NexusFi: Find Your Edge


Home Menu

 





VPS Recommendations


Discussion in Trading Reviews and Vendors

Updated
      Top Posters
    1. looks_one sam028 with 6 posts (16 thanks)
    2. looks_two Big Mike with 4 posts (11 thanks)
    3. looks_3 Jura with 3 posts (0 thanks)
    4. looks_4 RM99 with 3 posts (0 thanks)
      Best Posters
    1. looks_one artemiso with 3 thanks per post
    2. looks_two Big Mike with 2.8 thanks per post
    3. looks_3 sam028 with 2.7 thanks per post
    4. looks_4 Rajiv with 1.5 thanks per post
    1. trending_up 23,425 views
    2. thumb_up 40 thanks given
    3. group 19 followers
    1. forum 34 posts
    2. attach_file 0 attachments




 
Search this Thread

VPS Recommendations

  #21 (permalink)
 Rajiv 
HK, Hong Kong
 
Experience: Advanced
Platform: Multicharts
Trading: ES, CL, FX, Bonds
Posts: 4 since Jun 2012
Thanks Given: 1
Thanks Received: 1


Big Mike View Post
That is not really accurate. The site owner (ie: sam028) will provide you with an initial password to your box. It is a password for the Administrator account in Windows.

You then login to Windows, and change the password to something only you know. You can also then check the Users/Groups on the box to confirm there are no additional accounts. You can also check Services and Firewall to confirm there are no back doors. All of this goes hand in hand with using a reputable vendor.

Sam028 would not have access to your system. Technically speaking, if someone had physical access to the server at the datacenter, then there are brute force / password recovery tools to break in without the Windows administrator password. In that case, you could use an Encrypted File System - but if you are this paranoid, then you have a major problem no matter what you do really.

Short answer, sam028 does not have access to any of your stuff or files unless you don't change the password (which would be stupid on your part), or unless you specifically give him the new administrator password (ie: you need his assistance with something).

Mike

Thanks Mike - I won't worry about bruteforce physical access thing. If you are correct that once I change the admin password and make sure there are no more accounts on the box, then Sam028 has no access. Then it is great and it addresses my concern. It will be great if Sam028 can confirm this (Sam if you are reading this).

Let me point to another thread outside of futures.io (formerly BMT) (hopefully it is ok) that has caused me to wonder on this aspect of the security. The writer below runs a VPS firm. He clearly suggests that staff at the firm have a "support" password. He explains in detail about the processes that they typically have at VPS firm to ensure some staff doesn't steal IP from the virtual machine. However, he nowhere mentions that something as simple as just changing the admin password will render it impossible for VPS company staff to access the VM. So, it appears from reading his comments, that even after changing admin passwords to your VPS, admins retain access to it through some support password. If my understanding is wrong on this aspect, I will be happier.


Quoting 
Security issues when using a VPS to trade? - MQL4 forum
BarrySDCA 2012.05.31 06:52
I can't speak for all hosting companies but...

Not likely to go unnoticed. When employees access servers it is in response to either a support ticket or abuse. There is no one magic password to login to every subscriber's server. Everyone is different. And so the tech would need to access the subscribers account record (usually subsequent to a support ticket) to obtain the support password and from there enter the VM. It's all logged – and reviewed with other security related reports - and any abnormality would easily stick out like a sore thumb. The support password is unique to each VM and changes randomly.

All our employees go through thorough background checks – even the coders that never actually login to a subscriber's server. There are even measures in place to prevent say a kidnapping and subsequent data breach.

This kind of stuff is very serious here.


