PSA for people who rent dedicated servers

SagnikSSagnikS Hosting ProviderOG

Heya,
Recently, I was diagnosing something on a client's server, and it came to my notice that both the disks were failing. So, I asked the DC to get 1 replaced asap, and planned to get the other one later, when the RAID was rebuilt. After waiting for around 2.5 days, they replaced the disk, and on booting the server I see that the replaced disk has LVMs in it. I was curious if the DC formatted it like that (which is very unusual and doesn't make sense since it would be added to a RAID anyway), and apparently not. It was a CloudLinux installation. I didn't go any further, and formatted the drive and added it to my array.

tl;dr: Before you ask the DC to replace a disk, make sure you remove the data that's already present on the disk (overwrite it multiple times, with zeroes, or whatever).

PS: The provider is based out of ColoCrossing, has a super old LET Flash Sales Thread and it's name sounds like a VPS Hosting company. :P

Thanked by (1)masedi

Comments

  • InceptionHostingInceptionHosting Hosting ProviderOG
    edited December 2019

    Brings the question of where the responsibility lies I suppose.

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • SagnikSSagnikS Hosting ProviderOG

    @AnthonySmith said:
    Brings the question of where the responsibility lies I suppose.

    Personally, I feel it's the responsibility of the provider to erase all data on a drive before re assigning it to another customer. Also I believe this is violating their Privacy Policy. ?

  • I nuke my drives before handing them back, and for any dedicated clients, I lock out their IPMI while I then format any drives associated, and only then hand it back to them. If a drive is unsable and can't be safely wiped, it goes into the shred bin. Not worth the headache trying to save generally useless parts.

    My pronouns are like/subscribe.

  • ulayerulayer Hosting ProviderOG

    Sounds fishy... any reliable and trusted datacenter will wipe and test the drive(s) after replacing. Not only to wipe customer data, but to simply validate that the drive really is bad and needs to be RMA'd or tossed.

    But this is one of the many reasons why we use LUKS on all of our disks.

    Thanked by (1)SagnikS

    Universal Layer LLC, a privacy conscious hosting provider
    Check us out @ ulayer.net / twitter.com/ulayer_net

  • @ulayer said:
    to simply validate that the drive really is bad and needs to be RMA'd or tossed.

    +1

    But this is one of the many reasons why we use LUKS on all of our disks.

    Yeah, it costs virtually nothing today.

    Thanked by (1)ulayer
  • SagnikSSagnikS Hosting ProviderOG
    edited December 2019

    @ulayer said: But this is one of the many reasons why we use LUKS on all of our disks.

    Does that mean you have to put in the passphrase everytime you reboot a server? :sweat_smile:

  • InceptionHostingInceptionHosting Hosting ProviderOG
    edited December 2019

    SagnikS said: Personally, I feel it's the responsibility of the provider to erase all data on a drive before re assigning it to another customer.

    I don't know to be honest.

    If I leased a dedicated server, did not erase data that was sensitive properly before handing it back and the DC then reused the drive and someone got hold of the data, I would blame myself.

    Unless that is I was paying for a secure erase as part of the service.

    That said, if I was running a DC, I would for sure have a disk reuse policy which would include a process for at least 0'ing rented drives after pull.

    Thanked by (1)mfs

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • @SagnikS said: Does that mean you have to put in the passphrase everytime you reboot a server?

    Assuming you won't encrypt /boot, with a dracut module or a dropbear initramfs (depending on the distro) you may input a passphrase via SSH before boot or auto-fetch a remote key you make available online or, better, unlock using clevis+tang

    Thanked by (2)ulayer SagnikS
  • funkywizardfunkywizard Hosting ProviderOG

    @SagnikS said:

    @AnthonySmith said:
    Brings the question of where the responsibility lies I suppose.

    Personally, I feel it's the responsibility of the provider to erase all data on a drive before re assigning it to another customer. Also I believe this is violating their Privacy Policy. ?

    I agree

  • ulayerulayer Hosting ProviderOG
    edited December 2019

    @SagnikS said:

    @ulayer said: But this is one of the many reasons why we use LUKS on all of our disks.

    Does that mean you have to put in the passphrase everytime you reboot a server? :sweat_smile:

    As of now, we unlock our disks via dropbear (SSH daemon) that starts up in initramfs. But, in the future we'll have everything automatically unlock on boot with Clevis and Tang. I just have to automate its deployment and do a bunch of testing https://wiki.inf.ed.ac.uk/DICE/MPUTangAndClevisTrial

    I thought of writing a shell script that would check all servers to see if a LUKS passphrase needed to be entered (i.e. a server rebooted randomly and came back up waiting on passphrase) although this could be fooled by someone with enough dedication to capture our LUKS passphrases.

    Thanked by (2)mfs SagnikS

    Universal Layer LLC, a privacy conscious hosting provider
    Check us out @ ulayer.net / twitter.com/ulayer_net

  • ulayerulayer Hosting ProviderOG

    @mfs said:

    @SagnikS said: Does that mean you have to put in the passphrase everytime you reboot a server?

    Assuming you won't encrypt /boot, with a dracut module or a dropbear initramfs (depending on the distro) you may input a passphrase via SSH before boot or auto-fetch a remote key you make available online or, better, unlock using clevis+tang

    Spot on, you beat me to it!

    Thanked by (1)mfs

    Universal Layer LLC, a privacy conscious hosting provider
    Check us out @ ulayer.net / twitter.com/ulayer_net

  • NeoonNeoon OGSenpai
    edited December 2019

    If you wait 2.5 Days to get a disk replaced, take your data and move along.
    I pay Ikoula 4.99 on a dedicated, I got the mainboard replaced and diagnosed within 4 hours.

  • SagnikSSagnikS Hosting ProviderOG

    @Neoon said:
    If you wait 2.5 Days to get a disk replaced, take your data and move along.
    I pay Ikoula 4.99 on a dedicated, I got the mainboard replaced and diagnosed within 4 hours.

    Yeah it sucks, not my server, so I can't do much unfortunately, apart from suggesting the client to switch. There aren't many value options in US either, from what I've seen. :sweat_smile:

  • PureVoltagePureVoltage Hosting ProviderOG

    The provider should make sure it's done, however does this fall on CC? Or the other company depends on who the hardware came from. If they just resell from another company might not have known.

    Always wipe anything you can on your dedicated servers that's for sure.

    PureVoltage - Custom Dedicated Servers Dual E5-2680v3 64gb ram 1TB nvme 100TB/10g $145
    New York Colocation - Amazing pricing 1U-48U+

  • The pre-Internet example of this is renting a porn VHS and not only is tape not rewound to the beginning (even worse, past the last interesting bit), but shows who last rented it.

  • @AlSwearengen said:
    The pre-Internet example of this is renting a porn VHS and not only is tape not rewound to the beginning (even worse, past the last interesting bit), but shows who last rented it.

    Love the username reference.

    Thanked by (1)AlSwearengen
  • SagnikSSagnikS Hosting ProviderOG

    Update: Got the other disk replaced on the server (both disks were dying, so got them replaced one by one), and guess what, it directly booted from their "new" disk into another system that was on the disk lol.

  • @AlSwearengen said:
    The pre-Internet example of this is renting a porn VHS and not only is tape not rewound to the beginning (even worse, past the last interesting bit), but shows who last rented it.

    You do realize that the public library system "National Geographic" specials are not generally considered to be pornography, right?

    My pronouns are like/subscribe.

  • SagnikSSagnikS Hosting ProviderOG

    YAU (yet another update): Their new replaced disk has reallocated sectors.

    This is too much to deal with lol, for a $50/mo server. The company is Virmach, if you want to buy a dedicated server from them, be careful. On a side note, their DDoS protection does absolutely nothing.

    Thanked by (4)falceso cybertech mfs ulayer
  • @WSS said:

    @AlSwearengen said:
    The pre-Internet example of this is renting a porn VHS and not only is tape not rewound to the beginning (even worse, past the last interesting bit), but shows who last rented it.

    You do realize that the public library system "National Geographic" specials are not generally considered to be pornography, right?

    You must have really creeped out your local librarian.

  • @AlSwearengen said:

    @WSS said:

    @AlSwearengen said:
    The pre-Internet example of this is renting a porn VHS and not only is tape not rewound to the beginning (even worse, past the last interesting bit), but shows who last rented it.

    You do realize that the public library system "National Geographic" specials are not generally considered to be pornography, right?

    You must have really creeped out your local librarian.

    Why only creep them out? I like to cosplay as a homeless man and bathe in the public restroom sinks one limb at a time.

    My pronouns are like/subscribe.

  • @WSS said:
    Why only creep them out? I like to cosplay as a homeless man and bathe in the public restroom sinks one limb at a time.

    That's a little too real here. The central library is next to the bus stop, and they should have modelled the restrooms after truck stop showers.

Sign In or Register to comment.