Archive security

General project discussion

Moderator: satrow

Forum rules
This General Discussion board is meant for topics that are still relevant to Pale Moon, web browsers, browser tech, and related, but don't have a more fitting board available.

Please stick to the relevance of this forum here, which focuses on everything around the Pale Moon project and its user community. "Random" subjects don't belong here, and should be posted in the Off-Topic board.
User avatar
F22 Simpilot
Fanatic
Fanatic
Posts: 215
Joined: 2019-01-06, 07:59
Location: From RLG fly heading 053 intercept 315 DVV look for the SAM

Archive security

Unread post by F22 Simpilot » 2019-07-11, 12:08

Reading this, I wonder if it would be prudent to offload all archive versions to Amazon S3? I use it my self for attachments on my phpBB board and it's pennies a month depending on file capacity and bandwidth used. AWS is scalable and this may in fact be a lot more secure.
If you're that smart and act like a dork, then you're not that smart after all. :geek:

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 23914
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Archive security

Unread post by Moonchild » 2019-07-11, 12:25

AWS is very expensive in comparison, and any volume-based service is a no-go because it will immediately open us up to another type of hostile action: botnet downloads. On a volume-charged service this kind of attack will rack up a huge bill and directly cost us and undermine the project's existence. It's not a risk I'm taking.
City of Heroes public server: https://www.moonshard.org/ -- Vote for it on cohservers.com

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

User avatar
therube
Board Warrior
Board Warrior
Posts: 1001
Joined: 2018-06-08, 17:02

Re: Archive security

Unread post by therube » 2019-07-11, 12:41

Amazon S3?
And what, Amazon S3 is immune from attacks?
I use it my self for attachments on my phpBB board
And your attachments, you review them regularly to confirm that they have not been tampered with?
You have a process in place to do this?
(But then knowing that S3 is immune, why should you have to...)

User avatar
F22 Simpilot
Fanatic
Fanatic
Posts: 215
Joined: 2019-01-06, 07:59
Location: From RLG fly heading 053 intercept 315 DVV look for the SAM

Re: Archive security

Unread post by F22 Simpilot » 2019-07-11, 15:20

You can deploy AWS Budgets and AWS Trusted Advisor and there's one more for security which I can't remember. You can even set it up where users have to pay for downloads if you wanted. Be a PITA but it's an option. And I do believe AWS S3 by default has some security already with it. Believe me, I already thought about a layer 7 DDoS attack with my S3 files and have put in place mitigations to prevent that from happening. Also set a budget and if it goes over that amount I get an email.

Many websites segregate there JS, media, etc with cloudfront. If a layer 7 DDoS was such a problem no one would use it. And cloudfront is very easy to deploy in WordPress.
If you're that smart and act like a dork, then you're not that smart after all. :geek:

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 23914
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Archive security

Unread post by Moonchild » 2019-07-11, 15:35

Dude. stop.

I've got things handled, and I won't be pouring money into it either. This is not a mission-critical server, it's at most for convenience.
Suggesting I use Wordpress...? :silent: Best not.

All those things you suggest come with a price tag. A price tag I'm not willing to dish out for calamity-mitigation on something that is not critical. I don't see a reason to purchase these services from our small budget for something we could just as well not have without any impact on Pale Moon usage.
City of Heroes public server: https://www.moonshard.org/ -- Vote for it on cohservers.com

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

User avatar
F22 Simpilot
Fanatic
Fanatic
Posts: 215
Joined: 2019-01-06, 07:59
Location: From RLG fly heading 053 intercept 315 DVV look for the SAM

Re: Archive security

Unread post by F22 Simpilot » 2019-07-12, 14:00

I didn't say use WordPress, I mentioned it as an example how people use cloudfront. Try reading my post again. And like I said, AWS is scalable is is pennies to a few bucks depending on storage and bandwidth. I know because I use it myself. It most likely would be more secure than rolling your own VPS and having to button all that down.

But this is your show, so I can only recommend something. Many, MANY sites use AWS for a reason. Perhaps you should just investigate the costs with their calculator and consider the options.
If you're that smart and act like a dork, then you're not that smart after all. :geek:

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 23914
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Archive security

Unread post by Moonchild » 2019-07-12, 15:29

Second time: stop hammering on it. I won't ask again. I'm not using AWS because it's a financial risk with bandwidth abuse, even aside from the fact that the base cost is considerably higher. And as pointed out, AWS is not Fort Knox either or immune to attack.
Considering S3, every browser version release's bandwidth (~6 TB for the normal download spike from AUS @ $0.023/GB) would cost me around $150 a pop for -normal- bandwidth for that spike; that's already more than I ever plan to pay for a release unless we somehow get Mozilla-level funding ;P. If that is 1000-folded because of botnet bandwidth abuse, then we're looking at a bill of $150,000 -- I don't have that kind of money, do you? :D
City of Heroes public server: https://www.moonshard.org/ -- Vote for it on cohservers.com

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

Post Reply