Archive security

General project discussion.
Use this as a last resort if your topic does not fit in any of the other boards but it still on-topic.
Forum rules
This General Discussion board is meant for topics that are still relevant to Pale Moon, web browsers, browser tech, UXP applications, and related, but don't have a more fitting board available.

Please stick to the relevance of this forum here, which focuses on everything around the Pale Moon project and its user community. "Random" subjects don't belong here, and should be posted in the Off-Topic board.
John connor

Archive security

Unread post by John connor » 2019-07-11, 12:08

Reading this, I wonder if it would be prudent to offload all archive versions to Amazon S3? I use it my self for attachments on my phpBB board and it's pennies a month depending on file capacity and bandwidth used. AWS is scalable and this may in fact be a lot more secure.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35377
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Archive security

Unread post by Moonchild » 2019-07-11, 12:25

AWS is very expensive in comparison, and any volume-based service is a no-go because it will immediately open us up to another type of hostile action: botnet downloads. On a volume-charged service this kind of attack will rack up a huge bill and directly cost us and undermine the project's existence. It's not a risk I'm taking.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
therube
Board Warrior
Board Warrior
Posts: 1640
Joined: 2018-06-08, 17:02

Re: Archive security

Unread post by therube » 2019-07-11, 12:41

Amazon S3?
And what, Amazon S3 is immune from attacks?
I use it my self for attachments on my phpBB board
And your attachments, you review them regularly to confirm that they have not been tampered with?
You have a process in place to do this?
(But then knowing that S3 is immune, why should you have to...)

John connor

Re: Archive security

Unread post by John connor » 2019-07-11, 15:20

You can deploy AWS Budgets and AWS Trusted Advisor and there's one more for security which I can't remember. You can even set it up where users have to pay for downloads if you wanted. Be a PITA but it's an option. And I do believe AWS S3 by default has some security already with it. Believe me, I already thought about a layer 7 DDoS attack with my S3 files and have put in place mitigations to prevent that from happening. Also set a budget and if it goes over that amount I get an email.

Many websites segregate there JS, media, etc with cloudfront. If a layer 7 DDoS was such a problem no one would use it. And cloudfront is very easy to deploy in WordPress.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35377
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Archive security

Unread post by Moonchild » 2019-07-11, 15:35

Dude. stop.

I've got things handled, and I won't be pouring money into it either. This is not a mission-critical server, it's at most for convenience.
Suggesting I use Wordpress...? :silent: Best not.

All those things you suggest come with a price tag. A price tag I'm not willing to dish out for calamity-mitigation on something that is not critical. I don't see a reason to purchase these services from our small budget for something we could just as well not have without any impact on Pale Moon usage.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

John connor

Re: Archive security

Unread post by John connor » 2019-07-12, 14:00

I didn't say use WordPress, I mentioned it as an example how people use cloudfront. Try reading my post again. And like I said, AWS is scalable is is pennies to a few bucks depending on storage and bandwidth. I know because I use it myself. It most likely would be more secure than rolling your own VPS and having to button all that down.

But this is your show, so I can only recommend something. Many, MANY sites use AWS for a reason. Perhaps you should just investigate the costs with their calculator and consider the options.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35377
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Archive security

Unread post by Moonchild » 2019-07-12, 15:29

Second time: stop hammering on it. I won't ask again. I'm not using AWS because it's a financial risk with bandwidth abuse, even aside from the fact that the base cost is considerably higher. And as pointed out, AWS is not Fort Knox either or immune to attack.
Considering S3, every browser version release's bandwidth (~6 TB for the normal download spike from AUS @ $0.023/GB) would cost me around $150 a pop for -normal- bandwidth for that spike; that's already more than I ever plan to pay for a release unless we somehow get Mozilla-level funding ;P. If that is 1000-folded because of botnet bandwidth abuse, then we're looking at a bill of $150,000 -- I don't have that kind of money, do you? :D
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked