|
|
|
|
|
|
| Author |
Message |
Steve at fivetrees
*nix forums addict
Joined: 21 May 2005
Posts: 82
|
 Posted: Tue Jun 20, 2006 12:17 pm Post subject:
Re: OpenBSD-based Website Providers?
|
|
|
<dfeustel@mindspring.com> wrote in message
news:huRlg.2656$DI2.2057@trnddc05...
| Quote: | I've been using Mindspring.com as my website host
for a long time. But Mindspring uses (and apparently
will continue to use) simple ftp for file transfer.
Reading _Counter Hack Reloaded_, 2nd Ed., has convinced
me that I should look for an (OpenBSD) ISP that supports
SCP for file transfers. Is there a list of such servers?
(possibly at openbsd.org, although I did not spot it)
Or can anyone recommend some inexpensive sites?
(my website is not commercial).
|
I run a webhosting business, primarily (but not exclusively) for independent
musicians. Been running OpenBSD since we started up in '99 (currently using
3.7; we upgrade every 2-3 years or so). However, we're still using FTP for
uploads (my clients are mostly not technical), but I'd be interested in
providing more secure alternatives. To be clear: FTP is indeed insecure, but
this doesn't make my systems insecure per se - as you'd expect from an
OpenBSD nut  . We *don't* provide log-in accounts.
We're in the UK, if that makes any difference. Our servers are very lightly
loaded, are co-loco'ed on a big phat pipe, and hence are quite zippy... More
details on my site. Yell if I can help.
Steve
http://www.fivetrees.com |
|
| Back to top |
|
 |
jpd
*nix forums Guru
Joined: 22 Feb 2005
Posts: 877
|
| Posted: Tue Jun 20, 2006 1:38 pm Post subject:
Re: OpenBSD-based Website Providers?
|
|
|
Begin <huRlg.2656$DI2.2057@trnddc05>
On 2006-06-20, dfeustel@mindspring.com <dfeustel@mindspring.com> wrote:
| Quote: | I've been using Mindspring.com as my website host
for a long time. But Mindspring uses (and apparently
will continue to use) simple ftp for file transfer.
|
And why is that, do you think?
I am not necessairily defending the practice, but I am advocating
knowing the reasoning behind it, if any. If you look at how and what the
traffic passes, you will note that the need for securing data that will
subsequently be offered up to everyone on a website, varies with your
local network neighbourhood.
| Quote: | Reading _Counter Hack Reloaded_, 2nd Ed., has convinced me
|
I haven't read the book but the title suggests it belongs to a sad
class of populistic and sensationalist books that do little more than
spread FUD and maybe a sense of urgency to fix it[2]. Those tend to be
extremely thick and full of screenshots and lots of little details and
must-do's and not enough solid background to make your own decisions.
I don't know about this book, but a quick read of a review by Rob Slade
on the RISKS list[1] of the predecessor (_Counter Hack_) does not
suggest this book is much above the rest.
Letting yourself be convinced in such a way as likely as not means that
you end up doing things that merely result in some sense of security,
but you still won't have the background to make a good solid tradeoff
accounting of your own.
Point in case: No amount of encryption of data on the wire will prevent
trojans on your windows box from grabbing the password and sending it
somewhere else. Yes, securing your file transfers would be better, but
you might have other things with more urgency to take care of. Can you
decide which needs attention first?
| Quote: | [...] I should look for an (OpenBSD) ISP that supports SCP for file
transfers.
|
There are more options than just scp and sftp. For example, ftps, that
is ftp/ssl or ftp/tls would do it in a pinch, and rsync/ssh is useful
for updating websites as well. There are probably some more protocols
(webdav/https, anyone?) with potential use.
| Quote: | Is there a list of such servers?
|
Not that I know of. If you're serious about this, you can always start
one. I'd suggest including more than just isps that support scp/sftp.
[1] In itself a great source of discussion on computer related risks; at
least the digest is a must read for basically anyone who deals with
design and implementation of computer systems, especially ones that
deal with a greater public.
[2] But where this ``it'' is so fuzzy it might very well give rise to the
dreaded ``We must do something! This is something! We must do this!''
--
j p d (at) d s b (dot) t u d e l f t (dot) n l .
This message was originally posted on Usenet in plain text.
Any other representation, additions, or changes do not have my
consent and may be a violation of international copyright law. |
|
| Back to top |
|
|
dfeustel@mindspring.com
*nix forums addict
Joined: 13 May 2006
Posts: 67
|
| Posted: Tue Jun 20, 2006 2:06 pm Post subject:
Re: OpenBSD-based Website Providers?
|
|
|
jpd <read_the_sig@do.not.spam.it.invalid> wrote:
| Quote: | Begin <huRlg.2656$DI2.2057@trnddc05
On 2006-06-20, dfeustel@mindspring.com <dfeustel@mindspring.com> wrote:
I've been using Mindspring.com as my website host
for a long time. But Mindspring uses (and apparently
will continue to use) simple ftp for file transfer.
And why is that, do you think?
I am not necessairily defending the practice, but I am advocating
knowing the reasoning behind it, if any. If you look at how and what the
traffic passes, you will note that the need for securing data that will
subsequently be offered up to everyone on a website, varies with your
local network neighbourhood.
|
My problem is that I may be suffering from a DOS against ftp uploads.
SCP would seem to eliminate at least some of the DOS/DDOS possibilities.
| Quote: | Reading _Counter Hack Reloaded_, 2nd Ed., has convinced me
I haven't read the book but the title suggests it belongs to a sad
class of populistic and sensationalist books that do little more than
spread FUD and maybe a sense of urgency to fix it[2]. Those tend to be
extremely thick and full of screenshots and lots of little details and
must-do's and not enough solid background to make your own decisions.
|
You really should take a look at the book yourself.
| Quote: | I don't know about this book, but a quick read of a review by Rob Slade
on the RISKS list[1] of the predecessor (_Counter Hack_) does not
suggest this book is much above the rest.
|
In my opinion, _CHR_ is good enough to make me consider buying a copy
for reference.
| Quote: | Letting yourself be convinced in such a way as likely as not means that
you end up doing things that merely result in some sense of security,
but you still won't have the background to make a good solid tradeoff
accounting of your own.
Point in case: No amount of encryption of data on the wire will prevent
trojans on your windows box from grabbing the password and sending it
|
I run OpenBSD, not windows.
| Quote: | somewhere else. Yes, securing your file transfers would be better, but
you might have other things with more urgency to take care of. Can you
decide which needs attention first?
|
Securing my ability to ftp upload is currently my most important task.
Nothing else comes close.
| Quote: |
[...] I should look for an (OpenBSD) ISP that supports SCP for file
transfers.
There are more options than just scp and sftp. For example, ftps, that
is ftp/ssl or ftp/tls would do it in a pinch, and rsync/ssh is useful
for updating websites as well. There are probably some more protocols
(webdav/https, anyone?) with potential use.
|
I am not infatuated with any specific secure protocol for ftp.
So far no ISPs I have used offer *any* secure method of ftp.
I would like to find an ISP that at least *offers* a secure ftp.
| Quote: | Is there a list of such servers?
Not that I know of. If you're serious about this, you can always start
one. I'd suggest including more than just isps that support scp/sftp.
|
My interest in such a list is using it to get an affordable ISP that
provides a secure ftp. IMHO it would definitely be a smart advocacy
move for OpenBSD.org to provide such information as part of its listing
of OpenBSD support.
--
Using OpenBSD with or without X & KDE?
http://dfeustel.home.mindspring.com |
|
| Back to top |
|
|
dfeustel@mindspring.com
*nix forums addict
Joined: 13 May 2006
Posts: 67
|
| Posted: Tue Jun 20, 2006 2:16 pm Post subject:
Re: OpenBSD-based Website Providers?
|
|
|
Steve at fivetrees <steve@nospamtafivetrees.com> wrote:
| Quote: | dfeustel@mindspring.com> wrote in message
news:huRlg.2656$DI2.2057@trnddc05...
I've been using Mindspring.com as my website host
for a long time. But Mindspring uses (and apparently
will continue to use) simple ftp for file transfer.
Reading _Counter Hack Reloaded_, 2nd Ed., has convinced
me that I should look for an (OpenBSD) ISP that supports
SCP for file transfers. Is there a list of such servers?
(possibly at openbsd.org, although I did not spot it)
Or can anyone recommend some inexpensive sites?
(my website is not commercial).
I run a webhosting business, primarily (but not exclusively) for
independent musicians. Been running OpenBSD since we started up in
'99 (currently using 3.7; we upgrade every 2-3 years or so). However,
we're still using FTP for uploads (my clients are mostly not
technical), but I'd be interested in providing more secure alternatives.
To be clear: FTP is indeed insecure, but this doesn't make my systems
insecure per se - as you'd expect from an OpenBSD nut . We *don't*
provide log-in accounts.
We're in the UK, if that makes any difference. Our servers are very
lightly loaded, are co-loco'ed on a big phat pipe, and hence are
quite zippy... More details on my site. Yell if I can help.
http://www.fivetrees.com
|
All I need is a non-commercial website, email, and a secure way to ftp.
(I'm pretty sure that scp is part of the base install of OpenBSD).
A secure method of sending email and downloading pop email would be a
big plus. What would those services cost?
Thanks
--
Using OpenBSD with or without X & KDE?
http://dfeustel.home.mindspring.com |
|
| Back to top |
|
|
jpd
*nix forums Guru
Joined: 22 Feb 2005
Posts: 877
|
| Posted: Tue Jun 20, 2006 4:45 pm Post subject:
Re: OpenBSD-based Website Providers?
|
|
|
Begin <OhTlg.6571$Za5.6241@trnddc04>
On 2006-06-20, dfeustel@mindspring.com <dfeustel@mindspring.com> wrote:
| Quote: | My problem is that I may be suffering from a DOS against ftp uploads.
SCP would seem to eliminate at least some of the DOS/DDOS possibilities.
|
Let's see how this would work. D/DoSes work by swamping the target with
data, or send it data that causes a lot of work to be performed in vain,
or both, to the effect that it deprives legitimate users from using
the targeted resources. This is a definition you can find in any good
computer network security book.
Now, you propose to replace ftp with something else, and that has a
few consequences. You'll get a different isp, and that might make the
problems go away, but if it was *you* that was targeted, maybe the
attacker will re-target on you again?
Then, a different protocol, using a different port. If the attack is
port-targeted, this might help, but you don't need a protocol change for
that, as even FTP daemons support moving over to another port. If the
link itself is swamped, no protocol or port changes are going to save
you.
In addition, crypto is generally (and in the case of public key crypto,
especially) computing intensive; each connection setup requires quite a
lot of cpu cycles. So it's just as likely, if not more likely, you'll
worsen the situation.
I really don't see why or how, if you really have a D/DoS directed
against you, slapping on crypto would help, or how you came to be
convinced that it would help.
| Quote: | You really should take a look at the book yourself.
|
If what you picked up from it is anything to go by, no thanks.
Your conviction you need to do something might be understandable but
your reasoning does need some work.
| Quote: | My interest in such a list is using it to get an affordable ISP that
provides a secure ftp. IMHO it would definitely be a smart advocacy
move for OpenBSD.org to provide such information as part of its listing
of OpenBSD support.
|
Then talk to the OpenBSD project directly, they probably have an
advocacy mailinglist somewhere, which would be a better place to propose
this. Still, someone needs to actually do it. Would you volunteer?
--
j p d (at) d s b (dot) t u d e l f t (dot) n l .
This message was originally posted on Usenet in plain text.
Any other representation, additions, or changes do not have my
consent and may be a violation of international copyright law. |
|
| Back to top |
|
|
dfeustel@mindspring.com
*nix forums addict
Joined: 13 May 2006
Posts: 67
|
| Posted: Tue Jun 20, 2006 6:26 pm Post subject:
Re: OpenBSD-based Website Providers?
|
|
|
jpd <read_the_sig@do.not.spam.it.invalid> wrote:
| Quote: | Begin <OhTlg.6571$Za5.6241@trnddc04
On 2006-06-20, dfeustel@mindspring.com <dfeustel@mindspring.com> wrote:
My problem is that I may be suffering from a DOS against ftp uploads.
