Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Can I prevent host from unauthorized access to my OpenVZ container ?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Can I prevent host from unauthorized access to my OpenVZ container ?

loydloyd Member
edited August 2014 in General

Is the host permitted to make unauthorized changes to the container? In real-estate world landlords have very limited "emergency only" access to rented premises, not sure how it works in hosting world.

In summary, I requested host to update time on the hardware node and he installed ntpdate inside my OpenVZ container, which obviously would not work. This host has already erased my container once by mistake and it took me considerable time to configure and restore blank container from backups, so I have doubts of his competency and don't want him root-accessing my container. Can I prevent it? Can I check what he has been doing there?

«1

Comments

  • Nope.

    I mean... you might be able to use cyanogenmod's bash fork to log commands, but that's about it.

    Thanked by 1loyd
  • said: This host has already erased my container once by mistake and it took me considerable time to configure and restore blank container from backups, so I have doubts of his competency and don't want him root-accessing my container. Can I prevent it?

    Move hosts.

  • Installing ntpdate inside your container looks plain stupid and incompetent. I'd change hosts.

  • loydloyd Member
    edited August 2014

    @kcaj said:
    Move hosts.

    Thanks, but it is hard to find Czech/Slovak 1GB container at $30/yr so I put up with the incompetence for now, although it's becoming quite annoying. I have containers hosting two dozen of domains with dozen hosts in half dozen countries and I literally don't have to do anything for months even years after initial setup and occasional update/upgrade.

  • MunMun Member
    edited August 2014

    Get a KVM and encrypt the underlying storage.

    Thanked by 1loyd
  • loyd said: Thanks, but it is hard to find Czech/Slovak 1GB container at $30/yr so I put up with the incompetence for now, although it's becoming quite annoying. I have containers hosting two dozen of domains with dozen hosts in half dozen countries and I literally don't have to do anything for months even years.

    If it sounds to good to be true, then it is probably is. You seem to be highlighting all the problems here yourself.

    Thanked by 1loyd
  • JanevskiJanevski Member
    edited August 2014

    @loyd If that's the case then change host and use KVM or Xen HVM. That's my opinion.

    Thanked by 1loyd
  • loydloyd Member
    edited August 2014

    @kcaj said:
    If it sounds to good to be true, then it is probably is. You seem to be highlighting all the problems here yourself.

    I guess so, thanks all of you guys.

  • MuZoMuZo Member

    @loyd If you don't mind me asking, which provider are you using?

  • Yeah, if you wish to have some privacy for your files and processes its best to use either KVM or Xen Virtualization.

  • wychwych Member

    Get a new host you trust or move to KVM.

  • The thing about OpenVZ is that you can't really block your host's (or anyone with root access to the hypervisor) access to it. There's no way. So unless you absolutely trust your host, you shouldn't use them. I've never been a huge fan of OpenVZ anyway, so I always recommend XEN/KVM VMs vs OpenVZ.

  • You can't really block your host's access in Xen / KVM either, if the host is determined and knowledgeable enough.

  • ExpertVMExpertVM Member, Host Rep

    I believe when he make changes to the NTP, it means the ntp can only be installed and configure in the hostnode.

  • NeoonNeoon Community Contributor, Veteran
    edited August 2014

    Every host can view your filesystem without they need to enter but mostly they enter, there are scripts which send you a email when a root user log himself in it works also for enter. But its only 50% Protection.

    It looks like:

    ALERT - Root Shell Access (your.vps.net) on: Fri Feb 14 16:30:47 EST 2014
    
  • loydloyd Member
    edited August 2014

    This VPS hosts small non-profit website with <300 UV/day. There is nothing to hide, I have no privacy concern about files, my only concern is host's incompetence. Website currently works. I have space in France (~12ms to CZ) and it has available resources but move will take extra work so while my site works I will not disturb it. When something occurs and I need to restore server again, I will restore it elsewhere and will not touch sz one with 10ft pole again.

  • wychwych Member

    @loyd said:
    my only concern is host's incompetence.

    Daily or hourly backups?

  • Legally maybe, depending on what country the provider is registered in and where their servers are.

    Technically you're up shit creek without a paddle.

  • Offer to volunteer to help your host. Then you might be able to fix the things impacting you.

  • @loyd

    What's the name of company, if I may know?

  • NyrNyr Community Contributor, Veteran

    @sz1hosting most likely.

    A shame he's banned already, this could had been fun.

  • loydloyd Member
    edited September 2014

    Yes, it's sz1hosting. I witheld his name before to naively give him benefit of doubt.

    After he announced closing Czech loc, we got to email exchange, he blames me for his failed venture, because I made comment about him deleting my VPS before. Been on his server under 3m, so asked for 50% back to walk away without attempting chargeback, he refused because he believes I am committing fraud against him if I chargeback, what an irony.

    This has been such a waste of time, needlessly restoring and moving server twice among other issues. Of course I moved the server elsewhere. The guy is delusional, he still believes he is providing good service.

  • NeoonNeoon Community Contributor, Veteran

    Just host with a provider you trust in, when you like to get cheap OVZ.

    OVZ is just a wall of paper which separates from the Node and other containers.

    Thanked by 3netomx loyd RLT
  • Move. Your. Files. ASAP.

  • @loyd said:
    Yes, it's sz1hosting. I witheld his name before to naively give him benefit of doubt.

    After he announced closing Czech loc, we got to email exchange, he blames me for his failed venture, because I made comment about him deleting my VPS before. Been on his server under 3m, so asked for 50% back to walk away without attempting chargeback, he refused because he believes I am committing fraud against him if I chargeback, what an irony.

    This has been such a waste of time, needlessly restoring and moving server twice among other issues. Of course I moved the server elsewhere. The guy is delusional, he still believes he is providing good service.

    Delusional doesn't quite cover it.

    Thanked by 3loyd RLT ucxo
  • I get this with GVH all the time, they watch all the porn I store on the vps.

    Thanked by 3ATHK mpkossen orak
  • I can't believe anyone actually bought anything from that guy.

  • I do a dumb thing now and then.

  • @loyd said:
    I do a dumb thing now and then.

    We all do bud, we all do.

    Thanked by 1ucxo
  • AmitzAmitz Member
    edited September 2014

    @loyd said:
    I do a dumb thing now and then.

    @Nekki said:
    We all do bud, we all do.

    Thanked by 2PremiumN RLT
Sign In or Register to comment.