diff --git a/server/lib/classes/cron.d/500-backup.inc.php b/server/lib/classes/cron.d/500-backup.inc.php
index abca144f4043207bb0fde7dcff5d7188b470f267..537c5880b61313714787ebd970bd4c1c9ab96de9 100644
--- a/server/lib/classes/cron.d/500-backup.inc.php
+++ b/server/lib/classes/cron.d/500-backup.inc.php
@@ -74,10 +74,14 @@ class cronjob_backup extends cronjob {
 			
 			//* mount backup directory, if necessary
 			$run_backups = true;
-			$server_config['backup_dir_mount_cmd'] = trim($server_config['backup_dir_mount_cmd']);
-			if($server_config['backup_dir_is_mount'] == 'y' && $server_config['backup_dir_mount_cmd'] != ''){
-				if(!$app->system->is_mounted($backup_dir)){
-					exec(escapeshellcmd($server_config['backup_dir_mount_cmd']));
+			$backup_dir_mount_cmd = '/usr/local/ispconfig/server/scripts/backup_dir_mount.sh';
+			if( $server_config['backup_dir_is_mount'] == 'y' &&
+				is_file($backup_dir_mount_cmd) &&
+				is_executable($backup_dir_mount_cmd) &&
+				fileowner($backup_dir_mount_cmd) === 0
+			){
+			if(!$app->system->is_mounted($backup_dir)){
+					exec($backup_dir_mount_cmd);
 					sleep(1);
 					if(!$app->system->is_mounted($backup_dir)) $run_backups = false;
 				}
diff --git a/server/lib/classes/cron.d/500-backup_mail.inc.php b/server/lib/classes/cron.d/500-backup_mail.inc.php
index ae85db2b940946da80cb883f105a95f49f8d465a..09223cc52a81d6cf0caeddee3d2a90dde4ed002c 100644
--- a/server/lib/classes/cron.d/500-backup_mail.inc.php
+++ b/server/lib/classes/cron.d/500-backup_mail.inc.php
@@ -61,10 +61,13 @@ class cronjob_backup_mail extends cronjob {
 		if($backup_dir != '') {
 			//* mount backup directory, if necessary
 			$run_backups = true;
-			$server_config['backup_dir_mount_cmd'] = trim($server_config['backup_dir_mount_cmd']);
-			if($server_config['backup_dir_is_mount'] == 'y' && $server_config['backup_dir_mount_cmd'] != ''){
+			if( $server_config['backup_dir_is_mount'] == 'y' &&
+				is_file($backup_dir_mount_cmd) &&
+				is_executable($backup_dir_mount_cmd) &&
+				fileowner($backup_dir_mount_cmd) === 0
+			){
 				if(!$app->system->is_mounted($backup_dir)){
-					exec(escapeshellcmd($server_config['backup_dir_mount_cmd']));
+					exec($backup_dir_mount_cmd);
 					sleep(1);
 					if(!$app->system->is_mounted($backup_dir)) $run_backups = false;
 				}