1. Background

    1. Via Media, including its predecessor Parkside Media, maintained an annual Managed IT Support contract with Belton IT for over a decade, spending $20,000–30,000 annually.

    2. The CRM system, critical for daily operations, was a bespoke platform hosted by Belton IT, who were familiar with its functionality and importance.

    3. Upon transitioning to a remote-work environment, Via Media opted to retain CRM hosting with Belton IT.

    4. This decision was based on the proprietary nature of the CRM, Belton IT’s familiarity with its operation, and their assurances that hosting with them would be more secure than with a large cloud provider, given their servers were NZ-based.

    5. Belton IT further advised that a third-party NZ-based hosting provider would manage the servers, ensuring specialized and secure hosting.

    6. Belton IT transferred the CRM to the third-party hosting provider in late 2022, maintaining previous support practices.

    7. As per Belton’s arrangement, Via Media had no access to server administration or backups, relying solely on Belton for these services.

    8. The CRM functioned as it had done previously.

    9. Any problems were fixed by contacting Belton support and ticketing the issues, as had been the process previously.

    10. In short, in terms of CRM hosting and maintenance, nothing changed in our day-to-day operations.

    11. The only change was that service tickets were now pay-as-you-go, rather than being included in our support package.

Incident

On Monday 22/07/2024 the site hosting our CRM disappeared without warning.

The loss of our CRM and sales booking system meant we were without all of our client records (approximately 10,000 individual records), our sales bookings database both current (customers’ work in progress), past (all customer sales history for preceding approximately 15 years), and future (all forward sales bookings, of which there were over 630); in short a massive loss of critical information and how we accessed that information and also, our portal for recording sales and booking activity.

We raised support tickets with Belton in the normal way but had no resolution, and had to follow up daily throughout the week for updates on what had happened and when the issue would be resolved.

We were initially told by helpdesk support staff that the outage was due to the CroudStrike update issue and that the site would be back up by the end of each day that we were calling on,

Eventually, after no resolution during the work week, after requesting escalation of the issue and requesting a call from our account manager, we received a call from Warrick who told us that the site including its database and backups were all gone, and that this had happened to all client sites that Belton had hosted via their upstream provider. No explanation was given as to why or how this had happened, but we were informed we would receive more details as they came to light.

There was no further information provided other than that the upstream provider had had ‘a catastrophic failure’ and reiteration that there were no backups available to restore, the upstream provider had lost everything. 

When we queried how this could be possible, as with self-manged cloud solutions, e.g. WP Engine, there are automated daily backups of sites and databases available to be restored at any user-defined restore date, and 

We also queried how this could be related to the CrowdStrike issue and how that could have wiped out all server backups but were given no further information; at this stage we suspected there could be an issue of a service-delivery failure with Belton’s uopstream provider having failed in what they should have been provdiing to Belotn, so we requested Belton’s insurer details and what their position was with cover for their upstream provider;’s failure.

At this point our insurer confirmed that contacting Belton’s insurers to gather details on where the failure had occurred and what their position might be with their upstream provider was the next logical course of action.

Belton delayed in responding to our repeated requests for providing their insurer’s details.

During this period Belton offered to restore the last back-up of the CRM database that they had on file from when they were providing the hosting on their own internal servers prior to moving to the third-aprty upstream host. The restore of this back-up provided us access to our sales booking and client history up to approximately November 2022 but there was no weay for them to access any back-ups from the the upstream provider.

Rebuild of system to 11/09

We had no option but to rebuild the CRM system ourselves from data we had downloaded during the course of using the system (the system generated .xls reports), but this was a manual process with an initial consolidation of all booking information into spreadsheets, not an upload from database. Given the only database Belton could supply us with was missing two years’ worth of sales data (approximately $4M revenue) we determined it would be quicker and more accurate for us to reassemble the database from the downloaded .xls spreadsheet reports and the spreadsheet booking forms that were the source data for the CRM database. Data input into the preexisting CRM was manually, field by field, with up to 20 fields of data per record. If booking data was reentered into a new build of the CRM system we would have had to manually reenter all booking data and then manually check and verify bookings. We therefore moved our CRM to a new platform that allowed us to upload records from a spreadsheet database that we created from existing reports and booking forms. This process was more expedient and did not require data entry validity checking, but it did mean that staff needed to be retrained in how to access CRM and sales booking data, which added considerable impact to the initial loss.

The rebuild was logged with 154 hours of build time (much of which had to be undertaklen outside of normal business hours) over 10 weeks to 11/09/2024, when we were able to switch over to the new CRM platform. Staff training on the new system and disruption to sales booking process during that time and the following month are estimated to have absorbed another 40 hours. We have no way of retrieving customer data from the period Nov 2022 to mid 2024 as Belton have only supplied a back-up of the database up to Nov 2022.

