11

I have a Godaddy dedicated server that I would like to cancel. Before I do that I'd like to do a clean format on the server to make sure that the next person who gets the server isn't able to undelete anything (I don't know how thorough Godaddy is when it comes to reformatting before giving the disk to someone else.)

I of course don't have physical access to the machine, so whatever I do I'd have to do via ssh. I'm not really sure what I can actually do.

Gilles 'SO- stop being evil'
  • 807,993
  • 194
  • 1,674
  • 2,175
HappyEngineer
  • 293
  • 3
  • 7
  • 1
    You have a web-console where you can recreate a basic OS, right? If you have it, do it that way, that will erase all information an create a clean and basic OS – Luciano Facchinelli Jun 12 '11 at 01:24
  • There is a couple of similar questions on ServerFault: http://serverfault.com/questions/159401/securely-wipe-a-headless-remote-linux-server http://serverfault.com/questions/122838/sensitive-data-deletion-remote – Anton Strogonoff Jun 12 '11 at 14:59

5 Answers5

11

The simplest way to do this would be to overwrite the entire drive with zeros.

 dd if=/dev/zero of=/dev/sdX bs=1M

Just know that once you execute that, there's no going back. As soon as the command finishes, and you get back to a shell prompt, nothing will work and the box will be extremely unhappy.
It might also be safer to background that operation by doing

dd if=/dev/zero of=/dev/sdX bs=1M &

That way if you lose your connection or something, the job doesn't die half way through wiping the drive.

Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
phemmer
  • 70,657
  • 19
  • 188
  • 223
  • 1
    I assume shred would have been more secure, but when I tried it complained about Input/output errors and invalid arguments. So I just did this. It's good enough for what I needed. Thanks! – HappyEngineer Jun 12 '11 at 22:32
2

What part of your site is sensitive?

If it's just the data in the files, then overwriting the file with data from /dev/zero or /dev/random using a built-in tool such as dd should do fine, assuming the filesystem doesn't allocate new storage when overwriting a file.

If the directory structure itself is sensitive (filenames, for example), then you'll need a more thorough solution. I'm at a loss here, but you'd probably need to (post-overwrite) delete all the files in each directory, then create a bunch of files in the same directory using touch and deleting them before deleting the parent directory, using a depth-first algorithm. I know something can be made using find and such, but I don't know of a ready-to-go tool that does this.

In your case, shredding the files (overwriting the file repeatedly with random data) is overkill because nobody's going to try to recover your data by taking the physical drive apart and trying to grab track-edge data. I'm not sure that recovery technique even works anymore with modern high-density drives; overwriting data with zeroes may be more than sufficient.

Mike DeSimone
  • 121
  • 3
1

what about using shred command. I think this can solve your purpose.

http://www.linfo.org/shred.html

Abhishek
  • 85
  • 7
0

I've done it several times with dd if=/dev/urandom of=/dev/sda

rvs
  • 1,633
  • 13
  • 13
-3

You could try writing a script that shreds recursively through the directories you stored the sensitive data in.

Andrew Lambert
  • 2,358
  • 1
  • 16
  • 17
  • Shredding through a directory makes no sense. Shredding means wiping the unallocated space on a filesystem, which by definition isn't associated with any directory. – Gilles 'SO- stop being evil' Jun 12 '11 at 11:13
  • @Gilles: You're thinking of sanitizing. Shredding is overwriting a file's storage with random data *before* releasing the file's storage back to the filesystem. – Mike DeSimone Jun 12 '11 at 14:18
  • @Mike: I've never heard “sanitizing” in that sense (AFAIK it's only used to mean removing sensitive information while retaining non-sensitive information). Shredding a file is technically meaningful but not very useful (what about reallocated blocks, deleted files, partial blocks?). Regardless of what it's called, that's not what the asker is after. – Gilles 'SO- stop being evil' Jun 12 '11 at 15:07