Reply With Quote

Can you help answer these questions
from other members on NexusFi?
Are there any eval firms that allow you to sink to your …
Traders Hideout
Exit Strategy
NinjaTrader
My NT8 Volume Profile Split by Asian/Euro/Open
NinjaTrader
New Micros: Ultra 10-Year & Ultra T-Bond -- Live Now
Treasury Notes and Bonds
Deepmoney LLM
Elite Quantitative GenAI/LLM
 
Best Threads (Most Thanked)
in the last 7 days on NexusFi
Get funded firms 2023/2024 - Any recommendations or word …
61 thanks
Funded Trader platforms
39 thanks
NexusFi site changelog and issues/problem reporting
26 thanks
GFIs1 1 DAX trade per day journal
18 thanks
The Program
18 thanks
  #22 (permalink)
 
Big Mike's Avatar
 Big Mike 
Manta, Ecuador
Site Administrator
Developer
Swing Trader
 
Experience: Advanced
Platform: Custom solution
Broker: IBKR
Trading: Stocks & Futures
Frequency: Every few days
Duration: Weeks
Posts: 50,396 since Jun 2009
Thanks Given: 33,172
Thanks Received: 101,536


Rajiv View Post
Let me point to another thread outside of futures.io (formerly BMT) (hopefully it is ok) that has caused me to wonder on this aspect of the security. The writer below runs a VPS firm. He clearly suggests that staff at the firm have a "support" password. He explains in detail about the processes that they typically have at VPS firm to ensure some staff doesn't steal IP from the virtual machine. However, he nowhere mentions that something as simple as just changing the admin password will render it impossible for VPS company staff to access the VM. So, it appears from reading his comments, that even after changing admin passwords to your VPS, admins retain access to it through some support password. If my understanding is wrong on this aspect, I will be happier.

That is just that company insisting on having a backdoor. I wouldn't use such a company. No one has access to my boxes but me, and I am sure @sam028 is the same way.

Mike

We're here to help: just ask the community or contact our Help Desk

Quick Links: Change your Username or Register as a Vendor
Searching for trading reviews? Review this list
Lifetime Elite Membership: Sign-up for only $149 USD
Exclusive money saving offers from our Site Sponsors: Browse Offers
Report problems with the site: Using the NexusFi changelog thread
Follow me on Twitter Visit my NexusFi Trade Journal Reply With Quote
Thanked by:
  #23 (permalink)
 
sam028's Avatar
 sam028 
Site Moderator
 
Posts: 3,765 since Jun 2009
Thanks Given: 3,825
Thanks Received: 4,629


I can confirm that I'm asking each new user, when he begins its one week trial, to change this password.
I also mention in the introduction email that we are not doing backups of our users VPS, so we can't have access to their data. A small tool is installed on our VPS to block each IP trying to log in more than 3 times with a wrong password.
When a guy is losing its Administrator password (like someone in this forum who decided to change its password after a long party with a lot of alcohol it seems ), we usually re-install a new VPS.
So the support do not have our customers password, and if they want us to take a look at their VPS, they change the password and we check what we have to check. It can be done with the customer seeing what we're doing, but most of the time I do this alone, with their approval. It's also because they know me a bit, enough to trust me.
In my case, I'm also selecting my customers: I have to trust them (no pirated software, IRC servers, game server, torrents download, ... on the VPS, it's made for trading), so they should trust me a bit too.
I won't go into details, but it should be possible to crack a VPS Admin password, when you're admin of the physical server. Not easy and long, but possible.

But let's see what happen, if someone have access to, let's say 200 systems.
What next?
Use all these systems?
Backtest and opimize them one by one?
What are the good parameters/instruments?
Ready to risk real money with someone else ideas, risk tolerance and start capital?
Nobody will do that, unless being really insane.

Just for the story, on of my customer asked some help and advice for his strategy, which was running in simulation on a VPS. After some time we talked a bit, I help him to check his results (which were very good), and to thank me he offered me to use his strategy myself, for my own accounts. I told him that I won't use it, because the contract traded was too big for me, it was not my idea so I'll never 100% trust it, and for few other logical reasons.
If a system thief can think a bit, he'll do the same, that's why I don't think it's so critical to have a strategy/system stolen, if it happens. The real risk is someone connecting on your account, and blow it for fun, or trying to steal the money's account, but with only an access to the machine, it's impossible (if you have to give, like for IB, your birth date, your first pet name, and a ton of personal questions).