Key points:

  • CRM system disappeared without warning 22/07/2024
  • Belton has never provided any explanation about how or why aprat from to tell us their upstream service provider had had ‘a catastrophic failure’ and that ‘all backups were gone’.
  • Belton refused to provide their insurer details for our insurer to commnuincate with over the apparent failure of service of Belton’s upstream provider
  • The loss of the database and system left us without all past, current and future sales booking information, and access to our client records
  • We spent the next three months rebuilding and transferring our CRM and sales booking processes from our existing .xls reports and spreadsheet booking forms into a new CRM system, hours logged and estimated are approximately 194, billable $34,920.

Reasonable expectations

Given the length of relationship, and familiarity with our systewms that Belton had (Warrick has been our account manager for many years) we would have expected to receive more information on what had actually happened with the upstream provider to whom Belton entrusted our CRM system’s hosting. There was no explanation given apart from the initial CrowdStrike possible cause (which no further information has been given of).

It is industry standard practice for a hosting provider to have at least daily back-yups running of all hosted data, and for downstream clients to run periodical back-ups of those back-ups (*confirmed by two independent Managed IT service profviders), and similar to what user-managed cloud hosting service providers offer (e.g. WP Engine runs daily back-ups that can be restored by the end user at any day’s restore point on demand). It’s a reasonable and expected standard of industry practice for a company such as Belton who is entrusted to host customer data to perform regular backups or give a customer access to back-up (as we have and do with the SaaS cloud services we use) and for backups of those backups to be created prior to any final failsafe end-user back-ups that ‘might’ be made (which Belton know were not possible for us to implement on this upstream solution as we couldn’t access it via any automated data protection solutions). This reasonably expected level mirrors the provisionsBelton implemented for us when we were hosting our own network systems internally and backing up via Shadowprotect and site-removable drives. 

Belton had encouraged us to keep our CRM system with their hosting even when we were evaluating whether to move it back to a user-managed cloud hosting platform.

No provision for us to run user-managed back-ups of the database was offered or advised; over the many years the database has been hosted and maintained by Belton the only way of accessing its backend was via Belton technicians. Databases we had historically hosted onsite on our own servers had Belton implemented multi-level backups that they monitored and advised us on. Importantly, we did raise and question the issue of end-user access to the backend of the database when scoping possible alternatives to hosting the CRM system with Beltion in 2022 (*see correspondence). Belton recommended this solution for the CRM when we were evaluating between Belton providing the CRM hosting or moving the hosting back to a cloud platform that we would self-administer (as we do with our other sites). Around the same time Belton recommended various security options that we should implement around the cloud services we were moving our WIP server to, so Belton were cognisant of what was best practice for our requirements, beyond what Belton were potentially going to be providing for us. 

The solution we were investigating for the CRM as a hosted option was preferably a mainstream big name provider so that security, data backups etc. were all taken care of giving us a low maintenance solution, which was what you recommended via your secure upstream provider ahead of the other option that we were considering, being a self-administered SaaS cloud service.

When the upstream hosting solution was put in place we had already asked questions around access and received the response that there was no direct admin access available to us of the hosting and there was no API available into the application. You did advise that backup/maintenance scripts were running on the VM.Once the switchover happened there was no direction for us to implement our own additional backup solution, no reference to Ts & Cs regarding the hosting service provision, nor any further requests for info or action on our part.

It’s important to note that Belton’s instruction on this solution was that it would be more secure and have more layers of protection than a cloud-based solution (which was the direction we took with our other hosting).

The fact that Belton have been able to supply a copy of the database from their own server backups from when they were hosting prior to moving their hosting to an upstream provider, appears to reinforce this reasonable expectation of a host capturing backups of hosted data. As well, during the initial conversation with Warrick he referred to the upstream provider’s backups, indicating this is indeed a reasonable expectation.

Given the enormity of the impact of the loss fo the CRM system for us, which Belton would reasonably have known given their familiarity witho ur business and systems, there would be an expectation of some sort of offer of assistance or support in our attempt to resolve our suiatiuon, which, given restoration of data was impossible, we had to action via our insurers. In short, we would not have expected Belton to then close the door on that approach by refusing to let our insurers talk to their insurers.

Key points:

  • Despite the enormity of impact the loss of the CRM system and database no information on what the issue was was given, making any progress towards resolution very difficult for us.
  • It is recgnised industry standard practive, both with basic site hosting via a managed IT service or via user-managed cloud service for regular automated backups and backups of backups to be made.
  • No provision for us as end-users to have back-end access to Belton’s servers to backup the database was ever offered or flagged as necessary. 
  • We had raised and had acknowledged that we had no access to user-managed backups during scoping options ot host the system in 2022
  • The initial conversation with Warrick he refereed to vBelton’s upstream provider’s backups having disappeared.
  • Belton were advised that our insurers needed to talk to their insurers but refused to supply their insurer’s details.