SCP would seem to eliminate at least some of the DOS/DDOS possibilities.
Let's see how this would work. D/DoSes work by swamping the target with
data, or send it data that causes a lot of work to be performed in vain,
or both, to the effect that it deprives legitimate users from using
the targeted resources. This is a definition you can find in any good
computer network security book.
|
There is also session hijacking.
| Quote: | Now, you propose to replace ftp with something else, and that has a
few consequences. You'll get a different isp, and that might make the
problems go away, but if it was *you* that was targeted, maybe the
attacker will re-target on you again?
|
Very likely, if that is what is going on.
| Quote: | Then, a different protocol, using a different port. If the attack is
port-targeted, this might help, but you don't need a protocol change for
that, as even FTP daemons support moving over to another port. If the
link itself is swamped, no protocol or port changes are going to save
you.
In addition, crypto is generally (and in the case of public key crypto,
especially) computing intensive; each connection setup requires quite a
lot of cpu cycles. So it's just as likely, if not more likely, you'll
worsen the situation.
I really don't see why or how, if you really have a D/DoS directed
against you, slapping on crypto would help, or how you came to be
convinced that it would help.
|
A little more authentication might prevent session hijacking, if that is
what is going on. This is covered in _CounterHack Reloaded_.
| Quote: |
You really should take a look at the book yourself.
If what you picked up from it is anything to go by, no thanks.
|
Suit yourself.
| Quote: | Your conviction you need to do something might be understandable but
your reasoning does need some work.
My interest in such a list is using it to get an affordable ISP that
provides a secure ftp. IMHO it would definitely be a smart advocacy
move for OpenBSD.org to provide such information as part of its listing
of OpenBSD support.
Then talk to the OpenBSD project directly, they probably have an
advocacy mailinglist somewhere, which would be a better place to propose
this. Still, someone needs to actually do it. Would you volunteer?
|
I think there are serious compatibility problems between me and a
number of subscribers to the OpenBSD misc mailing list.
I used to post regularly to misc. My posts were not appreciated and
I took a lot of abuse from some of the other posters.
I think it was a case of "shoot the messenger" since I discovered
several problems with security on OpenBSD. To be fair, the problems were
with X and with KDE, but the problems made OpenBSD insecure when KDE
was running. KDE developers regarded the problem as OpenBSD's and vice
versa. The KDE problem was partially fixed in 3.9. I stopped using X
after the OpenBSD developers said that real security could only be achieved
by not running X. Almost all of the problems I had been having stopped after
I reinstalled OpenBSD 3.9 without X. At any rate, it was suggested that
I stop posting on misc. So I stopped posting on misc and started posting
on a variety of unix-related newsgroups. This has worked out well for me.
Theo's project is too important for me to be constantly aggravating the
developers with my posts to misc. I appreciate the advice I got from Theo.
--
Using OpenBSD with or without X & KDE?
http://dfeustel.home.mindspring.com |
|
| Back to top |
|
|
jKILLSPAM.schipper@math.u
*nix forums Guru Wannabe
Joined: 13 Nov 2005
Posts: 202
|
| Posted: Tue Jun 20, 2006 7:13 pm Post subject:
Re: OpenBSD-based Website Providers?
|
|
|
dfeustel@mindspring.com wrote:
| Quote: | jpd <read_the_sig@do.not.spam.it.invalid> wrote:
Begin <huRlg.2656$DI2.2057@trnddc05
On 2006-06-20, dfeustel@mindspring.com <dfeustel@mindspring.com> wrote:
I've been using Mindspring.com as my website host
for a long time. But Mindspring uses (and apparently
will continue to use) simple ftp for file transfer.
And why is that, do you think?
I am not necessairily defending the practice, but I am advocating
knowing the reasoning behind it, if any. If you look at how and what the
traffic passes, you will note that the need for securing data that will
subsequently be offered up to everyone on a website, varies with your
local network neighbourhood.
