New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I want to get VPS's just to provide that they access the services
Why do you want this thread deleted?? When googling dedicatserver.ro this thread appears on page 2, soon page 1.
You haven't even made one statement denying the practice of logging into customers servers and breaching their privacy. Untill you're gonna that, this thread is gonna follow you for years to come. You will be branded as a "rouge, shady provider".
A seriouse provider would have no problem categorically denying they log into customers servers. I suspect if we were to ask all members with a Provider tag on this forum, all of them would have no problem making such a statment - except you.
What I also find precarious, it seems you are not able to understand how seriouse this matter is. No statements, asking the thread to be deleted, hoping members eventually will forget about it...
Why don't you want to answer a few simple questions?
— Is alexvolk lying when he claimed you logged into his server without approval?
— Do you ever log into customers servers without their knowledge or approval?
If so, do you delete bash history or in any other way remove traces of the login? If so, why?
Yesn't.
There. Happy?
Ok, let's say he get the thread deleted. What does he solve? Alex could go and do review's on other forums/websites.
I really do hope @alexvolk post his review of @dedicatserver_ro on other forums too.
Alex is gone. He isn't coming back here. He was really offended that he got branded as a liar by LET mods/admins.
No one called him a liar. That is a way a Karen would spin things! Really there is a little more to the story maybe!
Using a provider you expect to plant backdoors into templates is much, much dumber than using the premade templates to begin with. Seriously, if you're using a provider like this, the problem is you.
They have access. Unless you're encrypting the drive, it's moot, they can access it if they want. I didn't see you mention that as a requirement installing from ISO.
Also, the issue isn't logging in via SSH, it's using the console and pregenerated root password.
People who don't value their time shouldn't necessarily be giving advice to others. Low memory servers NEED to use templates since their memory doesn't support the live installers. Then there's the time to mount ISO from provider, boot from console, manual install (which often fail), static IP setup, etc.
This is the problem. You keep asking for the IP so you can check if you had permission (OP clearly didn't). Therefore, you have one valid response, "we have only accessed servers with permission". Any other response means you have accessed servers without permission, and that's bad regardless of this specific user. Full. Stop.
I wont trust my local machine with the drive encryption and you put trust on a remote server?:)
Come on, assume the worst. In any scenario.
Most panels outside SolusVM automatically insert a key or allow the provider to add 'their' key as mentioned, unless your using some special system which does not support such and part of that is if you want the panel to perform certain 'features' on your server it will require access to the server to do so. You can circumvent this by encrypting your disk volume and removing their keys -- at the same time you forfeit any of said features which would require said access.
Again, if you read the thesis statement of what I said, I mentioned that I assumed the person managing the server had some type of experience. If you know your way around, you shouldn't need to be told to protect your privacy or encrypt your drive.
Again, I stated you should remove the providers keys from your authorized_keys and you should disable password authentication in favor of ssh keys, but you didn't read that part. I am guessing you also want me to spoon feed you the idea that if you don't encrypt the drive they could simply re-insert the ssh key into your drive image on reboot... sure...
This isn't true at all either. I have a low memory KVM with only 1GB of SSD storage on it and I managed to do a custom install -- again, the assumption is the person reading has some of these skills already, sorry to hear the skills I assumed most would have exceed yours and you need a template or hand holding. Regarding your argument about time, well security has to cost something.. if you care about it.. a little of your time to do it right shouldn't be considered that large of a cost... or you know, have automated scripts to do most of the work for you..
My 2 cents.
Cheers!
Then they can also add them later, depending on storage and filesystem.
Wtf? So? whoosh ssh keys are not passwords and ssh isn't the local console. You can turn off and remove all ssh keys, but provider still has console login with root. You're providing bad information as you have a bad understanding.
That depends on the OS to install, obviously. SMH 512MB and 768MB have issues.