Breakdown of contact

Despite repeated attempts to get Belton to supply their insurer’s details they continued to refuse ot do so. We also cpoke to and emailed company owners yto attempt to resolve the iusee but were referred to Warrick’s response, which then became to pass the blame for the outcome back to us for not having made back-ups. Belton then claimed that backups under the service level hosting package they were charging us for the upstream provider were our responsibility. They claimed thai was in their terms and conditions. When we queried this and whether we had ever been suppliec these terms and condiotns they did not reply. At this juncture a link to terms and conditions as added to their website. We had previously searched for a terms and condiotns link on their site when querying their notifying uso f the Ts&Cs and could not find them. To prove that Belton made this change on or about this date we have screenshots of previous versions of the website captured byt the archive.org internet archiving site. We asked for the documentation where we had the option of selecting which service Belton provided for hosting and where that linked to/referred to the Ts & Cs referred to; and confirmation around Belton’s outline to us that there was no backup or security to Belton’s  recommended hosting service; and 

the option Betlon  gave us to back up our data, and refused no further information.

Initially on the phone Warrick said the database and the backups were gone and that he didn’t know what had happened to the backups, which is at odds with what he was now saying. 

Key points:

  • We esccalated our requests for Belton’s insurer details to comapyn owners but continued to be refused.
  • Belton then attempted to pass the blame for the loss onto us by claiming that their terms and condiotns did not cover making backups of hosted data
  • Belton refused to supply us any detail on when we had been supplied these Ts&Cs
  • Belton then updated their website to include a link to these Ts&Cs
  • We accessed a historical version of their website from July 2024 via the archive,.org internet historical site repository and screencaptured the home page which dfid not have the Ts&Cs linked, in short Belton had added these at a leter date in an attempt to cover their tracks.
  • on the phone Warrick said the database and the backups were gone and that he didn’t know what had happened to the backups, which is at odds with what he was now saying. 

Estimated cost of make-good and losses:

Two independent managed IT service providers have quoted rebuildinhg and restoring the preexisting CRM system to be in vicinity of $80,000. If we had elected to go that route we would have thn faced additional costs data verification and we would have had al onger operational downtime as we waited for a third-party to build the system. We estimate staff time and loss of business opportunities to be around $60,000 itemised as follows:

Rebuild hours $35,000 (see attached logs and estimated time spent on staff retraining)

Reduced sales revenue of $25,000 (see YOY comparison for Q3 2023)

If Belton will still notr provide our insurers access to their insurers to discuss next steps ofr resolution then we are climbing thewse losses from Belton, and further damages of $##,### for the unethical and obfuscating manner they have delta with this issue.

———- Forwarded message ———

From: Dave Wilson <[email protected]>

Date: Fri, 14 Oct 2022 at 12:36

Subject: RE: SQL Database and Web Hosting

To: Henry Khov <[email protected]>

Cc: Errol Canedo <[email protected]>

Hi Henry,

 

Thanks very much for this. Apologies for the delay, I’ve been off quite unwell this week.

 

Errol and I have reviewed the potential requirements here and as we’re working with an older (and relatively unsupported platform as I understand it), with legacy versions of PHP etc, there will be quite a number of challenges when it comes to a migration.

 

Our best estimates are between 130-160 hours of effort to get this all spun up with a full code review (required to run on any modern hosting facility for compatibility purposes), infrastructure deployment, application deployment, testing etc. If this is the kind of thing you’re thinking to pursue we can progress to proposal. If it’s way out of the initial budget/thinking, perhaps you’re better exploring an off the shelf CRM like https://crm.zoho.com/ or something similar which could be a better long term solution. There no doubt will be a data migration, CRM customization etc required but depending on the business strategy/approach, might be a better use of time and resource. I really don’t know anything about your current CRM so it’s hard for me to say at the moment how ‘migrate-able’ it is to an off the shelf solution.

 

Thanks Henry,

 

 

Dave Wilson

CEO

Thu 6/10/2022/8:30 AM UTC+13/ Craig Pilott (time)-

Good Morning Simon and Henry,

Simon – your first two requests were quite simple as the reports were already pulling data using a function that included the fields you wished to add. I’ve added them as it was a fairly trivial change. Please let me know if something doesn’t look right.

Not all of the other fields you mentioned (in fact I think most of them) were not included in that dataset though, so adding them would be a bit more work. If you’re already looking to consolidate into one report it’s probably simpler in the long run to do that.

To add a completely new report, I would expect it to take on the order of two to four hours, depending on how complex the queries end up being.

Henry – Please see answers below, please note that while I have been the one to make changes to the code most recently, I didn’t write it so I’m not sure of reasons behind design decisions.

CURRENT TECHNOLOGY STACK: OS: Ubuntu OS Questions:

We’re in the process of decommissioning these servers, they’re rather old. I don’t think there are any specific version requirements you’d need to worry about though.

  • What specific version? Ubuntu 14.04.2 LTS
  • What are the current specs? CPU, Memory? Two VMs each with 3 vCPU and 8GB RAM load balanced.
  • Do we have access to the current OS as an admin or they just provided a space for the app for web hosting (shared)? Shared hosting, so no direct access sorry.

2/12/2022 Pilott, Craig Service Ticket:1590797

Summary:CRM Hosting

Good Morning Simon and Henry,

The copy over looks to be complete, you had the

correct IP addresses so everything on that end was

nice and straight forward, though I did have to hunt

down a couple of bugs in the code that were

preventing the site from loading.

