Bitcoin Forum
June 22, 2024, 07:08:11 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: « 1 [2]  All
  Print  
Author Topic: BitVPS sucks.  (Read 2981 times)
giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1105


WalletScrutiny.com


View Profile WWW
February 27, 2014, 08:22:22 AM
 #21

Ok, so they got the server back online with a loopback device. Hooray. Unfortunately rebooting doesn't work again.
As I really don't want to run some shady java app on my pc where I have bitcoins, especially when the shady java app comes from a shady bitcoin-aware hoster, I set up a virtual machine to use the management console.
If, after logging in successfully, I try to do the most basic stuff, namely an "ls", it disconnects. I made up something even more basic: "# hi" which "works" but "ls" kills it again. And again.

Fuck how do they have even one client?Huh

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
joesmoe2012
Hero Member
*****
Offline Offline

Activity: 882
Merit: 501


Ching-Chang;Ding-Dong


View Profile WWW
February 27, 2014, 08:25:36 AM
 #22

Give digitalocean a try, i've been happy with them for a while now.

Check out BitcoinATMTalk - https://bitcoinatmtalk.com
giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1105


WalletScrutiny.com


View Profile WWW
February 27, 2014, 09:23:07 AM
 #23

Give digitalocean a try, i've been happy with them for a while now.

I assume you are talking about this. Yeah, looks neat. Is the management console some java app or can I log in using a normal ssh in recovery mode? … doh. They don't accept bitcoin Sad

Oh, they look really promising! Asked them to accept bitcoin Smiley Thanx for the pointer.

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1105


WalletScrutiny.com


View Profile WWW
February 27, 2014, 05:48:48 PM
 #24

Thanks to joesmoe2012, I am a customer at digitalocean now. I asked them if they would take bitcoins and when they said they wouldn't and after I learned about how big they are, BITVPS got back to me after this most recent 15h down time.
James sincerely apologized for the trouble this one machine has and offered to give me back my money and provide a new server for a full year free of charge.
I honestly don't think they use this java console to steal my bitcoins but they could (if I wouldn't care to sandbox it) and that is not ok, so for now I appreciate the compensation but still can't suggest to the general public to give them a try.

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
grifferz
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile
February 27, 2014, 09:19:38 PM
 #25

If you put an unencrypted bitcoin wallet on a VPS you are begging for an employee or exploit of the hosting company to fleece you. Learn from Linode.
rmines
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
February 27, 2014, 09:23:23 PM
 #26

This might be offtopic here, but what happened with Linode?

♔ PrimeDice : The Premier Bitcoin Gambling Experience @PrimeDice
Spare some change? 1LkqfvQTLAEiiCwTqkPRcvUdEmkCR11QDE
SlidingHorn
Full Member
***
Offline Offline

Activity: 196
Merit: 100

★Bitvest.io★ Play Plinko or Invest!


View Profile
February 27, 2014, 09:29:10 PM
 #27

This might be offtopic here, but what happened with Linode?

Nothing...they're around, alive & well.  No plans to accept bitcoin, however Sad

rmines
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
February 27, 2014, 09:31:15 PM
 #28

Let me ask the question another way, what did grifferz mean with "learn from Linode."?
Have they made a public statement against accepting bitcoin for their services?

♔ PrimeDice : The Premier Bitcoin Gambling Experience @PrimeDice
Spare some change? 1LkqfvQTLAEiiCwTqkPRcvUdEmkCR11QDE
grifferz
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile
February 27, 2014, 09:32:56 PM
 #29

Their control panel was cracked allowing attacker to go through the list of customer servers, looking for ones that might have a bitcoin wallet on them, reboot them in single user mode, alter root password, boot them again, go in as root, find unencrypted wallets, send coins to selves.

http://arstechnica.com/business/2012/03/bitcoins-worth-228000-stolen-from-customers-of-hacked-webhost/

Do not put unencrypted wallets in places where other people can access them.

It's trivial for a VPS provider to look at unencrypted block devices, which means it's trivial for anyone who hacks the VPS provider to do the same. Scanning for things that look like bitcoin wallets is a quick and effective way to find valuable things.
SlidingHorn
Full Member
***
Offline Offline

Activity: 196
Merit: 100

★Bitvest.io★ Play Plinko or Invest!


View Profile
February 27, 2014, 10:31:48 PM
 #30

Let me ask the question another way, what did grifferz mean with "learn from Linode."?
Have they made a public statement against accepting bitcoin for their services?

lol sorry, had completely missed his comment.