My problem is that I may be suffering from a DOS against ftp uploads.
SCP would seem to eliminate at least some of the DOS/DDOS possibilities.
|
Aside from the fact that SCP doesn't, what makes you believe you are the
target of a DoS? As opposed to, say, a not-quite-perfectly configured
system?
<snip>
| Quote: | somewhere else. Yes, securing your file transfers would be better, but
you might have other things with more urgency to take care of. Can you
decide which needs attention first?
Securing my ability to ftp upload is currently my most important task.
Nothing else comes close.
|
Well, that's basically impossible. A standard residential line can
always be DoS'ed by a sufficiently large botnet.
| Quote: | [...] I should look for an (OpenBSD) ISP that supports SCP for file
transfers.
There are more options than just scp and sftp. For example, ftps, that
is ftp/ssl or ftp/tls would do it in a pinch, and rsync/ssh is useful
for updating websites as well. There are probably some more protocols
(webdav/https, anyone?) with potential use.
I am not infatuated with any specific secure protocol for ftp.
So far no ISPs I have used offer *any* secure method of ftp.
I would like to find an ISP that at least *offers* a secure ftp.
|
Why? In almost all cases, you only FTP stuff that ends up on a
world-accessible page anyway, and commercial hosts are not sufficiently
secure to trust with anything you wouldn't trust FTP with.
Or, more to the point, it's almost always possible to at least read
your data after compromising another account, and compromising any
account is generally rather easy. OpenBSD has little to do with this;
it's mostly a matter of correctly configuring the web server used,
typically Apache. Basically, only suEXEC
<http://httpd.apache.org/docs/1.3/suexec.html> is likely to really
prevent this (PHP has several features, like safe_mode and open_basedir,
that try to give a chroot-like experience; sadly, they do not seem very
robust, and I'd not entrust really important data to such security).
Of course, suEXEC makes using mod_php and the like impossible - and the
traditional CGI paradigm requires starting a new php process for each
web page, which is very bad for performance.
FastCGI seems to solve at least some of these problems, but at the cost
of being more complicated and supported on few commercial hosts.
Finally, you could go the way I took - just run your own server. Sure,
people can still DoS you off the net, but at least you get to provide
your own security. Of course, if it's a server for the local students'
association, you still don't get to choose to kill PHP; but at least you
can implement *some* security (like updates only being possible over
Subversion over SSH).
| Quote: | Is there a list of such servers?
Not that I know of. If you're serious about this, you can always start
one. I'd suggest including more than just isps that support scp/sftp.
My interest in such a list is using it to get an affordable ISP that
provides a secure ftp. IMHO it would definitely be a smart advocacy
move for OpenBSD.org to provide such information as part of its listing
of OpenBSD support.
|
If you want secure webhosting, post a threat model and your requirements
(for instance, do you want DoS protection, confidentiality, ...?)
Joachim |
|
| Back to top |
|
|
jpd
*nix forums Guru
Joined: 22 Feb 2005
Posts: 877
|
| Posted: Tue Jun 20, 2006 7:44 pm Post subject:
Re: OpenBSD-based Website Providers?
|
|
|
Begin <_4Xlg.8651$nS5.5754@trnddc07>
On 2006-06-20, dfeustel@mindspring.com <dfeustel@mindspring.com> wrote:
| Quote: |
There is also session hijacking.
|
But that isn't what you said. If all you do is throw random
possibilities in the group just to say ``look what I read, mom!'', it
isn't worth bothering to discuss.
--
j p d (at) d s b (dot) t u d e l f t (dot) n l .
This message was originally posted on Usenet in plain text.
Any other representation, additions, or changes do not have my
consent and may be a violation of international copyright law. |
|
| Back to top |
|
|
dfeustel@mindspring.com
*nix forums addict
Joined: 13 May 2006
Posts: 67
|
| Posted: Tue Jun 20, 2006 8:10 pm Post subject:
Re: OpenBSD-based Website Providers?
|
|
|
While I have considerable respect for the technical talents of the
responders to the original post of this thread, they are drifting away
from my original problem, so I am not going to continue with this thread.
