top | item 34928445

(no title)

Also ensure your client does not have access to the backup server share so that ransomware can't encrypt backups on a network drive etc.

My backup solution (backuppc/other syncs + zfs + sanoid/syncoid plus offsite server with zfs) means the backup server pulls files from the clients using backuppc/rsync. The backup server volume is zfs snapshoted regularly using sanoid. The offsite server pulls these from the backup server via syncoid/zfs send.

I'm not using rsync.net since I have my own infrastructure, but would definitely choose it as the offsite server if needed.

discuss

iforgotpassword|3 years ago

Yes this. I use Borg via ssh to an off-site server. With the proper ssh config (force-command, no pty, no forwarding etc) you can lock it down pretty well, especially since you can add an "append only" switch to the serve command that will refuse any modifications or deletions to existing snapshots.