All three sites are now wholly independent of each

other, . Do you want the Parkside address

redirected, disabled, or left as is for now?

Y 3.00 179.00

30 Jan 2018, 14:54

to sholloway

Log email to HubSpot

–REPLY above this line to respond–

Belton IT Nexus

Hi Simon,

I have added the Net column to the WIP report and changed blank Rerun Notes fields to show UNDEFINED.

As for directly pulling the data into Google Sheets, while technically possible it would require either a very large amount of work to directly integrate and export from the CRM, or slightly less work but opening up a potential security risk to pull from the Sheets end, something I’m not comfortable with.

With the age of the CRM I would be inclined to look for newer alternatives before starting this amount of work.

Kind Regards,

Craig Pilott | Internal and Specialist IT Team

Belton IT Nexus Ltd | Direct Dial 09 869 2813 | Office Phone 09 974 2379

Po Box 112371, Penrose, Auckland 1061 | 99 Gavin Street, Mt Wellington, Auckland

———- Forwarded message ———-

From: Simon Holloway <[email protected]>

Date: 22 November 2017 at 18:01

Subject: CRM WIP report query

To: Craig Pilott – Belton IT Nexus <[email protected]>

Hi Craig, couple of requests and questions on our CRM WIP report:

  1. Could we add the Net column into the report as last column on the WIP export
  2. Is there a reason why fields that show as ‘UNDEFINED’ in the Rerun Notes column export as blank fields in the WIP export?

Given there are now some third-party apps allow SQL databases to feed into Google Sheets via APIs, would it be faesible (in theory) to have the CRM database exporting those WIP reports via a Google Sheet trigger directly in Sheets, thereby avoidiing the manual export WIP report, import into Google Sheet process that we currently run. If so, what would be steps to set up an API to access the CRM database?

is backing up a website hosted on a server via myPHP a reliable way of backing up the site?

ChatGPT said:

Backing up a website using phpMyAdmin (phpMyAdmin) can be part of a reliable backup strategy, but it’s generally not sufficient on its own for complete site recovery. Here’s why and what else you should consider:

  1. Database Only: phpMyAdmin can back up your MySQL database, which includes essential site data (e.g., posts, user accounts, settings) for CMSs like WordPress. However, it doesn’t include your site’s files (such as themes, plugins, images, and configurations). To fully back up your website, you’ll also need a file backup of everything in the site’s directory on the server.
  2. Manual Process: Backing up via phpMyAdmin is typically a manual process, which can be prone to error if not done carefully. Regular, automated backups are preferable for reliability.
  3. File System and Database Sync: If your database and files are backed up at different times, they may go out of sync, which can cause issues during restoration. Automated tools ensure that your files and database are backed up simultaneously.
  4. Recovery Time: A phpMyAdmin backup is slower to restore in case of a crash, especially if you need to manually upload files and import the database separately. Using a full-site backup solution is faster and more efficient for disaster recovery.

Recommended Backup Methods

For a more reliable and complete website backup, consider:

  • Automated Full-Site Backup Plugins (for CMSs like WordPress), such as UpdraftPlus, Jetpack Backup, or BackupBuddy, which back up both files and databases and offer scheduled backups.
  • Server-Level Backup Solutions: Many hosting providers offer full-server backups that capture both databases and files, often with daily or weekly schedules.
  • Manual Backup Process: If phpMyAdmin is your only option, you can complement it by downloading your website files via FTP to have a complete backup.

In summary, phpMyAdmin is a reliable tool for database backups but should be combined with file backups or an automated full-site solution to ensure comprehensive protection of your website.

\

On Wed, 12 Jun 2019 at 08:10, Belton IT Nexus Support <[email protected]> wrote:

–REPLY above this line to respond–

 

Hi Isobel,

Please find attached an export of the data requested. I was unable to see where a couple of the fields (namely Ownership Name, Industry Name and State Name) were located, but the rest are there.

Please let me know if you need me to further investigate where this data is stored, or if you need more information than what is in the attached export.

Kind Regards,

Craig Pilott | Internal and Specialist IT Team
Belton IT Nexus Ltd | Direct Dial 09 869 2813 | Office Phone 09 974 2379
Po Box 112371, Penrose, Auckland 1061 | 99 Gavin Street, Mt Wellington, Auckland

For Managed IT Services, Support and Sales visit us on the web at www.belton.co.nz or email me at [email protected]

Wed 12/06/2019/6:30 a.m. UTC+12/ Craig Pilott (time)-

Hi Isobel,

Please find attached an export of the data requested. I was unable to see where a couple of the fields (namely Ownership Name, Industry Name and State Name) were located, but the rest are there.

Please let me know if you need me to further investigate where this data is stored, or if you need more information than what is in the attached export.

Tue 11/06/2019/2:57 p.m. UTC+12/ Isobel Woudberg [email protected]

Hi again,

Attached is an old copy of an extract that we were able to pull out of the

CRM in 2017 from the customer’s tab. Is there ay reason we are no longer

able to extract a report like this anymore?

