May 2, 2011 at 10:59

Protecting an online project from “removal”

    image

    In the light of the next attacks on online resources, I had to think about how to protect a sufficiently loaded and having a small database project from encroachments from the outside. This is not about DDOS - quite a lot has already been written about protection against this type of attack. It's about call guys who can come for the sake of their own or, by the way, very often in our time, someone else's contracted interests, endure everything.

    My personal opinion is solely that the current legislative framework and the appetites of copyright holders have long ceased to meet the spirit of the times and are already a brake on progress, but let this topic be revealed elsewhere, here I would like to describe a theoretical version of placing an online project on the example of a torrent tracker , which can be called conditionally safe enough for its owner.

    A bit of theory - the most applicable torrent tracker architecture is a forum engine, a forum database, an advertiser responsible for working with torrent clients, and a statistics database, you can add image hosting to this. Of course, if the torrent tracker simultaneously serves up to 30-40 thousand distributions and in the region of 500 active users in the peak on the forum, then all this quite coexists on one server, in a fairly standard configuration, but here's a further transition to the big leagues, accompanied by a separation of storage and management all this economy.

    All this economy is hosted and runs on 2-4 (possibly more) servers until a certain point without consequences, until one day the guests came and seized the server (s). Practice shows that this happens quite suddenly and the owner of the resource is not quite ready for this.

    What kind of system can be built to minimize risks and conflicts.


    1. ORGANIZATIONAL COMPONENT.



    We will need two persons - either this is an IP, or this is an LLC, not essential, to describe the scheme itself - this is the choice of who will implement it. To describe the scheme, I will name one person LLC Face, the second LLC Base.

    Both of these persons rent each server separately, the main thing is de jure that these are two completely different legal entities.

    2. TECHNICAL PART.



    We place upstream on the first server (LLC Face) - only the web face of our torrent tracker and forwarding processing requests to the servers of LLC Base. That is, all the work of transmitting traffic to clients rests on this server, DNS records are kept on it, and it is, so to speak, “the first to be issued”. No data is stored on it - all the logs are in / dev / null. The ideal option for such a server would be a server that we download from a USB flash drive, it considered all the configs in RAM and plows scattering requests and answers at cruising speed to the delight of customers. You can use other variations of this technical solution - downloading configs from another remote server and the like (techies will find options for themselves I think without problems), here one principle is important - if the server is turned on in the right place and with the necessary parameters, it does its job and cuts the logs in / dev / null, and if the conditions for inclusion are not met, it does nothing and does not know anything. That is, in fact, as soon as he disconnected from the power supply and moved to the experimental department, he became a dull empty piece of iron.

    On data servers that act as backends, all data processing and storage is performed. They are registered at Base LLC. Here the usual work of the project, no special requirements other than the return of content and data only in the direction we need. This is the core of the project, so to speak, which you need to save and preserve.

    3. RESULT



    Suppose that as a result of any actions of ill-wishers or competitors, problems have arisen of a legal nature for this project. As a result of extreme measures, physical seizure of servers may occur. But what will be removed in this case is only the Faith LLC server, on which there is absolutely nothing. Even the logs. All data remained on the servers of Baza LLC and safely stored and remained at your disposal safe and sound.

    4. CONCLUSIONS



    Of course, this solution is not a panacea, everyone understands that if you want, you can close anything, but firstly it will take a lot of time and information - they searched for Baden Laden for 10 years - they found it anyway. Nevertheless, the competent use of technical solutions can and should be accompanied by competent legal and organizational support, and then your risks will significantly decrease. All of the above applies to any kind of project, the torrent tracker in this article is mentioned only as an example of an information system.

    Note: I intentionally do not mention other aspects of protection in this article - domain registration in Libya, hosting in an underground bunker in Sweden and the like.
    Tags:

    Also popular now: