New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
For actual idlers: I do a simple reinstall via the panel.
For anything I've had somewhat "sensitive" data on, I do at least overwrite with zeroes (
/dev/zero), but generally I use/dev/urandom. Sometimes both if I feel like mixing it up.I use FDE, these are the exact (very detailed) steps I take whenever a machine gets cancelled:
this provides no additional security in 99% of cases, most providers use thin provisioning for vm boot disks which, because it doesn't allocate blocks to the virtual disk before they're written by the guest, makes future vms being able to access your data impossible
it's really easy to fuck up with non-thinly provisioned storage though, such as shared networked lvm, as all of the blocks get allocated as soon as the virtual disk is created. if the implementation isn't correct then future guests will be able to access previous users' data
we use exactly this approach for our block storage (and i assume most other providers offering networked block storage do the same), but the lv is automatically zero-filled before being deleted which mitigates this issue
tldr; probably not necessary for boot disks, but a good idea for block storage
Reinstall
I simply reinstall, but lately I just let it terminated, figured out the provider will wipe it anyway
What? Like with a cloth or something?
As long you server didn't have any dedicated block storage directly, its something not necessary to do cause mostly time provider doing virtual disk image.
But you could consider doing dm-crypt on first place, so its less hassle in future.
FDE on a VPS provides very little additional security since the keys are stored in RAM which the provider can just ... read?
Everybody and their grandma is already aware of that.
That isn't the primary reason for it, read what the scenario in the thread is about again.
You can choose to load up the HD to help yourself think you wiped it all. If your host offers backup or not, they may be doing regular backups anyways and already have your old data, even if they don’t tell you.
Why: they don’t want you to know they had an outage and just quietly took care of you.
same just too lazy
Based on providers not being able to reactivate a VPS that has been cancelled (they can only reactivate the service) I just don't see any point. If I was going to wipe my vps I'd probably take it a step further, as I would, and ask them to delete my data off their backups lol
do several reinstall by using different OS templates: Ubuntu - CentOS - Debian - ArchLinux ....
i shred and incinerate the virtual disk
I think reinstall is enough...too many vps to keep track with at the moment and I keep migrating some of my services to newly bought vps lol
I think this question rather side steps another, what happens if the server becomes unavailable unexpectedly and permanently? e.g. the host goes out of business, or the server gets repossessed. So any concerns over data leaking to a new tenant needs to address that first.
no, too lazy, i just cancel it
I wipe and reinstall. Unless at ovh. They're serious about data deletion.
They've the best GDPR compilance i've seen so far
A provider will delete the server from its storage space after the user no longer needs it. But as a user, if you have important data on the server, it is better to delete it before canceling the server. It is better to be safe than sorry.
I never wipe my servers. What is the company going to do with my pay gorn collection? Watch it? In the office during working hours?
Real possiblity.
Freaky company
@emgh i have a name idea freaky.hosting ok?
Should work. Looking forward to the grand release.
i never do that, bc if my data is sensitive, i should encrypt it at start. If a provider want user data they can grab it any time, no need to do it after services cancel
You have to wipe your server 6 months prior to cancelling to ensure that your data drops out of the provider's regular backups too. (for providers that take backups that you cant control through a control panel.)