Thanks,

*Isobel Woudberg*

PA / Business Support

Parkside Media Ltd

________________________________________________________________

–REPLY above this line to respond–

Belton IT Nexus

Good Morning Simon and Henry,

Simon – your first two requests were quite simple as the reports were already pulling data using a function that included the fields you wished to add. I’ve added them as it was a fairly trivial change. Please let me know if something doesn’t look right.

Not all of the other fields you mentioned (in fact I think most of them) were not included in that dataset though, so adding them would be a bit more work. If you’re already looking to consolidate into one report it’s probably simpler in the long run to do that.

To add a completely new report, I would expect it to take on the order of two to four hours, depending on how complex the queries end up being.

Henry – Please see answers below, please note that while I have been the one to make changes to the code most recently, I didn’t write it so I’m not sure of reasons behind design decisions.

CURRENT TECHNOLOGY STACK: OS: Ubuntu OS Questions:

We’re in the process of decommissioning these servers, they’re rather old. I don’t think there are any specific version requirements you’d need to worry about though.

What specific version? Ubuntu 14.04.2 LTS

What are the current specs? CPU, Memory? Two VMs each with 3 vCPU and 8GB RAM load balanced.

Do we have access to the current OS as an admin or they just provided a space for the app for web hosting (shared)? Shared hosting, so no direct access sorry.

Any cron jobs in place? Nothing specific to Parkside, in general though just the usual log rotate and backup/maintenance scriptsLANGUAGE: PHP 5.5.9 Questions:

What is the size of the web application files? Is there a need to store data or is this just a stateless web server? To my knowledge there is nothing like media uploads or anything like that. Just the web application and the database.

5.5.9 is already EOL. Are we seeing this to upgrade its current version? I think it should be fine to upgrade to the latest versions of everything. It would probably be an hour all up for me to test this.

Any other technology/framework that has been used together with PHP? (Ex: Laravel, Yii, React, NodeJs etc…) This looks to have been developed before those sorts of frameworks became popular and is all custom.

What is the authentication method of the application? Is the account created on the application side? LDAP? Or etc… Accounts are all app specific. Very basic authentication. Passwords are stored in the database MD5 hashed, so this side of things is extremely outdated.

Does the code structure follow MVC architecture? No, it’s your traditional mix of PHP inside HTML with some attempt at a custom framework.

What is the current process of the deployment? Is there any CI/CD inplace? or traditional manual deployment via SFTP? All manualDatabase Server: SQL Database? Questions:

Is this hosted on the same OS Ubuntu together with the Apache server? If not, what is the current specs CPU Memory? Separate VM with the same specs as the webservers.

Is this MySQL, MSSQL, PgSQL or etc…? What is the current version and edition? MariaDB 10.0.33

How do we access the database? We have phpMyAdmin available

What’s the current size of the database?  Across all tables, currently a total of 202MB. Though a large portion of that is the audit log table.

Any SQL Jobs in place? NoOther Questions:

Is there any documentation for application traffic/transaction flow? Are there any application diagrams? Not to my knowledge. I was provided with the files for the site and since then have only made minor changes.

Is there any external API that is associated with the application? Not to my knowledge.

If you have any questions please let me know

Kind Regards,

Craig Pilott | Internal and Specialist IT Team

Belton IT Nexus Ltd | Direct Dial 09 869 2813 | Office Phone 09 974 2379

Po Box 112371, Penrose, Auckland 1061 | 99 Gavin Street, Mt Wellington, Auckland

For Managed IT Services, Support and Sales visit us on the web at www.belton.co.nz or email me at [email protected]

How are we going on this request?

Good

Good

OK

OK

Bad

Bad

 

Thu 6/10/2022/8:30 AM UTC+13/ Craig Pilott (time)-

Good Morning Simon and Henry,

Simon – your first two requests were quite simple as the reports were already pulling data using a function that included the fields you wished to add. I’ve added them as it was a fairly trivial change. Please let me know if something doesn’t look right.

Not all of the other fields you mentioned (in fact I think most of them) were not included in that dataset though, so adding them would be a bit more work. If you’re already looking to consolidate into one report it’s probably simpler in the long run to do that.

To add a completely new report, I would expect it to take on the order of two to four hours, depending on how complex the queries end up being.

Henry – Please see answers below, please note that while I have been the one to make changes to the code most recently, I didn’t write it so I’m not sure of reasons behind design decisions.

CURRENT TECHNOLOGY STACK: OS: Ubuntu OS Questions:

We’re in the process of decommissioning these servers, they’re rather old. I don’t think there are any specific version requirements you’d need to worry about though.

What specific version? Ubuntu 14.04.2 LTS

What are the current specs? CPU, Memory? Two VMs each with 3 vCPU and 8GB RAM load balanced.

Do we have access to the current OS as an admin or they just provided a space for the app for web hosting (shared)? Shared hosting, so no direct access sorry.

Any cron jobs in place? Nothing specific to Parkside, in general though just the usual log rotate and backup/maintenance scriptsLANGUAGE: PHP 5.5.9 Questions:

What is the size of the web application files? Is there a need to store data or is this just a stateless web server? To my knowledge there is nothing like media uploads or anything like that. Just the web application and the database.

