How to wipe a dedicated server before you stop renting it
System administrators may not have physical access to dedicated servers, especially when it comes to hosting websites on the Internet using servers.
These servers are usually hosted by a web hosting company in a secure data center. Most dedicated servers are rented for a certain period of time and then passed on to the next customer.
While some dedicated server hosting companies securely wipe and format the hard drives of servers that are no longer rented by individuals or organizations before they are made available again, some only format them. Reason for this may be time constraints but also missing knowledge that data can be restored if it is not wiped securely from the server drives.
A recent discussion over on the Donation Coder forum touched that subject. A user noticed that he was able to restore data from a dedicated server that was rented by someone else before. This can have some serious implications.
Dedicated servers can hold all kinds of sensible data including user accounts, passwords, business databases, email addresses, personal information, photos, media and documents. Many of these can still be restored if the hard drives are not wiped correctly which obviously can be very problematic not only from a business point of view but also from a private view depending on the kind of data that has been stored on the hard drive of the dedicated server.
There are two possibilities to ensure that no third party will have access to the data stored on the server drives. Option A would be to purchase the hard drive from the web hosting company. Most will not have problems selling hard drives to their customers for a premium. This is actually a good option for most companies as it would mean that they will have physical access to the hard drive that has been in their dedicated server.
The second option is to wipe the hard drive of the dedicated server securely before the contract ends. The possible solutions are limited as the server has to be running to remotely access it. One way to wipe a specific hard drive or partition of a dedicated server is to run the following command:
shred -f -z -v -u /dev/sda
This will wipe /dev/sda, you might need to change that depending on how many drives are installed. The process will take some time obviously. The parameters mean the following:
- -f: force, changes permission levels to allow writing if necessary
- -z: zeroes, will overwrite the entire disk with zeroes in the end
- -v: verbose, display the progress
- -u: remove, truncates and remove file after overwriting