Bitcoin Forum

Someone made a comment earlier today that tradehill.com is hosted on a shared server, was that guy having a laugh or is that true?  That would be  scary if it is true because you cannot have a secure site when you are hosted on a shared server.

It looks like it's a VPS.

This isn't the same as a shared webhost - it's much closer to a separate machine (except somewhat cheaper).  I presume it's a temporary measure until the income is enough to afford full hosting.

It's pretty secure, unless the hosting company is dishonest.. and I expect we'd hear about that pretty quick.

Shared hosting is when usually 100s of websites are stored within one server, that server being maintained by the website host.
VPS is a server that is split up 2 or more times to create virtual servers, kind of like how VMWARE works to give you a good idea.

Having your own dedicated server doesn't at all mean more security, it can infact mean more security issues because they usually maintain their own server. At least with shared hosting, security of the server isn't your problem, but you also have little control.

VPS is a step up from shared hosting, but really, I am surprised to know that they do not have their own dedicated server.  A dedicated server is only around $100 to $200 USD a month.  

More than one thread mentioned shared hosting.
I questioned it and people replied "Hostgator."
It could very well be true.

Linode  8)

Unless they prove them self or have someone as a security expert, it will be much safer for them to use shared hosting rather than a VPS/dedicated server.

nslookup tradehill.com

46.21.104.237

RIPE WHOIS:

inetnum:         46.21.104.0 - 46.21.105.255
netname:         GLESYS-CUSTOMER-SERVERS
descr:           Customer VPS services located in Falkenberg, Sweden
remarks:         INFRA-AW
country:         SE
admin-c:         GLE-RIPE
tech-c:          GLE-RIPE
status:          ASSIGNED PA
mnt-by:          GLESYS-MNT
mnt-domains:     GLESYS-MNT
source:          RIPE # Filtered

Main website: http://glesys.com/

VPS Details: http://glesys.com/vps.php

Not bad, they probably could migrate to dedicated later.

Why is that?  How is shared hosting safer than VPS or a dedicated server?  I don't know much about these things but I have been told that if you have a shared hosting account your site is more or less only as secure as any other site sharing that server.

That presumes that every other account on that very same box isn't doing anything dishonest.

If you successfully compiled or uploaded a packet sniffer on virtual machine #1, it will sniff packets for every other virtual machine on that box.

You also place an inordinate amount of trust on the jail system of the OS -- making sure that the various virtual machines can't see each other across the harddrive(s) they share.

And lastly, you'd be sharing SQL database access with everyone else on the virtual machine.  That could open up vulnerabilities if permissions are not exactly right.

Each virtual machine is bound to their own IP address so you can't listen to other machines on the same box.  You however could listen to any broadcasts on the local network, or anything else a bare metal server could do.

This goes back to what I just said.

They don't share any hard drives.  In fact each virtual machine has their own install of an OS and they can't mount other volumes from the host machine.


No.  Each machine runs their own services.  Each VM will have a web server, sql, etc or whatever else the operator wants.

This depends on the setup.

I derped a little.  But it is exceptionally hard to get past the hypervisor to access other customers.

Some VPS's are 400 dollars per month and four times as good as a 100 dollar dedicated server. All depends on the quality and service.

I'm pretty sure it's Hostgator or at least something similar. Their site can obviously handle no more traffic than Susie's Geocities page about beanie babies.

It is the same physical card in the same physical machine.  C++ is quite powerful.

C++ my face.

Do they mine with their hosting server?

I don't think you are correct.  They only appear to be separate services.  And the hard drives are typically jailed in such a way as to APPEAR to be multiple instances of the os.  Appearance is NOT reality.

Except you don't have access to the device.  In a VM you have a virtualized device you interact with and the host OS forward packets from the hardware.

Saying a language is powerful is pointless.  Most are touring complete so you can accomplish the same task in any of them.

Definitely, because every web server has five 6990s ready to start mining!

This is kind of like saying, "If they're losing, they've lost."  ;D

I don't need access to the device.  I need access to the memory.  Or are you going to tell me that they have separate memory sticks too?  :P

No OS is 100% secure.  And once you start sharing the machine with other people, your level of control and security lowers.  That's just a fact.

Have you had access to the root account on a VPM?  The view is quite a bit different.

Um, Geocities was once the biggest hosting provider on this planet. They had plenty of resources.

Also, no shared hosting services offers bitcoind, which is quite essential for operating a BTC exchange. I deem this rumor silly.

Go ahead and write to the memory, you wont be able to address it so it is pointless.  Just because you can compile a program on a machine doesn't mean you can access a device without root access.

So you're telling me that I can't intentionally write beyond my own memory pointers in C++ on a VPM?  Nonsense.

The physical machine is shared.  It is only a PROGRAM on the OS that makes it appear to be separate machines to the various users.  The root user sees the whole REAL directory structure.  So the barrier between accounts is only as solid as the program controlling the access.  Show me an OS that is without bugs...

I ran a webhosting company for a number of years, using Ensim at the time.  Another problem that is inherent to shared machines is the tendency of the OS to remain outdated well beyond what you'd settle for if you were the only person on the machine.  In other words, providers don't generally do a great job of keeping the OS as up to date as they should.  The techs in those centers have an install disk that simply doesn't get updated as fast as updates are available.

You can't even do that on most modern OSs.  Write a program and try to write outside of the programs bounds and see what happens.

Dedicated server is old school, nowadays you want VPS or cluster, both allowing instant scaling, not the dedicated crap.

That's odd.  I was under the impression that many exploits use this very method, as well as stack overflows.

Anyhow, I am not going to debate this further.  Today's modern OSes might be as impossible to crack as the Nazi Enigma code...  Hmmm...

inetnum: 46.21.104.0 - 46.21.105.255
netname: GLESYS-CUSTOMER-SERVERS
descr: Customer VPS services located in Falkenberg, Sweden

Domain Name: 46-21-104-237-static.serverhotell.net
Location: Falkenberg, Sweden Country Flag

Don't even say that name. They are so bad just so bad.  :'( :'( :'( :'(

Your problem is you're "under the impression" but you don't really understand the workings of things you're trying to argue about.


There are bugs in virtualization layers, but it's not simply a case of fire up C++ and write to some arbitrary location and boom you have baremetal access to the entire box.

If the file permissions (and DB's) are set up accurately, then security can be as good as other options.
With shared hosting you can never have a busy site, that is a huge issue.

Even a dedicated machine uses the same physical network interface on the same router. If sharing network hardware were a problem, every system on the Internet would have it. And yes, C++ is very powerful. So what?

There are actually worst hosts like bluehost.  Chances are if they list UNLIMITED bandwidth, disk space, etc they are retardedly overcrowded and will disable your site once it gets hit by more then a small breeze.

Has anyone seen this floating around today, sure hope is false;

--tradehill bitcoin exchange user/hash passes out now

pastebin

That is some guy looking for an idiot to scam.