Topic: .. (Read 2844 times)

Yes, we have probably visited the same datacenters and the security is insane and way more involved than the average person expects. Multiple armed guards on each floor, cameras everywhere, lengthy background checks for network administrators , keypasses tracking me and only allowing me access to certain parts of the building, extensive backup power, EMP protection, backup cooling , ect--- layers and layers of security.

 RAID is no replacement for offsite backups or redundancy plans. Additionally, one should plan to have a backup server/s located in a country that doesn't have a history of being a lapdog to the US.

^^ THIS + 100. as enterprise admin i can sign it. obviously you know what you are talking about.) regarding damage and theft, also these factors can be highly minimized, I visited couple of T4 high sec. data-centers around the world and except some military invasion or massive terrorist attack, I really can't even imagine simple physical "theft" from some rack. there were so many checks, scanners, cameras everywhere, guards everywhere, nobody alone in room rules..etc..

Regarding HW damage, this is solved by clustering in different buildings or even in different towns/countries..running services on fully redundant HW is not problem at all..

I can tell you have worked as a network administrator before, and agree with your comments. Additionally, collocation for a high traffic site like bitcointalk could save thousands of dollars in lease fees a month.

There are some downsides of course. More work setting it up, initial costs of servers, the need to occasionally upgrade the hardware and sell off old servers, ect... all these things can intimidate someone without experience but really isn't difficult and well worth it for high traffic sites that need better security. I am sure there must be one member of staff or moderator with a bit of data center experience?

Man, you really have comprehension problems.

I'll repeat: colocation a privately owned server solves nearly all the avenues of "social engineering" attack. By "privately owned" I mean server not leased from the hosting company but a server owned outright or leased independently from the server manufacturer or distributor. The colocation staff will then only have as much access as you decide to provide them, typically limited to pushing buttons, inserting media into tray and connecting cables. The hacking risk is limited to intentional damage or physical theft.

And please quit your "large operation" "giant datacenter" bullshit. Colocation space can be bough in 1U units (1.75 inch height, 19" wide, varying depth around 1meter). Employee time can be bought in quarter-hour increments. The "human factors" are limited to physical theft that is extremely rare and easier caught and prosecuted.

Its fine, I have often made the mistake of overly complicating solutions unnecessarily before realizing that simplicity is often superior which seems to be what is happening with epochtalk , but that is a whole other conversation.

Oh, I know what you mean now. Heh, too much prior discussion of private built hosting centers on islands had me thinking in extremes.

My bad.

This is an unusual statement to make as I don't think anyone is suggesting bitcointalk get into the expensive datacenter business or 2112 suggestions are 100% bulletproof. Every option has various tradeoffs and inherent costs.

Some other options besides fully managed/un-managed leased dedicated servers -
1) managed colocated servers
2) unmanaged colocated servers
3) leasing a cabinet with your own servers
4) leasing your own cage

I personally think it is a bit unusual that Theymos is paying for multiple managed or un-managed dedicated server leases, especially based upon the inherent security considerations of this forum and costs.  

There are ways to protect colocated servers as well from tampering.
https://www.racksolutions.com/secure-server-unit.html
is one example amongst many. Additionally, every datacenter I have worked in had many security cameras, armed guards, tracking keypasses, ect...

This is all quite clear to me.  
It's expensive to set up. It's not like you DL a wordpress style and host it on GoDaddy. Thanks for explaining.

Ecatly, I have proposed in the past days the creation of an "home made" server to hosting the forum but I do not know if it is a really *possibilty or not.


*With all the money spent in the creation of the epochtalk forum software.

We are discussing the feasibility of creating our own hosting location, having our own facilities, not giving another random 3rd party access to the server. I thought you were aware that the hosting company staff were the weak link in this hack. The way to get around that, is to change to a facility operated by an employee of the Bitcointalk. That would involve building our own infrastructure, hiring staff to monitor its physical location, etc. That would also involve owning property to build on.

If we just rent server space from an already established company, we face the same issues. Not having complete trust of the people who have access to the server. So if we are talking about just changing hosts to something that isn't a large operation in a giant datacenter to a shared location with a couple of other people, we still have to worry about the human factor.

