Update 3: Can't Stop, Won't Stop (But Maybe I Should Stop)

Published on 2024-11-16 - by: me
tainer.run: Update 3: Can't Stop, Won't Stop (But Maybe I Should Stop)
This dude is ain't stopping even though he probably should.

My previous update ended with a very important realisation: by far the hardest part of this project is handling security incidents: users that willfully or accidentally expose use their resources for malicious purposes. This is a threat to the sustainability of the project as cloud providers will rightfully shut us down if it happens too often - and that might well mean no more than a single incident.

More importantly it's something I just want no part of. I don't want to be responsible for any hacking attempts. I don't want to be responsible for any illegal activities that might be performed on the platform. I don't want to be responsible for any of the way, way worse things despicable people might do on the platform.

So now what? The options are pretty clear:

  • This project is not feasible. I cannot guarantee I'll find and stop abuse in time to prevent serious consequences in the form of provider shutdown or general nastiness.
  • This project is a lot more work than I anticipated. I'll have to handle abuse fast and effectively. An automated way to detect and stop abuse is a strict requirement. I'll have to use a VPS provider that offers reseller services to hopefully lower the risk of being shut down before I can act.

The fact that I'm even considering the second option is a testament to how much I want this project to succeed. I'm pretty sure I'll fail but I'm not ready to give up. I still really want a service like this to exist and I'm pretty sure I'm going to have to do it myself.

Let's take a look at the steps I've taken so far:

  1. Learn how to provision resources on a cheap cloud provider.
    Done-ish. I've been using Hetzner Cloud but I'll probably switch to OVH as they offer reseller services. I'll use the API as that offers more than enough control for my needs.
  2. Enhance the security of the Debian image.
    Done. I've set up a Debian image with SSH, automatic security updates, Fail2Ban, anticipated a firewall.
  3. New: Automated abuse detection. This will be the focus for now and honestly for the foreseeable future. I'll have to monitor at least network traffic and CPU usage.

So that's where I'm at. The next update will be about the abuse detection system(s).