How to secure server management?

Lamaster2013-10-06 01:27:27

bash

Lamaster, 2013-10-06 01:27:27

The owner of SilkRoad was recently caught.
In this regard, the question arises how to really manage your server?
I have one idea: on the server there is a script that reads a certain twitter account.
In this account, the owner has links to pastebin.
The pastebin contains the code to manage the server.
And you need to access pastebin from different TOR IPs.
It can be just lines of code, or it can be a HEX sequence signed with a public key.
The server verifies the signature and decodes the source, after which it executes the script.
In order for everything not to fall due to script errors, all its work must be checked on a test server.
The script may contain php or shell commands.
I would place the bash git pull commands from the bitbucket server there.
//
Maybe I'm too complicated? What solution would you use?

Answer the question

In order to leave comments, you need to log in

7 answer(s)

m-haritonov, 2013-10-06
@Lamaster

You can still get a job in the government or introduce your agent to them.

Lamaster, 2013-10-06
@Lamaster

Alternatively, you can keep the server in the pantry and connect directly.

kasthack, 2013-10-06
@kasthack

SSH via I2P->I2P Outproxy->Tor->I2P
Free and easy. True, not very fast.

J_o_k_e_R, 2013-10-06
@J_o_k_e_R

Why is this all? What problems do you see with the Client->Private VPN->TOR->Private\PUblic VPN->Server option?
Well, or put an i2p router on the server, raise an i2p tunnel on it to a port with ssh, and then connect to this tunnel through i2p from home. When working via SSH, speed problems are unlikely to occur.
Ah yes. Discover ipv6 at least through 6to4.

Ilya Evseev, 2013-10-07
@IlyaEvseev

I have one idea: on the server there is a script that reads a certain twitter account.
In this account, the owner has links to pastebin.
The pastebin contains the code to manage the server.
And you need to access pastebin from different TOR IPs.

Such cheating creates only three additional steps for law enforcement agencies:
- make the hoster track outgoing requests from the server,
- get all information on the account and visits from Twitter,
- get all information on visits from Pastebin.
With their resources and powers - an unprincipled hitch.
You have already been advised to use TOR and i2p.
Additionally, the following will help to prolong the agony:
- connection with a random poppy address to public hotspots,
- or through a phone and a SIM card purchased without registration,
- from a distribution kit designed for anonymous networking,
- and an inconspicuous appearance (so that on surveillance cameras nearby hotspots were harder to recognize).
This will insure you by 99%. And on the remaining percentage you will be caught.
Alas, these are the rules of the game of cat and mouse.

KEKSOV, 2013-10-07
@KEKSOV

There was a case, I had to manage the server through ... e-mail :) all other channels were closed by security guards. The server had a self-written client program that polled an external smtpd.
smtpd needs to be placed on an external vps server and collect mail from it through a chain of OpenVPN tunnels (the chain should start on a managed server and terminate on smtpd vps), which jumps over several hops, preferably located in different parts of the world, in countries like China, Iran and Pakistan. Mail, of course, must be encrypted and get to our smtpd server through a chain of email forwards, also located in exotic countries. Email forward chains can be built in the most intricate way with loops and dead ends so that there are many false paths.

Lamaster, 2013-10-07
@Lamaster

By the way, if a twitter account is banned, the name of the next account should be sha256(<old_account> + <private_password>)