you to increase the limits as daily activity could easily take up 20MB
 
Don't want to use FTP? Great. Use local backups and be done with it.
 
Last edited by a moderator:
A 20MB limitation is a serious limitation! While we used external systems for backups, since WHMCS offers backups, it should be functional.

As far as complaining about things, FTP on it's own is not secure, and at this stage in the game, nobody should be using raw FTP. If you are offering FTP to users, you need to take a look at your security.

For me, sFTP is a requirement. But then I'm more paranoid about security than others might be.
 
WHMCS offers a backup. Don't want it? GREAT, then write your own script. It takes about 5 seconds to do. It's NOT WHMCS' job to wipe your tail end here. It's their job to provide a working billing client, nothing more.
 
WHMCS offers a backup. Don't want it? GREAT, then write your own script. It takes about 5 seconds to do. It's NOT WHMCS' job to wipe your tail end here. It's their job to provide a working billing client, nothing more.

they constantly back on about security and yet they dont make their backup system to work over secure connections, their whole ethos is to make everything automated, but its seems to you to make your servers work on their terms rather them make their software work the way clients and the industry is going as more and more servers move away from std FTP
 
A 20MB limitation is a serious limitation! While we used external systems for backups, since WHMCS offers backups, it should be functional.

As far as complaining about things, FTP on it's own is not secure, and at this stage in the game, nobody should be using raw FTP. If you are offering FTP to users, you need to take a look at your security.

For me, sFTP is a requirement. But then I'm more paranoid about security than others might be.

exactly Conor all my servers work under sFTP and wont work under std FTP.
 
WHMCS offers a backup. Don't want it? GREAT, then write your own script. It takes about 5 seconds to do.

not everyone is a developer and can write scripts, they offer a backup service that is way out of date and sever users have requested they offer this over SFTP, which would not take long for them to set up, just like them increasing their mem limits over 20mb as if your are under a certain limit their software wont work and you are forced to increase limits, but they clearly dont do as they preach
 
Nothing new it's been an issue for a while, this is a funny video (database backups) comparison www.billingbrawl.com.

You need to be able to do backups easily and if it can't do that with security you might as-well email yourself backup :p
 
Nothing new it's been an issue for a while, this is a funny video (database backups) comparison www.billingbrawl.com.

You need to be able to do backups easily and if it can't do that with security you might as-well email yourself backup :p

i have daily backups of my full WHMCS and i also use the email function to email to my gmail account
so i have 2 backups, but the point is that WHMCS keep telling up about making our installations more secure and if something fails then they will say you need to increase your memory, but they find it difficult to increase their own memory above 20MB and turn on sFTP, which wont take that long
 
WHMCS offers a backup. Don't want it? GREAT, then write your own script. It takes about 5 seconds to do. It's NOT WHMCS' job to wipe your tail end here. It's their job to provide a working billing client, nothing more.

I 100% agree that it's their job to provide a billing client. That's what we used it as. However, when they introduce extra things, such as backup, then it's their duty to ensure it's functional from a security point of view.

I've never used their backup system. I use the cPanel backup as a client, but never even did the incremental backups in WHM. We used r1soft and backed up all servers (and databases) every hour. Rarely had an issue.

The issue at hand is that WHMCS offers a backup solution, but provides a very insecure method. It would be better if they didn't provide any!
 
WHMCS offers a backup. Don't want it? GREAT, then write your own script. It takes about 5 seconds to do. It's NOT WHMCS' job to wipe your tail end here. It's their job to provide a working billing client, nothing more.

Actually its a billing and management software and part of that is backup but as i stated why dont they do as they preach and be more secure and increase their limited
 
WHMCS offers a backup. Don't want it? GREAT, then write your own script. It takes about 5 seconds to do. It's NOT WHMCS' job to wipe your tail end here. It's their job to provide a working billing client, nothing more.

Double agree.

Write your own script and configure it to do backups as you want...not what they limit you too.
 
Double agree.

Write your own script and configure it to do backups as you want...not what they limit you too.

no good for people that cant write scripts, why is WHMCS so security minded when it come to everything else on WHMCS, but cant be bothered to make the backup feature secure.
They provide a feature then it should be secure, which FTP is not secure and why should they restrict backups to 20mb as backups dont effect them as you are making a backup from your server1 to your server2. it would be different if the databases were being held on their servers, but they are not
 
no good for people that cant write scripts, why is WHMCS so security minded when it come to everything else on WHMCS, but cant be bothered to make the backup feature secure.
They provide a feature then it should be secure, which FTP is not secure and why should they restrict backups to 20mb as backups dont effect them as you are making a backup from your server1 to your server2. it would be different if the databases were being held on their servers, but they are not

To be fair, sending backups to your Gmail account isn't the best idea neither. If you want the safest route, don't use the official WHMCS backup features and roll your own.
 
To be fair, sending backups to your Gmail account isn't the best idea neither. If you want the safest route, don't use the official WHMCS backup features and roll your own.

only option as it seems WHMCS don't know how to set their backup system to SFTP or how to increase their Memory limited

i use cpremote, so have 1 full backup , but i never like just having 1 backup. as i am no coder i could not create my own.

I don't know what people think if you are a webhost you have to also be a designer/coder.
 
I don't know what people think if you are a webhost you have to also be a designer/coder.

I think it is more to do with if you are a web host, you should know how to setup backups. And no, it doesn't involve being a coder nor designer. It is just one of the most basic things a web host has to setup across all of their servers... no?

I'm pretty sure Cpremote has an option to keep multiple copies?
 
Last edited:
I'm pretty sure Cpremote has an option to keep multiple copies?

just daily, weekly and monthly but to the same destination.

but as other state
write your own script.

would mean you have to code a script and it may surprise you that not everyone is a coder.
point me to the policy or law saying a web host must be a coder as setting up backups is 100% different to writing your own script.

but the point is that WHMCS shout on about security and making your installations secure, but they cant be bothered to make their backup feature use secure connections.
 
just daily, weekly and monthly but to the same destination.

A quick look on their site states they allow you to store backups in multiple storage locations and can store 7 days worth of backups. And even if that is false (I doubt it), there are plenty of other alternative solutions in this space.

would mean you have to code a script and it may surprise you that not everyone is a coder.
point me to the policy or law saying a web host must be a coder as setting up backups is 100% different to writing your own script.

I really don't know what you're getting at as I never said anything about a web host having to be a designer / coder. I said backups are very standard thing to have setup for a web host, there are plenty of solutions out there so no, you do not need to be a designer or coder and I never said you had to be.

but the point is that WHMCS shout on about security and making your installations secure, but they cant be bothered to make their backup feature use secure connections.

I agree the backups feature needs redoing though there are alternatives available so you don't have to resort to storing them in your Gmail account which is a bad idea itself.
 
Top