New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
That's actually a simple and good idea. If we list any annual plans we will put an "Annual Plans" tag on there for easier searching from now on.
Thank you for the suggestion.
Same thing might be done for 1gbit ports maybe? Should ease searching too.
@djvdorp speed port is only one variable from many and I think that such requests (someone will want 1GB memory tag, another one will want 100GB HDD tag, another one will want intel tag, etc..) would lead into fragmentation not ease searching. Beside that speed port isn't always known, or it's limited with bandwidth quota or with "open support ticket to free upgrate to 1gbit port" and so on...
I prefer only more general tags like op suggested, not tag for every possible variable.
-How about an 'IPv6' support tag ?- sorry, never seen before :-[
But who is going to define "IPv6 ready"? :-) To have and be able to use is still quite different!
There is already such a tag: ipv6
The strike text decoration seems to be not functional ?!
If they provide an IPv6 address to me and i am able to do a ping6, they are ready.
When they're assigned to the VM upon creation with no input needed from the client?
@Aldryic i don't know it is a good idea to assign ipv6 adresses to clients who don't know what ipv6 is. For instance they may not know how to setup firewall for ipv6, and think that because they setup firewall (for ipv4) they are safe now... while being widely open for connections/attacks over ipv6.
Where is the harm? I assign everyone a single IPv6 address, it's there, use it or not, I don't care, need more, just ask. I see no need to join in the competition with others to out-do each other on how much space they can waste on a single user assigning everyone some ridiculously large block of IPv6
@miTgiB for instance sshd is bound to ::22, which means it is accessible by both ipv4 and ipv6.
Customer installs iptables firewall and thinks "i am safe now". Nope - sshd is still accessible/open over ipv6...
IMHO ipv6 should be assigned only if the customer explicitly requests it (be it by just clicking on a "i want ipv6" checkbox).
Maybe than they dont have to sign up for an unmanaged box ?
And providers can setup the firewall to drop all IPv6 traffic (except ipv6-icmp and 22) by default.
@rds100 why would we not implement ipv6 because a client may not be knowledgeable about how to set up a firewall for it. That's the clients issue! Most clients don't even know how to set up one for ipv4.
Maybe i can't express myself correctly due to my non-native english.
You should implement ipv6. You should give your customers the ability to use ipv6, if they want to. You should not force ipv6 on their VPS if they did not know it will be there.
1) We don't provide Windows VPSes.
2) There's a very strong chance that if they don't know what ipv6 is, they're not going to do a good job of securing the v4 anyways.
Edit:
3) ifconfig, ifdown
From a clients point of view I would in the case when ipv6 is auto setup to every vps, have the possibility to drop a ticket to have ipv6 removed.
@xonion : and people not knowing how to drive shouldn't buy a car.
Ahm, sorry but, what rules you have for ssh? You don't need nothing. Bruteforcing is the only thing I can thing
So, probably I will never buy one? lol
Exactly
>
On my machines i only allow ssh connections from a handful of static IPs.
Yet there are many idiots in traffic, people I think shouldn't drive.
But somehow they passed the drivers exam so ....
That's your choice... for most people, disabling root login, password auth, and enabling SSH keys (and possibly moving the port) is plenty.
It's my job to ensure that our billing hardware and client information stays secure. It's Anthony's job to ensure the nodes and client data are secure. Francisco's job to ensure the router and network remain secure.
It's the client's responsibility to secure their own VPS.
Ok guys, i give up Your company, your rules and defaults.
Either way, I dont think thats a provider issue.
Would you give them no IPv4 if they dont know how to setup iptables ?
Exactly
I know everyone considers disabling root login the first security meassure you should take, still - is the chance THAT big that my rootpassword will be cracked?!
The two biggest targets for bruteforce are the root account, and port 22. Eliminating those two possibilities gives enough security that anything else you do is essentially extra.
Related:
Mark has been using an 'ipv6' tag it looks like. I thought LEA was using one back in the day too?
We have "Offers". How about "Annual Offers"? I like that idea better than the tags thing.
I am suggesting TAG "approved by Aldryic & Francisco" because new company supported with this tag would have by default more chances to grow and survive despite all early hiccups many new companies go through.
@Heinz or how about we just redirect lowendbox and lowendtalk to buyvm.net ? Would that be better for you?