I appreciate the effort the responders put into this, but there is a
communication problem here caused, IMHO, by the restricted bandwidth of
email. Of course if you want to visit me here in downtown Fort Wayne to
discuss this further over a beer or two... :-)
Dave Feustel
jKILLSPAM.schipper@math.uu.nl wrote:
| Quote: | dfeustel@mindspring.com wrote:
jpd <read_the_sig@do.not.spam.it.invalid> wrote:
Begin <huRlg.2656$DI2.2057@trnddc05
On 2006-06-20, dfeustel@mindspring.com <dfeustel@mindspring.com> wrote:
I've been using Mindspring.com as my website host
for a long time. But Mindspring uses (and apparently
will continue to use) simple ftp for file transfer.
And why is that, do you think?
I am not necessairily defending the practice, but I am advocating
knowing the reasoning behind it, if any. If you look at how and what the
traffic passes, you will note that the need for securing data that will
subsequently be offered up to everyone on a website, varies with your
local network neighbourhood.
My problem is that I may be suffering from a DOS against ftp uploads.
SCP would seem to eliminate at least some of the DOS/DDOS possibilities.
Aside from the fact that SCP doesn't, what makes you believe you are the
target of a DoS? As opposed to, say, a not-quite-perfectly configured
system?
snip
somewhere else. Yes, securing your file transfers would be better, but
you might have other things with more urgency to take care of. Can you
decide which needs attention first?
Securing my ability to ftp upload is currently my most important task.
Nothing else comes close.
Well, that's basically impossible. A standard residential line can
always be DoS'ed by a sufficiently large botnet.
[...] I should look for an (OpenBSD) ISP that supports SCP for file
transfers.
There are more options than just scp and sftp. For example, ftps, that
is ftp/ssl or ftp/tls would do it in a pinch, and rsync/ssh is useful
for updating websites as well. There are probably some more protocols
(webdav/https, anyone?) with potential use.
I am not infatuated with any specific secure protocol for ftp.
So far no ISPs I have used offer *any* secure method of ftp.
I would like to find an ISP that at least *offers* a secure ftp.
Why? In almost all cases, you only FTP stuff that ends up on a
world-accessible page anyway, and commercial hosts are not sufficiently
secure to trust with anything you wouldn't trust FTP with.
Or, more to the point, it's almost always possible to at least read
your data after compromising another account, and compromising any
account is generally rather easy. OpenBSD has little to do with this;
it's mostly a matter of correctly configuring the web server used,
typically Apache. Basically, only suEXEC
http://httpd.apache.org/docs/1.3/suexec.html> is likely to really
prevent this (PHP has several features, like safe_mode and open_basedir,
that try to give a chroot-like experience; sadly, they do not seem very
robust, and I'd not entrust really important data to such security).
Of course, suEXEC makes using mod_php and the like impossible - and the
traditional CGI paradigm requires starting a new php process for each
web page, which is very bad for performance.
FastCGI seems to solve at least some of these problems, but at the cost
of being more complicated and supported on few commercial hosts.
Finally, you could go the way I took - just run your own server. Sure,
people can still DoS you off the net, but at least you get to provide
your own security. Of course, if it's a server for the local students'
association, you still don't get to choose to kill PHP; but at least you
can implement *some* security (like updates only being possible over
Subversion over SSH).
Is there a list of such servers?
Not that I know of. If you're serious about this, you can always start
one. I'd suggest including more than just isps that support scp/sftp.
My interest in such a list is using it to get an affordable ISP that
provides a secure ftp. IMHO it would definitely be a smart advocacy
move for OpenBSD.org to provide such information as part of its listing
of OpenBSD support.
If you want secure webhosting, post a threat model and your requirements
(for instance, do you want DoS protection, confidentiality, ...?)
Joachim
|
--
Using OpenBSD with or without X & KDE?
http://dfeustel.home.mindspring.com |
|
| Back to top |
|
|
Nilux
*nix forums beginner
Joined: 21 Jun 2006
Posts: 1
|
| Posted: Wed Jun 21, 2006 7:31 pm Post subject:
Re: OpenBSD-based Website Providers?
|
|
|
On Tue, 20 Jun 2006 12:03:25 GMT, dfeustel@mindspring.com wrote:
| Quote: | I've been using Mindspring.com as my website host
for a long time. But Mindspring uses (and apparently
will continue to use) simple ftp for file transfer.