5.5.9 is already EOL. Are we seeing this to upgrade its current version? I think it should be fine to upgrade to the latest versions of everything. It would probably be an hour all up for me to test this.

Any other technology/framework that has been used together with PHP? (Ex: Laravel, Yii, React, NodeJs etc…) This looks to have been developed before those sorts of frameworks became popular and is all custom.

What is the authentication method of the application? Is the account created on the application side? LDAP? Or etc… Accounts are all app specific. Very basic authentication. Passwords are stored in the database MD5 hashed, so this side of things is extremely outdated.

Does the code structure follow MVC architecture? No, it’s your traditional mix of PHP inside HTML with some attempt at a custom framework.

What is the current process of the deployment? Is there any CI/CD inplace? or traditional manual deployment via SFTP? All manualDatabase Server: SQL Database? Questions:

Is this hosted on the same OS Ubuntu together with the Apache server? If not, what is the current specs CPU Memory? Separate VM with the same specs as the webservers.

Is this MySQL, MSSQL, PgSQL or etc…? What is the current version and edition? MariaDB 10.0.33

How do we access the database? We have phpMyAdmin available

What’s the current size of the database?  Across all tables, currently a total of 202MB. Though a large portion of that is the audit log table.

Any SQL Jobs in place? NoOther Questions:

Is there any documentation for application traffic/transaction flow? Are there any application diagrams? Not to my knowledge. I was provided with the files for the site and since then have only made minor changes.

Is there any external API that is associated with the application? Not to my knowledge.

If you have any questions please let me know

________________________________

For a PHP-based website running on an Apache server with Ubuntu OS, a good method for setting up automated backups involves using cron jobs combined with shell scripts to back up both the site files and the MySQL database.

A cron job is a scheduled task on a Unix-based system, like Linux, that runs automatically at specified times or intervals. It’s managed by the cron daemon (a background service) on the server, which checks for scheduled tasks and executes them accordingly. Cron jobs are especially useful for automating repetitive tasks, such as backups, data updates, sending emails, or running scripts.

In the setup I previously suggested, the cron jobs would be configured on the server hosting your website. This means you’d place the cron job entries in the server’s crontab file (a configuration file where cron jobs are defined). The crontab file can be accessed by logging into the server and using the command:

———————————–

 

On Tue, 26 Jul 2022 at 12:10, Dave Wilson <[email protected]> wrote:

Hey Henry,

 

Thanks for your email & the note re the captcha on the website.

 

Yes I’m happy to look at this, whether we can assist. A few questions from me;

  • What is the current CRM platform you have in place? The CRM is a custom built app (I believe) that pulls data from the SQL database and formats it into tables
  • Confirming you’re not looking to replace your CRM, but to re-house the existing application & SQL into a cloud hosted solution? Yes, this is correct, preferably a mainstream big name provider so that security, data backups etc. are all taken care of giving us a low maintenance solution.

—————————————————-

Thu 8/09/2022/10:00 AM UTC+12/ Craig Pilott (time)-

Hi Simon,

As I mentioned, changes can vary in difficulty, but if you let me know what you’re after I should be able to scope it comfortably within half an hour.

As for moving the CRM, providing an export is quite straightforward, I’m happy to assist with setting things up wherever they’re being moved to should that be needed too. I’ll be able to provide an estimate of what that will take when I’ve spoken with the new host.

————————

Simon Holloway <[email protected]>

19 Oct 2022, 17:15

to Warrick, Amy, Karen

Hi Warrick and Amy, we have finalised plans for some large changes that we are ready to implement and which will affect what support we need ongoing from you.

We are transitioning our brands to two new entities and Parkside Media (and its office and current IT set-up) is being wound down through until mid December.

We’ve currently been working on options of what to do with our CRM, which you host for us, and which Craig has been working on some queries, and I’m not sure yet where that will settle, hence the delay on payment of Inv. 325020. There are two options we are reviewing: one, that one or both of the new entities continues with Belton providing the CRM hosting or two, that the hosting moves to a cloud platform that the new entities self-administer. It sounds like we’ll know what is possible within a week or so, so if we can park that for now and if necessary pro-rate or assign the hosting (if we pay the annual fee) to one or other of the new entities.

Simon Holloway <[email protected]>

20 Oct 2022, 17:40

to Warrick, Amy, Karen

Hi Amy, we’ve had an update from Craig today re the questions around duplicating and hosting the CRM and we’ve decided both new entities would like to have it hosted with Belton, so Parkside will go ahead and pay Invoice 325020; when that instance of the CRM is redirected to one of the new entities we will need to make arrangements for reassigning the account and any support on that database to the new entity, and likewise with the duplicate of the database.

Simon Holloway <[email protected]>

25 Oct 2022, 13:38

to Amy, Karen, Warrick

Thanks Amy, at this stage it looks like we’ll just utilise the hosting of the CRM, everything else we are moving to cloud-based solutions, so yes, please everything terminated except for CRM and short-term we’ll continue with 3CX, although as mentioned it doesn’t appear there’s any monthly billing associated with that.