BTW, I'm not sure to understand why the other VPS company needs to have an access, but I don't think we have the same kind of users, as it seems to be more Forex/MT4 oriented (small accounts, young guys who wants some fun an emotions losing $0.002 ), and they accept everybody.
I don't think I have a single MT4 customer, but mostly futures/stocks/options traders, and some small hedge funds.

And last word (I didn't expect to be so loooong....), if you're really paranoid with a server, just unplug the power cord and the ethernet cable .


Rajiv View Post
Thanks Mike - I won't worry about bruteforce physical access thing. If you are correct that once I change the admin password and make sure there are no more accounts on the box, then Sam028 has no access. Then it is great and it addresses my concern. It will be great if Sam028 can confirm this (Sam if you are reading this).

Let me point to another thread outside of futures.io (formerly BMT) (hopefully it is ok) that has caused me to wonder on this aspect of the security. The writer below runs a VPS firm. He clearly suggests that staff at the firm have a "support" password. He explains in detail about the processes that they typically have at VPS firm to ensure some staff doesn't steal IP from the virtual machine. However, he nowhere mentions that something as simple as just changing the admin password will render it impossible for VPS company staff to access the VM. So, it appears from reading his comments, that even after changing admin passwords to your VPS, admins retain access to it through some support password. If my understanding is wrong on this aspect, I will be happier.


Success requires no deodorant! (Sun Tzu)
Follow me on Twitter Reply With Quote
  #24 (permalink)
 
Jura's Avatar
 Jura   is a Vendor
 
Posts: 775 since Apr 2010
Thanks Given: 2,352
Thanks Received: 690


sam028 View Post
I can confirm that I'm asking each new user, when he begins its one week trial, to change this password.
I also mention in the introduction email that we are not doing backups of our users VPS, so we can't have access to their data. A small tool is installed on our VPS to block each IP trying to log in more than 3 times with a wrong password.

Thanks Sam for this thoughtful response. I'm not yet in the market for a VPS, but you almost already sold me one.

On a more serious note, would it be possible to limit the VPS log-ins to a certain range of IP Addresses? For example, wouldn't it be safer for your own VPS if you exclude all non-French visitors from accessing the VPS in the first place? Or would this give a false sense of security, since a hacker can than use a French pc to attack you?

Reply With Quote
  #25 (permalink)
 
sam028's Avatar
 sam028 
Site Moderator
 
Posts: 3,765 since Jun 2009
Thanks Given: 3,825
Thanks Received: 4,629


Jura View Post
Thanks Sam for this thoughtful response. I'm not yet in the market for a VPS, but you almost already sold me one.

On a more serious note, would it be possible to limit the VPS log-ins to a certain range of IP Addresses? For example, wouldn't it be safer for your own VPS if you exclude all non-French visitors from accessing the VPS in the first place? Or would this give a false sense of security, since a hacker can than use a French pc to attack you?

You can allow the connection to only some specific IP ranges, so if you have the IP range of a single country, that's is possible (in theory). But these IP geo-location stuff is not 100% reliable.
The best solution is, IMHO, to let your VPS act as VPN server, and then connect to your VPS using your client VPN network interface to log in.
I started to write what's in place to avoid hacking, but finally I won't give too much details for security purposes.

Success requires no deodorant! (Sun Tzu)
Follow me on Twitter Reply With Quote
  #26 (permalink)
 
Big Mike's Avatar
 Big Mike 
Manta, Ecuador
Site Administrator
Developer
Swing Trader
 
Experience: Advanced
Platform: Custom solution
Broker: IBKR
Trading: Stocks & Futures
Frequency: Every few days
Duration: Weeks
Posts: 50,396 since Jun 2009
Thanks Given: 33,172
Thanks Received: 101,536

@artemiso can you create a NinjaTrader script to visually demonstrate the latency between different locations when it comes to market order execution?

Perhaps outputting to excel CSV so data can be plotted?