Reading _Counter Hack Reloaded_, 2nd Ed., has convinced
me that I should look for an (OpenBSD) ISP that supports
SCP for file transfers. Is there a list of such servers?
(possibly at openbsd.org, although I did not spot it)
Or can anyone recommend some inexpensive sites?
(my website is not commercial).
Thanks,
Dave Feustel
--
Using OpenBSD with or without X & KDE?
http://dfeustel.home.mindspring.com
|
Textdrive provides these features for a monthly 12$ fee : scp, imaps,
smtp (with tls and ssl), https with 1 GB disk space and 3 GB bandwitch
allocation. Unfortunately, their servers run on Solaris, but they have
a good QoS so far and their customer support is active. See
http://www.textdrive.com/
---
Nilux |
|
| Back to top |
|
|
dfeustel@mindspring.com
*nix forums addict
Joined: 13 May 2006
Posts: 67
|
| Posted: Wed Jun 21, 2006 9:13 pm Post subject:
Re: OpenBSD-based Website Providers?
|
|
|
Nilux <nilux@no-log.org> wrote:
| Quote: | On Tue, 20 Jun 2006 12:03:25 GMT, dfeustel@mindspring.com wrote:
I've been using Mindspring.com as my website host
for a long time. But Mindspring uses (and apparently
will continue to use) simple ftp for file transfer.
Reading _Counter Hack Reloaded_, 2nd Ed., has convinced
me that I should look for an (OpenBSD) ISP that supports
SCP for file transfers. Is there a list of such servers?
(possibly at openbsd.org, although I did not spot it)
Or can anyone recommend some inexpensive sites?
(my website is not commercial).
Thanks,
Dave Feustel
--
Using OpenBSD with or without X & KDE?
http://dfeustel.home.mindspring.com
Textdrive provides these features for a monthly 12$ fee : scp, imaps,
smtp (with tls and ssl), https with 1 GB disk space and 3 GB bandwitch
allocation. Unfortunately, their servers run on Solaris, but they have
a good QoS so far and their customer support is active. See
http://www.textdrive.com/
---
Nilux
|
This looks promising.
Thanks!
--
Using OpenBSD with or without X & KDE?
http://dfeustel.home.mindspring.com |
|
| Back to top |
|
|
Steve at fivetrees
*nix forums addict
Joined: 21 May 2005
Posts: 82
|
| Posted: Thu Jun 22, 2006 8:49 am Post subject:
Re: OpenBSD-based Website Providers?
|
|
|
<dfeustel@mindspring.com> wrote in message
news:_4Xlg.8651$nS5.5754@trnddc07...
| Quote: | jpd <read_the_sig@do.not.spam.it.invalid> wrote:
Begin <OhTlg.6571$Za5.6241@trnddc04
On 2006-06-20, dfeustel@mindspring.com <dfeustel@mindspring.com> wrote:
My problem is that I may be suffering from a DOS against ftp uploads.
SCP would seem to eliminate at least some of the DOS/DDOS possibilities.
Let's see how this would work. D/DoSes work by swamping the target with
data, or send it data that causes a lot of work to be performed in vain,
or both, to the effect that it deprives legitimate users from using
the targeted resources. This is a definition you can find in any good
computer network security book.
There is also session hijacking.
|
My experience so far (since '99) as a hosting provider would suggest this is
very unlikely. There are all kinds of things that can interfere with proper
FTP operation, and FTP applications all seem to behave differently. Here, I
live behind effectively two firewalls - first my ADSL (NAT'ing) router, then
my (NAT'ing) OpenBSD home server. The older ws_ftp works fine, but the newer
WS_FTP Home has never worked properly - and they're both from the same
author.