You would have to explain to me how that works, I have not seen a system that can just give you magic console root access (unless OpenVZ / LXC). Most likely one of the following is the case:
1. He never changed the original root password provided by the template he used to install and that password is stored by the platform and was used to access via console
2. The server contained an SSH key place there by the platform - though most platforms would require server to be rebooted for this, I guess it wouldn't surprise me to find this can be done in real time on an un-encrypted volume (the platform would access the server and reset root password using it's key or place a custom root user which is later removed)
3. The server is OpenVZ / LXC and none of this whole thread matters because the provider wouldn't even need to enter the container to see all the processes it was running or see any of it's contents -- if they entered a openvz container then I would assume it was to document it's specific processes more easily?
If anyone knows of a system that can do what he is suggesting that I haven't documented, please do share, I like to learn new things!
I mean sure I guess if your not familiar with installing them in that fashion but a lot allow PXE bootable installers (assuming you don't have ISO access) and I guess if you were using a the graphical installer instead of say a netinstall CD it could result in not enough memory to run the installer but there are still ways around this if you really want, debbootstrap is a thing.
I don't disagree that it may be easier to just use a template though in those cases but now we are just splitting hairs about a very niche use case.
my 2 cents.
Cheers!
I'll wait for the day this host does something bad and laugh at the people defending this host.
minute of silence for @alexvolk
@alexvolk hope to see you around again soon.
Don't worry, have a new provider post offers and @alexvolk will be back to have one of his psycho stalker episodes on their thread.
So some questions arise for me. Can anyone tldr them for me please?
What is the outcome now? How can a successful login via console happen and clear the history and logfiles? Can such thing realistically happen by an executed script on the machine itself? My guess would be either a custom built script from the provider and/or a manual login, anything else possible?
When you buy a VPS, they generate a password for you.
If you change the password when you restart the VPS, the password is the old
Why delete the post ? Do you think that you are still at high school, as to sweep something under the rug ?
Is this incident a joke to you?
spin again
not clear and run away ... not responsible
.... or anybody have conclusion on this case ?
@dedicatserver_ro my friendly advice to you would be one of my favorite @cociu quotes (which is ironic since he said this to you lol).
"See in your own garden"
dd if=disk.img | ssh root@host "dd of=/dev/sda"Where EZPZ means setting IP and whole process takes time (60+ minutes) with several potential time sucks like matching hypervisor, etc.
Why the fuck would it take you 60 minutes to do an install/configuration?
I have a scriptable build environment for my setup, but even then running the installer manually on a local VM and then dd-ing the disk image to the server shouldn't take you that long.
pouring one out for @alexvolk
@alexvolk is still around thank goodness
It is moot anyway.
When will people understand that there is no way to protect your data if not stored locally if you decrypt it at some point?
There are ways to get the keys from node memory and virtually any method can be thwarted.
I am using iSCSI which contain tc/vc containers which I only mount on my PC after mounting the iSCSI drive, of course.
The block device data comes encrypted to my pc then is decrypted here, the key is only in my pc memory and the traffic, even if fully sniffed and decrypted will not help with anything else than the container that can be read on the VM.
This is kind of safe, decrypting in your VM means possible snooping, no matter the provider, you need to assume hostile host/ISP/Government if you really are serious about your privacy.
No, sir, he insulted and slandered way too much. There are rules and they should apply to alexvolk too. If we can make up rules to ban the undesirables, then we MUST apply the common sense rules written and kept for a long time but not applied when they do not serve our agenda. This is not whether he lied or not in this case, it is about his language, his attacks, him being a dick, in short. You can make your point politely, provide evidence, discuss it with the provider in public if needed, I have nothing to hide, but I have no idea why he was suspended for if he didn't give me a ticket number making it impossible to defend anything and allowing people to claim absolutely anything and not require them to give some proof is encouraging and supporting slander, because, sooner or later, someone will see this is supported and encouraged.
If we turn this into HF and a chan of sorts, people which dont like those will leave and the ones that do will go to the originals.
Even as I personally agree with him in this case, that does not mean the end justifies the means.
free speech is good, alex adds diversity. there's people on here i don't like but i don't think banning is the right approach 99% of the time... unless we're talking spam bots, aff stuffing, etc.
i don't even think the host in context should be banned really, maybe provider tag revoked but regardless this thread will most definitely fuck up their business so it doesn't really matter.
So, if we really want to fuck up businesses here, no proof required, then need to rename, lowendslander is better than lowendtalk.