Their control panel was cracked allowing attacker to go through the list of customer servers, looking for ones that might have a bitcoin wallet on them, reboot them in single user mode, alter root password, boot them again, go in as root, find unencrypted wallets, send coins to selves.

http://arstechnica.com/business/2012/03/bitcoins-worth-228000-stolen-from-customers-of-hacked-webhost/

Do not put unencrypted wallets in places where other people can access them.

It's trivial for a VPS provider to look at unencrypted block devices, which means it's trivial for anyone who hacks the VPS provider to do the same. Scanning for things that look like bitcoin wallets is a quick and effective way to find valuable things.

And thank you for clarifying Smiley

giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1105


WalletScrutiny.com


View Profile WWW
February 27, 2014, 10:44:26 PM
 #31

If you put an unencrypted bitcoin wallet on a VPS you are begging for an employee or exploit of the hosting company to fleece you. Learn from Linode.

I'm not worried about my unencrypted wallets on their server. I'm worried about my encrypted wallets on my client. With this Java applet to access the management console they have read access to the file system the browser runs on and that is why I made sure to let that be a virtual machine.

(I'm not sure how security models changed but like 15 years ago I made a java applet and was *shocked* that all it took was a self-signed applet to access the full disk of whoever used my applet. Flash asks for permissions. Java apparently not. How can that be?)

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
joesmoe2012
Hero Member
*****
Offline Offline

Activity: 882
Merit: 501


Ching-Chang;Ding-Dong


View Profile WWW
March 10, 2014, 05:48:31 AM
 #32

If you put an unencrypted bitcoin wallet on a VPS you are begging for an employee or exploit of the hosting company to fleece you. Learn from Linode.

I'm not worried about my unencrypted wallets on their server. I'm worried about my encrypted wallets on my client. With this Java applet to access the management console they have read access to the file system the browser runs on and that is why I made sure to let that be a virtual machine.

(I'm not sure how security models changed but like 15 years ago I made a java applet and was *shocked* that all it took was a self-signed applet to access the full disk of whoever used my applet. Flash asks for permissions. Java apparently not. How can that be?)

I don't use their java ssh console to access my machine. With DO here's the steps i take

1) login to their website (with ssl of course)
2) create virtual machine
3) Password and IP is emailed to me, i then login with SSH
4) update your OS, enable firewall, change ssh port, disable password logins, and then do whatever it is you need to do.

As others mention, any VPS or shared hosting environment is no good from a security standpoint.

I just use OSX's built in terminal to ssh to my VPS's though, I don't -ever- use their java ssh console.

Check out BitcoinATMTalk - https://bitcoinatmtalk.com
giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1105


WalletScrutiny.com


View Profile WWW
March 11, 2014, 08:30:13 AM
 #33

If you put an unencrypted bitcoin wallet on a VPS you are begging for an employee or exploit of the hosting company to fleece you. Learn from Linode.

I'm not worried about my unencrypted wallets on their server. I'm worried about my encrypted wallets on my client. With this Java applet to access the management console they have read access to the file system the browser runs on and that is why I made sure to let that be a virtual machine.

(I'm not sure how security models changed but like 15 years ago I made a java applet and was *shocked* that all it took was a self-signed applet to access the full disk of whoever used my applet. Flash asks for permissions. Java apparently not. How can that be?)

I don't use their java ssh console to access my machine. With DO here's the steps i take

1) login to their website (with ssl of course)
2) create virtual machine
3) Password and IP is emailed to me, i then login with SSH
4) update your OS, enable firewall, change ssh port, disable password logins, and then do whatever it is you need to do.

As others mention, any VPS or shared hosting environment is no good from a security standpoint.

I just use OSX's built in terminal to ssh to my VPS's though, I don't -ever- use their java ssh console.

This only works as long as the machine boots and starts sshd but what if not? This "what if not" happened 4 times in the first week I was with them. On my other servers I go to the web console and click on recovery boot and can ssh into the recovery console but with them this is only possible with a java applet.

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
moriartybitcoin
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500

★777Coin.com★ Fun BTC Casino!


View Profile
November 26, 2014, 11:10:30 PM
 #34

BitVPS is the WORST HOSTING COMPANY ON THE PLANET.

Downtime, lack of response, piss-poor connectivity.

Their servers go down randomly and they could care less.

vm1990
Legendary
*
Offline Offline

Activity: 1540
Merit: 1002



View Profile
November 27, 2014, 01:32:36 PM
 #35

BitVPS is the WORST HOSTING COMPANY ON THE PLANET.

Downtime, lack of response, piss-poor connectivity.

Their servers go down randomly and they could care less.

thats why people should pick me Cheesy

Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!