The biggest real problem with FTP is sniffing - i.e. the password is
transmitted in clear. At worst, this means that the FTP space is insecure
(which is why it's a bad idea to put scripts in FTP space, and is why we
don't allow it). I've not yet come across an actual case of session
hijacking. (Actually, I've not known any of our FTP accounts to be
compromised either, but hey...)
What we *do* see all the time is script kiddies - dictionary attacks etc.
Looks to me like the vast majority of the "crackers" out there are
unskilled. I guess it's possible you've been targeted by a skilled villain,
but - why? What does the cracker stand to gain? Skilled people rarely spend
the time unless there's a payoff or a reason.
Steve
http://www.fivetrees.com |
|
| Back to top |
|
|
dfeustel@mindspring.com
*nix forums addict
Joined: 13 May 2006
Posts: 67
|
| Posted: Thu Jun 22, 2006 12:09 pm Post subject:
Re: OpenBSD-based Website Providers?
|
|
|
Steve at fivetrees <steve@nospamtafivetrees.com> wrote:
| Quote: | I guess it's possible you've been targeted by a skilled villain,
but - why? What does the cracker stand to gain? Skilled people rarely
spend the time unless there's a payoff or a reason.
|
Take it as a given.
It appears that your website is in Europe. I have no credit card so
there is probably an issue wrt payment should I sign up. What are the
payment options for a non-commercial site (no ecommerce)?
Thanks.
--
Using OpenBSD with or without X & KDE?
http://dfeustel.home.mindspring.com |
|
| Back to top |
|
|
roy
*nix forums beginner
Joined: 20 Feb 2005
Posts: 22
|
| Posted: Tue Jun 27, 2006 2:58 am Post subject:
Re: OpenBSD-based Website Providers?
|
|
|
dfeustel@mindspring.com wrote:
| Quote: | I've been using Mindspring.com as my website host
for a long time. But Mindspring uses (and apparently
will continue to use) simple ftp for file transfer.
Reading _Counter Hack Reloaded_, 2nd Ed., has convinced
me that I should look for an (OpenBSD) ISP that supports
SCP for file transfers. Is there a list of such servers?
(possibly at openbsd.org, although I did not spot it)
Or can anyone recommend some inexpensive sites?
(my website is not commercial).
Thanks,
Dave Feustel
|
Hi Dave,
I've been using 1&1 (www.1and1.com) as my hosting provider. They run a
custom Linux version, but they support SCP and are relatively
inexpensive. Their cheapest package provides 5 GB of space for $2.99
per month.
Enjoy,
roy
--
The suespammers.org mail server is located in California. Please do
not send unsolicited bulk e-mail or unsolicited commercial e-mail to
my suespammers.org address or any of my other addresses. These are my
opinions, not necessarily my employer's. |
|
| Back to top |
|
|
Tim Judd
*nix forums beginner
Joined: 06 Jun 2006
Posts: 19
|
| Posted: Tue Jul 18, 2006 1:21 pm Post subject:
Re: OpenBSD-based Website Providers?
|
|
|
dfeustel@mindspring.com wrote:
| Quote: | I've been using Mindspring.com as my website host
for a long time. But Mindspring uses (and apparently
will continue to use) simple ftp for file transfer.
Reading _Counter Hack Reloaded_, 2nd Ed., has convinced
me that I should look for an (OpenBSD) ISP that supports
SCP for file transfers. Is there a list of such servers?
(possibly at openbsd.org, although I did not spot it)
Or can anyone recommend some inexpensive sites?
(my website is not commercial).
Thanks,
Dave Feustel
|
I saw an ad for easyspeedy.com, and spoke with their sales dept. You
have unlimited root access to your own server, the ability to
(re)install any OS they list (they're working on getting 3.9 available..
they use a special installer to install on your server without human
interaction).
Seems like a very worthy server system; I plan to at least check them
out when I have my finances in order.
Check out: http://easyspeedy.com/servers/operating_systems_linux_bsd.jspx
it's their list of Operating Systems they can install without human
interaction. |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Fri Nov 21, 2008 3:36 am | All times are GMT
|
|
Loan | Debt Consolidation Loan | Best Credit Cards | Debt | Buy Shares
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
*nix
»
BSD
»
OpenBSD
