VPS Xen. How to hide a demon from admins?

A

alexzpua2014-05-02 13:57:50

Debian

alexzpua, 2014-05-02 13:57:50

Good day, dear inhabitants of the toaster. I have had a proxy on one xen vps for a year and a half (exclusively for "white" purposes) and then I received a letter from the TP that supposedly there is forbidden software on my server and it needs to be demolished within 24 hours. Ports on the proxy are not standard. Login/password access.
Question. What kind of software do they have for administration and how do they find it? What is the best way to hide the same proxy from their eyes?
Restrict access to the proxy server itself by IP?
Restrict SSH access by IP?
Rename everything that mentions proxy?
In general, I look forward to your advice. I tried to negotiate with them, but they show me their contract, they say they have such rules and this is where the dialogue ends ...

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

V

Vlad Zhivotnev, 2014-05-04
@alexzpua

In general, it would be better to dump to another hoster =) Which does not suffer from such garbage.
And on the subject - check that the admins do not have access to the machine (there are no extra ssh keys, the password has been changed). Remove proxy behind iptables.
Well, check that you generally have Xen, and not openvz. Outside the Xen virtual machine, the administrator should not see what you have running in it. ssh/network scanning only.
However, this does not negate the fact that the VPS administrator can always turn off your virtual machine and gain access to its files. And for reading - and generally without turning off.

A

aumk, 2014-05-02
@aumk

Are you out of your mind? The admin is human, and humans can't see demons.