How to stop webhost frome entering vps without permission?
- Thread starter Minmeo
- Start date
Hi, are you saying that you want to sell webhosting on your VM but don't want to be able to enter your VM?
More seriously, there's no way to 100% stop someone who has control over the physical server (host node) where your virtual machine is residing from accessing the virtual machine, simply because the virtualization is being performed by the host node. Every instruction, every object in memory is visible to the host node. You can think about encrypting your memory or filesystem, but you have to store the encryption keys somewhere, so those keys are going to be visible too.
With OpenVZ it's especially difficult since every process in your VM actually corresponds to a separate process on the host node. It's just one level above chroot, where host could just chroot into your directory.
If you are using KVM, you can make it harder by encrypting filesystem and such (there's almost ZERO REASON not to take do these kinds of things as they give you some level of security/privacy with minimal performance impact), but it's still possible for someone with control over host node to peer in.
Solution is to run the instance inside a host node fully under your control. You may want to ensure no connection to the Internet to ensure that an attacker cannot maliciously take control of host node.
Anyway, this has been asked in tens of topics -- for example http://lowendtalk.com/discussion/9921/privacy-on-vps-providers-how-reliable-is-to-host-private-data
More seriously, there's no way to 100% stop someone who has control over the physical server (host node) where your virtual machine is residing from accessing the virtual machine, simply because the virtualization is being performed by the host node. Every instruction, every object in memory is visible to the host node. You can think about encrypting your memory or filesystem, but you have to store the encryption keys somewhere, so those keys are going to be visible too.
With OpenVZ it's especially difficult since every process in your VM actually corresponds to a separate process on the host node. It's just one level above chroot, where host could just chroot into your directory.
If you are using KVM, you can make it harder by encrypting filesystem and such (there's almost ZERO REASON not to take do these kinds of things as they give you some level of security/privacy with minimal performance impact), but it's still possible for someone with control over host node to peer in.
Solution is to run the instance inside a host node fully under your control. You may want to ensure no connection to the Internet to ensure that an attacker cannot maliciously take control of host node.
Anyway, this has been asked in tens of topics -- for example http://lowendtalk.com/discussion/9921/privacy-on-vps-providers-how-reliable-is-to-host-private-data
Last edited by a moderator:
lbft
New Member
No. You have to ultimately trust your host.
It's possible to make it more difficult (e.g. IIRC a modified /bin/bash could log/prevent vzctl enter) but with OpenVZ simfs your filesystem is literally a directory on the host node's filesystem, so they still have complete visibility of all your data.
Even if OpenVZ wasn't as transparent as it is, you are running your stuff on someone else's hardware - the host can pretty much do what they want (e.g. with KVM, they can just copy your disk and mount it, or read your RAM).
It's yet another reason not to buy from shitty hosts.
It's possible to make it more difficult (e.g. IIRC a modified /bin/bash could log/prevent vzctl enter) but with OpenVZ simfs your filesystem is literally a directory on the host node's filesystem, so they still have complete visibility of all your data.
Even if OpenVZ wasn't as transparent as it is, you are running your stuff on someone else's hardware - the host can pretty much do what they want (e.g. with KVM, they can just copy your disk and mount it, or read your RAM).
It's yet another reason not to buy from shitty hosts.
Last edited by a moderator:
Minmeo
New Member
What about xen?
I do not think my hosts will have reason to do this but found it interesting and worrisome to as I did not know previously.
mojeda
New Member
Ultimately you will always have to trust your provider regardless if it's Xen, OVZ, KVM, VMWARE. Your host will always retain some ability to do what they want with your VM, however some technologies may make it harder however not necessarily impossible.
If you're having to find a way to keep a provider out of your hosted VM, then you should look into other providers who are trustworthy, or rethink your strategy (think dedicated servers).
If you're having to find a way to keep a provider out of your hosted VM, then you should look into other providers who are trustworthy, or rethink your strategy (think dedicated servers).
On XEN/KVM you could run CryptFS if you have a CPU that has AES features. A host could still dig through your memory to find your hashing key but that's going pretty HAM to get at your stuff.
For OpenVZ it's purely a trust thing. I can't speak for other hosts, but for us, whenever we need to access a customers container we ask for written permission in the form of a ticket. We could just as easily 'enter' into a customers VM, but we do our best to return just as much respect as our customers put on us.
Francisco
DomainBop
Dormant VPSB Pathogen
If you're using the VPS/cloud server to host important business data and are really concerned about privacy then look for a host whose business has been audited for security practices and passed with flying colors (i.e.SSAE 16 certification in the US-example Atlantic.net and FireHost, ISO27001 in the EU-example CloudVPS and LeaseWeb, and many others), and also make sure the data centers they use have similar security certifications. Security certifications won't eliminate all of the risk but they'll reduce it significantly (i.e. hosts that hire skids they met on Skype/LET/during recess, or give admin access to poorly vetted outsourced workers aren't going to get certified).
On the other end of the scale there are openvz hosts like GVH who have made public comments (on LET) like these
""There is no privacy warranted due to OpenVZ virtualization not being full virtualization."
"Hosting providers utilizing OpenVZ virtualization technology to provide "virtual private server" web hosting services are under no obligation to abide by data privacy laws as due to the nature of OpenVZ virtualization, the data within OpenVZ containers is sandboxed as a part of the host node, which belongs to the host."
""After confirming suspicion from a process scan we vzctl into the container and run ls commands. Usually after the 2nd or 3rd command we find a massive directory filled with the illegally obtained content + the source, and that's when the termination button is hit and that's all done within like 30 seconds."
http://www.webhostingtalk.com/showpost.php?p=9242552&postcount=4
Bottom line: if you're using openvz and care about data privacy you're taking a risk and to decrease that risk you really need to do your research to be sure you can trust your host and the people it employs (check reviews, check their business history and if applicable their personal history , their company's hiring practices, etc , etc.)
+1 to that.
On the other end of the scale there are openvz hosts like GVH who have made public comments (on LET) like these
""There is no privacy warranted due to OpenVZ virtualization not being full virtualization."
"Hosting providers utilizing OpenVZ virtualization technology to provide "virtual private server" web hosting services are under no obligation to abide by data privacy laws as due to the nature of OpenVZ virtualization, the data within OpenVZ containers is sandboxed as a part of the host node, which belongs to the host."
""After confirming suspicion from a process scan we vzctl into the container and run ls commands. Usually after the 2nd or 3rd command we find a massive directory filled with the illegally obtained content + the source, and that's when the termination button is hit and that's all done within like 30 seconds."
http://www.webhostingtalk.com/showpost.php?p=9242552&postcount=4
Bottom line: if you're using openvz and care about data privacy you're taking a risk and to decrease that risk you really need to do your research to be sure you can trust your host and the people it employs (check reviews, check their business history and if applicable their personal history , their company's hiring practices, etc , etc.)
Last edited by a moderator:
In short, yes - the vps provider can enter and view the 'content' of their client's vps's in most cases. OpenVZ is one that is far easier for the admins (or sadly, hackers how may break into the master node) to then jump in and view your data.
How do you avoid having a legit vps provider from wanting/needing to go into your VPS? Don't violate their ToS, don't do things like torrents, spamming, or attract DDoS attacks - and your provider will never have need to go in and investigate an abuse/issue complaint.
If you want to protect your content- you can go with a more strict virtualization technology like Xen (or Vmware) that uses special file system/block-level systems to hold your data, it requires a bit more for someone to remotely enter (but still they can get in if they are willing to take your server offline, and mount it to view things - but you would notice it in most cases). If you use Xen or another virtualization technology with real kernel level access like Xen/KVM or Vmware, but not openVZ) you could create an encrypted file system, or even install something like TrueCrypt to make a secondary volume/disk drive inside your VPS that is fully encrypted only accessible by you.
Even if you have a dedicated server, if someone has physical access to the device (just like a VPS node) - its possible with enough effort to get to your data. So encryption is the next level to help maintain (*but still no guarantee*) privacy.
oh.. p.s. if you really don't trust your provider, and think they are snooping around - you already got a problem you need to solve. So if you are hiding data with encryption because you think they are snooping around for no reason, you may want to find a new home promptly.
AndrewM
New Member
To be fair, I'm sure your host has better things to do then vzctl into your container to look at your wordpress files, or beyond that dig through memory. Prying eyes will always be in the back of your mind, but I'm sure your host has better things to do. If not, then you should reconsider what kind of hosts you sign up with.
I'm not going to offer a suggestion here because ultimately, any suggestion is moot if a dedicated box isn't in your budget.
I'm not going to offer a suggestion here because ultimately, any suggestion is moot if a dedicated box isn't in your budget.
You should really read the horror stories more often.
You have more than a few on WHT where admins start to browse peoples data for reasons to boot them.
The sz1 guy got busted going into someones container as well and was why the whole 'DDOS LE into the ground' war started.
Francisco
Wasn't this the same with ChrisK and Avante?
Or was that simply limited to Minecraft servers?
I'm not sure if he went into anyones server/etc, the only mix up i've seen with him was with the whole clamhost story.
Francisco
Ahh found one.
http://i.imgur.com/hhne2jz.jpg
http://i.imgur.com/D3WNY5w.jpg
Ehh that was 2012 though. Who knows.
Anyways, basically the summary of the topic is "lolno"
I'll give him the 'young & dumb' benefit since the amount of complaints we hear these days is minimal and his companies keep on the right track.
Francisco
AndrewM
New Member
Fair enough, although if they are utilizing their time to pry open client's
This above all else. If you flip the coin and look at it from the providers point of view; what are you doing on/with your VM that makes you want to hide from me (the provider) so badly? Will the police be knocking on my door and at the DC's door simultaneously wanting to confiscate equipment?