I would like to run from various servers and share the data

Sent from my Nexus 4

We're here to help: just ask the community or contact our Help Desk

Quick Links: Change your Username or Register as a Vendor
Searching for trading reviews? Review this list
Lifetime Elite Membership: Sign-up for only $149 USD
Exclusive money saving offers from our Site Sponsors: Browse Offers
Report problems with the site: Using the NexusFi changelog thread
Follow me on Twitter Visit my NexusFi Trade Journal Reply With Quote
Thanked by:
  #27 (permalink)
 
Big Mike's Avatar
 Big Mike 
Manta, Ecuador
Site Administrator
Developer
Swing Trader
 
Experience: Advanced
Platform: Custom solution
Broker: IBKR
Trading: Stocks & Futures
Frequency: Every few days
Duration: Weeks
Posts: 50,396 since Jun 2009
Thanks Given: 33,172
Thanks Received: 101,536

@artemiso, you there? (see above post)

Mike

We're here to help: just ask the community or contact our Help Desk

Quick Links: Change your Username or Register as a Vendor
Searching for trading reviews? Review this list
Lifetime Elite Membership: Sign-up for only $149 USD
Exclusive money saving offers from our Site Sponsors: Browse Offers
Report problems with the site: Using the NexusFi changelog thread
Follow me on Twitter Visit my NexusFi Trade Journal Reply With Quote
Thanked by:
  #28 (permalink)
 artemiso 
New York, NY
 
Experience: Beginner
Platform: Vanguard 401k
Broker: Yahoo Finance
Trading: Mutual funds
Posts: 1,152 since Jul 2012
Thanks Given: 784
Thanks Received: 2,685

Hey,

I'm sorry but it would be a project of undertaking beyond my time and means. I think it's better to be honest about this than promise anything and fail to deliver. Thanks for your appreciation.

Reply With Quote
Thanked by:
  #29 (permalink)
 
GaryD's Avatar
 GaryD 
Orlando, Florida
 
Experience: None
Platform: shoes
Trading: happy
Posts: 6,462 since May 2011


sam028 View Post
I can confirm that I'm asking each new user, when he begins its one week trial, to change this password.

Sam, I am having some issues related to loss of information in high data times, the CL EIA report, for example. I have been talking to my ISP about bumping up my service, but already run at 20mbps service and receiving about 16mbps on a test to Chicago or New York from Orlando. Pingtest shows me to be about 70-80 ms.

Would running on a VPS help me get better resuts than I am getting now? I just leaned about it this morning, and your thread here was the first thing I saw that made some sense to me. I saw the "free trial" mentioned and am curious. Thanks.

Reply With Quote
  #30 (permalink)
 
sam028's Avatar
 sam028 
Site Moderator
 
Posts: 3,765 since Jun 2009
Thanks Given: 3,825
Thanks Received: 4,629



GaryD View Post
Sam, I am having some issues related to loss of information in high data times, the CL EIA report, for example. I have been talking to my ISP about bumping up my service, but already run at 20mbps service and receiving about 16mbps on a test to Chicago or New York from Orlando. Pingtest shows me to be about 70-80 ms.

Would running on a VPS help me get better resuts than I am getting now? I just leaned about it this morning, and your thread here was the first thing I saw that made some sense to me. I saw the "free trial" mentioned and am curious. Thanks.

Your problem is maybe not the bandwidth itself, but the latency and the quality of your data feed provider.
16 mb/s is more than enough for market data burst.

Send me a PM if you want to try a VPS, or use the contact page on my (ugly) web site, futures.io (formerly BMT) fellows are always welcome .

Success requires no deodorant! (Sun Tzu)
Follow me on Twitter Reply With Quote




Last Updated on April 17, 2023


© 2024 NexusFi™, s.a., All Rights Reserved.
Av Ricardo J. Alfaro, Century Tower, Panama City, Panama, Ph: +507 833-9432 (Panama and Intl), +1 888-312-3001 (USA and Canada)
All information is for educational use only and is not investment advice. There is a substantial risk of loss in trading commodity futures, stocks, options and foreign exchange products. Past performance is not indicative of future results.
About Us - Contact Us - Site Rules, Acceptable Use, and Terms and Conditions - Privacy Policy - Downloads - Top
no new posts