New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
What to do before returning a server?
I will be returning a server I do not need any more. What is the proper way to erase data so that they are not easily recoverable by the next person who rents the server? I have some keys uploaded to connect to other servers (which I will keep).
I did a bit of search and I saw mentioned that most tools that claim to securely delete files don't really do it right if there's a RAID involved. Is that true? What do you do?
Comments
remove the HD and RAM..
The best way would be full disk encryption since the first day you obtain the server. For now, the best you can do is use some file shredding tools such as
scrub
orshred
.If it is a VPS, there is a high chance it is also being backed up offsite so there is nothing much you can do.
Take HDD/SSD out and perform the ritual of water.
Meaning: Get naked, dance in circles few times with a shot of vodka and pee all over all them. If SSD is in a casing, take it out prior of course.
Data will be gone.
It's a rented dedi. So I can't remove anything or shower it with vodka
If that's the case just use file shredding tool such as
scrub
orshred
, should be good enough for HDD. It will still work regardless if it is on RAID or not.The only problem is SSD because it contains some reserved memory. This means even you override all the theoretical space, it might miss out some bits here and there.
My advice is run the shredding tool for a few times on SSD, then run a secure erase instruction on the SSD drive.
Oh, well. Then @exFAT's advice will suffice.
dd if=netboot.xyz of=/dev/?d* && reboot && dban for a couple days.
Thank you guys! I also love the fact that the most to the point advice came from someone nicknamed FAT32
Well, formatting to FAT32 works as well, sort of.
He is the guy you turn to when you want data to be gone for good. He is a hitman for data.
You're thinking of @ReiserFS.
Might be tricky to know offhand for the OP what you meant with "netboot.xyz".
Putting it more simply, just booting from the host's rescue system and running
dd if=/dev/zero of=/dev/sdX bs=1M
until completion should be enough;...yes, even just once, and even just zeroes and not anything more complex like random data with dban. With modern HDD densities, it is an urban legend that NSA (or whoever) can recover data overwritten with zeroes. And absolutely out of the question if your concern is not NSA, but just the next customer, who won't have physical access to that HDD to begin with.
If you want to nuke your shit and you have private keys- you can probably google that, tho?
Thank you @rm_ for taking the time to clarify. I happen to be familiar with it already but the thought matters. Thanks!
If you have very valuable/confidential data, sure, take all the precautions you can. But as a host, I can say there is really no incentive to go through your data/files even if we have the password, all your data/files are unencrypted and neatly organized and named. Its just too much of a pain.
The only time we go though 'client drives' is if the server was ordered fraudulently. So we like to know what the fraudster was doing, and maybe get some insight. But even then its a PITA and hardly worth the time.
Take every reasonable precaution to safeguard (or delete) your data, but i wouldn't worry too much about your data being snooped on by hosts.
Any recommendations for easy setup / using?
Boot from Ubuntu LTS /Debian stable ISO.
There's an option to use 'Encrypted LVM'; it sets up the required partitions with /boot being an unencrypted partition (as required)
Confirm OK and that's it for a KVM.
You'll have to input the disk unlock password on every reboot via the providers VNC.
Ah, this, I though there are a little bit different solution, about LVM I know.
Anyway, thank you for your time spent for me in the answer
I say 10 Hail Marys and 1 Our Father. Has always helped.
Darik's Boot and Nuke!
Memory chips are potted.
Which means even if the board is totally corroded they could possibly be resoldered by Russian hackers to another board and utilized to their full factory glory.
Russia went to the moon using only totally corroded resoldered boards.
Abundance: (source)
Dell-ski: (source)