Simon Holloway

General Manager

Parkside Media Ltd

M +64 27 27 000 66

On Tue, 25 Oct 2022 at 13:22, Amy Agnew – Belton IT Nexus <[email protected]> wrote:

Hi Simon,

 

Thanks for your emails, Warrick has been on leave and is back tomorrow so I will discuss with him then about termination of your support contract and arrangements to make around 3CX. I have in the meantime been in discussion with Craig around the hosting of your CRM and as you have confirmed below we can continue this for you.

 

Our adhoc support rate is $179+gst per hour and billed at a minimum of 15 minutes for any remote support assistance and minimum 1 hour for any onsite visits. There after we charge in blocks of 15 minutes, onsite visits incur a one way travel fee of $79+gst.

 

Can you confirm what solutions you are planning to have in place for security and backup as it appears from your initial email you’re wanting to terminate all of the current services.

 

Kind Regards,

Amy Agnew | CFO

Warrick Ward – Belton IT Nexus <[email protected]>

26 Oct 2022, 10:57

to Simon, Amy, Karen

Hi Simon,

 

3CX has monthly line and calling charges which will continue through until those services are migrated away to whatever platform you wind up with.  In the meantime you can use the 3CX mobile app to take, make and transfer “landline” calls from your mobile devices.

 

Will arrange termination of support services at end of November, as notice period is 30 days prior to end of term, which is end of November as outlined below and should line up nicely for you too.  Until that time we’re still providing support for the AD and 3CX servers.

 

Let us know the new entity legal and trading names once you have them so we can set them up appropriately in our system.

 

In terms of the firewall – this is recommended to stay in place, as it provides perimeter network protection which is important regardless of how you’re accessing your files.  Even without the protection features turned on it’s a very fast, stable and secure router so moving to a Spark SOHO unit is a huge step backwards.

 

Endpoint protection and backups of G Suite data are also things that you should still have in place, as if someone’s device gets hit with Ransomware it will spread throughout the files they have access to from the shared G Suite Drives, and these things enable protection against such threats (endpoint protection with EDR) as well as recovery capabilities for emails and documents right back in their full original structure with an infinite retention period (G Suite backup.)

 

Kind Regards,

Warrick Ward | Chief Sales Officer

Simon Holloway <[email protected]>

5 Jan 2023, 12:36

to Amy, Warrick, Karen

Hi Amy, confirming we no longer need any of the monthly line and calling charges around the 3CX system so can we please cancel any invoicing around that if that’s the last remaining recurring billing we have apart from the CRM hosting.

Did you get the details for the two new entities that will be billed for the CRM iterations going forward? There is a fix regarding saving contact info on the ticket that applies to both new installations (#1590797/CRM Hosting), and the new companies’ details are in that ticket thread too:

The two new entities are:

Via Media Limited

Company number: 8442622

NZBN: 9429039137852

Postal Address: PO Box 82045, Highland Park, Auckland 2010

Accounts email contact: [email protected]

RUSTY MEDIA LIMITED

Company number: 8461785

NZBN 9429050796090

Postal Address: PO Box 46194 Herne Bay, Auckland

Accounts email contact: [email protected]

Let us know if you need any more details to get things set up for 2023.

Simon Holloway

From: Simon Holloway <[email protected]>

Sent: Thursday, 5 January 2023 12:37 PM

To: Amy Agnew – Belton IT Nexus <[email protected]>

Cc: Karen Grimmond <[email protected]>; Warrick Ward – Belton IT Nexus <[email protected]>

Subject: Re: Invoice#325020 from Belton IT Nexus Limited

 

Hi Amy, confirming we no longer need any of the monthly line and calling charges around the 3CX system so can we please cancel any invoicing around that if that’s the last remaining recurring billing we have apart from the CRM hosting.

 

Did you get the details for the two new entities that will be billed for the CRM iterations going forward? There is a fix regarding saving contact info on the ticket that applies to both new installations (#1590797/CRM Hosting), and the new companies’ details are in that ticket thread too:

The two new entities are:

Via Media Limited

Company number: 8442622

NZBN: 9429039137852

Postal Address: PO Box 82045, Highland Park, Auckland 2010

Accounts email contact: [email protected]

RUSTY MEDIA LIMITED

Company number: 8461785

NZBN 9429050796090

Postal Address: PO Box 46194 Herne Bay, Auckland

Accounts email contact: [email protected]

 

Let us know if you need any more details to get things set up for 2023.

—————————-

2/12/2022 Pilott, Craig Service Ticket:1590797

Summary:CRM Hosting

Good Morning Simon and Henry,

The copy over looks to be complete, you had the

correct IP addresses so everything on that end was

nice and straight forward, though I did have to hunt

down a couple of bugs in the code that were

preventing the site from loading.

All three sites are now wholly independent of each

other, . Do you want the Parkside address

redirected, disabled, or left as is for now?

