Page 1 of 1

Archive security

Posted: 2019-07-11, 12:08
by John connor
Reading this, I wonder if it would be prudent to offload all archive versions to Amazon S3? I use it my self for attachments on my phpBB board and it's pennies a month depending on file capacity and bandwidth used. AWS is scalable and this may in fact be a lot more secure.

Re: Archive security

Posted: 2019-07-11, 12:25
by Moonchild
AWS is very expensive in comparison, and any volume-based service is a no-go because it will immediately open us up to another type of hostile action: botnet downloads. On a volume-charged service this kind of attack will rack up a huge bill and directly cost us and undermine the project's existence. It's not a risk I'm taking.

Re: Archive security

Posted: 2019-07-11, 12:41
by therube
Amazon S3?
And what, Amazon S3 is immune from attacks?
I use it my self for attachments on my phpBB board
And your attachments, you review them regularly to confirm that they have not been tampered with?
You have a process in place to do this?
(But then knowing that S3 is immune, why should you have to...)

Re: Archive security

Posted: 2019-07-11, 15:20
by John connor
You can deploy AWS Budgets and AWS Trusted Advisor and there's one more for security which I can't remember. You can even set it up where users have to pay for downloads if you wanted. Be a PITA but it's an option. And I do believe AWS S3 by default has some security already with it. Believe me, I already thought about a layer 7 DDoS attack with my S3 files and have put in place mitigations to prevent that from happening. Also set a budget and if it goes over that amount I get an email.

Many websites segregate there JS, media, etc with cloudfront. If a layer 7 DDoS was such a problem no one would use it. And cloudfront is very easy to deploy in WordPress.

Re: Archive security

Posted: 2019-07-11, 15:35
by Moonchild
Dude. stop.

I've got things handled, and I won't be pouring money into it either. This is not a mission-critical server, it's at most for convenience.
Suggesting I use Wordpress...? :silent: Best not.

All those things you suggest come with a price tag. A price tag I'm not willing to dish out for calamity-mitigation on something that is not critical. I don't see a reason to purchase these services from our small budget for something we could just as well not have without any impact on Pale Moon usage.

Re: Archive security

Posted: 2019-07-12, 14:00
by John connor
I didn't say use WordPress, I mentioned it as an example how people use cloudfront. Try reading my post again. And like I said, AWS is scalable is is pennies to a few bucks depending on storage and bandwidth. I know because I use it myself. It most likely would be more secure than rolling your own VPS and having to button all that down.

But this is your show, so I can only recommend something. Many, MANY sites use AWS for a reason. Perhaps you should just investigate the costs with their calculator and consider the options.

Re: Archive security

Posted: 2019-07-12, 15:29
by Moonchild
Second time: stop hammering on it. I won't ask again. I'm not using AWS because it's a financial risk with bandwidth abuse, even aside from the fact that the base cost is considerably higher. And as pointed out, AWS is not Fort Knox either or immune to attack.
Considering S3, every browser version release's bandwidth (~6 TB for the normal download spike from AUS @ $0.023/GB) would cost me around $150 a pop for -normal- bandwidth for that spike; that's already more than I ever plan to pay for a release unless we somehow get Mozilla-level funding ;P. If that is 1000-folded because of botnet bandwidth abuse, then we're looking at a bill of $150,000 -- I don't have that kind of money, do you? :D