But in this case it was 'used' also a soc. eng. practice... and you can build the security that you want but if an employee will reset the root password it will be really a problem  .

However I think (all) we are waiting more info. from theymos about this situation.

Dude, what can I say? You are not only a compulsive bullshit artist, but you've also mostly lost touch with reality. What buildings? What full time employees? What tax implications? One is true: .

I am an expert, but I'm not really interested in learning the finances of this forum. It is up to theymos to scan his tax returns for bitcointalk and call Dell Small Business (or any other large reseller of electronics) financial department and ask them how much credit he's going to get for his non-profit organization. Literally millions of small business' owners done that before him.

I could then discuss various technical details and options, but I'm too ethical to even joke about $5k hosting in a shed.

All I have to say is my school had lots of wisdom retaining and maintaining the old mainframe. It allowed us to learn not only the technical details of virtualization (it was called VM/370 then, not KVM or whatever) but also experience first hand the bullshit from the time-share salesmen. The "cloud" terminology was not invented then, everyone used "time-share". Nowadays the "time-share" is a dirty word related to the vacation package sales. But the infectious anti-technical sales bullshit permeating the business is the same as it was through the 1960-1980 when it was popular.

But before he's going to even scan the tax returns for the forum he'll need to ask himself a question "Do I give a flying fuck on a rolling donut about the information security of the members of this forum?" Maybe the true answer really is "I like to have a convenient 'scapegoat in the cloud'. I can always point to the sky and say 'It was their fault, not mine!'".

Giving you a quote is dependent upon many variables but as a rule of thumb Colocation is more secure and less expensive in the long term in almost all cases. Leasing a dedicated server is less expensive initially because you don't need to purchase the hardware, install it and have some backup parts on hand/or have funds set aside for a smart hand. Colocation has higher upfront costs and complexities but most small businesses can pay 50-150USD a month on colocation fees.

Example-
Leasing a dedicated server may cost ~150 USD a month for the first 6 month promotion and than ~250 USD a month thereafter. You could purchase a refurbished 2u server for a couple grand and spend 80 dollars a month in colocation fees.

A higher traffic site like Bitcointalk would need more expensive servers purchased and higher colocation fees  but would have much higher levels of savings as the dedicated server lease fees and bandwidth costs would be much more as well.

Colocation would likely offer better security and large savings in the longterm.

That really won't help much against something like this. The hackers would just ask the hosting company to change the whitelisted IP's too, they already reset the root password for the hackers, I don't see why they wouldn't change the whitelisted IP's too.

***wonders if iv yet again been ignored on suggestions for forum security*** white list ips that can access the server or very least who can use root.

again very simple solution to a not so complex hack and add email alerts to every single attempted login and successful login

you should change your password.

other effects may be old accounts coming back to life...

is there something missing ? since bitcointalk forum hacked?
what is the major effect on this attack?

It's a pretty good record, that said the hackers could have made some coin from the bounties but I guess they thought hacking a userbase was a better ROI in the long run either way it is a lot of work
It does make me wonder if this is the last hack per se of the old forum, the new forum software's launch is getting closer as will a ton of holes in all likelihood.

Hey Mods, do you realize some people work in IT, some at small businesses who are renting servers too, knowing that it's not that big of a deal these days?

Heh, no it would not had the forums not had years of reserves. What it brings in for advertising revenue is public, just check the closed auction threads to see what it could support.


I wasn't asking for something that you spent 20 minutes or more figuring out, I meant a rough figure, because for someone who knows what they are doing, you are either grossly overestimating the forum's budget or underestimating the cost of setting up multiple datacenters in various countries and the unpleasantness that would come with that. The forum could support a single full time employee perhaps, not multiple + building expenses + interesting tax implications for owning physical property, and more tax issues for having physical property in multiple countries. I'm no expert on the matter, but even with absurdly and unreasonably low cost assumptions, we are still vast sums of money apart. I could set up a datacenter in a shed in my backyard for $5k. If Theymos wants to take me up on that offer, I'd be happy to oblige.