Y 3.00 179.00

———————————

Ruth Mollard – Belton IT Nexus <[email protected]>

Mon, 8 Jun 2020, 12:24

to Simon

Log email to HubSpot

Hi Simon,

 

The information on this invoice is that back in July/August of 2015 we migrated you’re your Webhosting for Parkside CRM from HostGator to our Webhosting platform.  However you have never been charged you for the hosting to date of which the cost is $340 + GST per annum.  5 years amounts to $1700.  From next year you will be charged annual rate of $340 + GST per annum.

 

 

 

Kind Regards,

Ruth Mollard | Operations Manager

——————

Wed 14/02/2018/3:02 p.m. UTC+13/ Warrick Ward-

From: Simon Holloway [mailto:[email protected]]

Sent: Wednesday, 14 February 2018 2:54 P.M.

To: Warrick Ward – Belton IT Nexus <[email protected]>

Subject: SubsPlus database hosting

Hi Warrick, look forward to possibly catching up with you or whomever else might be coming round to go through a debrief post our crypto attack.

One of the primary things I’m wanting to sort would be the issue of SubsPlus remote access.

I have been in touch with DCA, the company who sell the platform, and they’ve told me that they have a client who have had the database hosted remotely. If this is possible, I would like to explore a similar solution to what we have done with our CRM database that you host for us. Could this be an option? The client application would need to be able to access the database from multiple remote clients, both within and without the Parkside domain.

In the first instance, could you let me know if in theory this might be possible.

Thanks

Simon Holloway

General Manager

Thu 15/02/2018/9:59 a.m. UTC+13/ Simon Holloway [email protected] (email)

Hi warrick, see below from SubsPlus dev team; it sounds like we might have

a couple of options to explore, see especially points 1 and 2 (black text

was my query, blue is their response):

Hi Simon

Responses from the dev team:

  1. 1. the SubsPlus database can be hosted remotely on our local IT support

company’s server farm, which would allow for multiple layers of off-site

back-up (we’ve done this with another legacy platform that has a

browser-based UI). Is the client going to be hosted remotely too? If

yes, this should be straight-forward (e.g a Citrix type connection to the

remote client which communicates with the remote server, they can be on the

same or different VMs). If the client is run locally, it would depend on

how the remote provider is configured (i.e. whether it allowed access),

however it is theoretically possible.

SubsPlus client connects to the SubsPlus database via SQL Server

authentication. Make sure that the SQL Server allows remote connections.

Enable TCP/IP protocol on SQL Server.Configure Windows Firewall

_______________________

Amy Agnew – Belton IT Nexus <[email protected]>

6 Jan 2023, 11:30

to Warrick, me, Karen

Log email to HubSpot

Hi Simon,

 

Thanks for your email, I will forward these requests to my technical and accounts teams to make the necessary changes. If they require further details they will be in touch.

 

Kind Regards,

Amy Agnew | CFO

Belton IT Nexus Ltd | Direct Dial +64 9 869 2804 | Office Phone 09 974 2379

Po Box 112371, Penrose, Auckland 1642 | 99 Gavin Street, Mt Wellington, Auckland 1060

For Managed IT Services, Support and Sales visit us on the web at www.belton.co.nz or email me at [email protected]

This communication is confidential and may contain privileged and/or copyright material. If you are not the intended recipient you must not use, disclose, copy or retain it. If you have received it in error please immediately notify me by return email, delete the emails and destroy any hard copies.

From: Simon Holloway <[email protected]>

Sent: Thursday, 5 January 2023 12:37 PM

To: Amy Agnew – Belton IT Nexus <[email protected]>

Cc: Karen Grimmond <[email protected]>; Warrick Ward – Belton IT Nexus <[email protected]>

Subject: Re: Invoice#325020 from Belton IT Nexus Limited

 

Hi Amy, confirming we no longer need any of the monthly line and calling charges around the 3CX system so can we please cancel any invoicing around that if that’s the last remaining recurring billing we have apart from the CRM hosting.

 

Did you get the details for the two new entities that will be billed for the CRM iterations going forward? There is a fix regarding saving contact info on the ticket that applies to both new installations (#1590797/CRM Hosting), and the new companies’ details are in that ticket thread too:

The two new entities are:

Via Media Limited

Company number: 8442622

NZBN: 9429039137852

Postal Address: PO Box 82045, Highland Park, Auckland 2010

Accounts email contact: [email protected]

RUSTY MEDIA LIMITED

Company number: 8461785

NZBN 9429050796090

Postal Address: PO Box 46194 Herne Bay, Auckland

Accounts email contact: [email protected]

 

Let us know if you need any more details to get things set up for 2023.

Simon Holloway

General Manager

———————————————————————

Ruth Mollard – Belton IT Nexus <[email protected]>

Mon, 8 Jun 2020, 12:24

to Simon

Log email to HubSpot

Hi Simon,

 

The information on this invoice is that back in July/August of 2015 we migrated you’re your Webhosting for Parkside CRM from HostGator to our Webhosting platform.  However you have never been charged you for the hosting to date of which the cost is $340 + GST per annum.  5 years amounts to $1700.  From next year you will be charged annual rate of $340 + GST per annum.

 

2023-24 invoice: