Title: Please stop using rpcallowip=* in your Configuration Examples Post by: dreamwatcher on January 16, 2014, 02:18:00 AM I have been noticing a trend of really bad configuration file examples lately. While most are harmless, one parameter poses a large security risk to the user.
Code: rpcallowip=* 1. rpcallowip is only needed in special situations where one wants to allow the client/daemon to accept RPC connections outside the localhost. Generally solo miners who want to point their rigs to a single daemon on the network. 2. rpcallowip=* tells the client/daemon to accept RPC connections from anybody-anywhere. If the rpcallowip setting is needed, restrict it to a certain IP address or network. For example: Code: rpcallowip=192.168.1.* This will restrict connections to hosts 192.168.1.0 - 192.168.1.255(The typical private subnet used on home networks) Other oddballs: Code: rpcport=<port> or port=<port> Code: daemon=1 or listen=1 A typical user configuration file only needs: Code: server=1 Code: rpcuser=<username> Code: rpcpassword=<password> Other useful parameters: Code: addnode=<IP> Code: txindex=1 Title: Re: Please stop using rpcallowip=* in your Configuration Examples Post by: o24 on January 16, 2014, 05:29:37 AM Thanks for the information
Title: Re: Please stop using rpcallowip=* in your Configuration Examples Post by: markm on January 16, 2014, 05:35:27 AM While you are at it maybe for people who set up exchanges on shared hosting all the ancient GCI-script etc advices saying to use chmod 777 could also be worth warning against...
-MarkM- Title: Re: Please stop using rpcallowip=* in your Configuration Examples Post by: ripplebtc on January 16, 2014, 08:05:55 AM Thank you for your reminding :)
Title: Re: Please stop using rpcallowip=* in your Configuration Examples Post by: coinedge on January 16, 2014, 08:17:15 AM thank you for the info. So we don't even need rpcallowip= <local host>?
With the user name and pass, do you create that yourself and make sure it matches the .conf? Or do we use the shortcut target "-server" method for all coins? Title: Re: Please stop using rpcallowip=* in your Configuration Examples Post by: antontang on January 16, 2014, 08:22:38 AM Your help would be very appreciated
Title: Re: Please stop using rpcallowip=* in your Configuration Examples Post by: markm on January 16, 2014, 10:17:23 AM The loopback address ( 127.0.0.1 aka localhost ) works without needing special mention in the config file or commandline args.
Which of course is yet another reason not to run on a shared machine. -MarkM- Title: Re: Please stop using rpcallowip=* in your Configuration Examples Post by: dreamwatcher on January 17, 2014, 02:38:09 PM While you are at it maybe for people who set up exchanges on shared hosting all the ancient GCI-script etc advices saying to use chmod 777 could also be worth warning against... -MarkM- Yes, I have seen a bit of that also. I would also think those who have set up services would have more knowledge then the average newbie trying to set up a wallet. Especially cringe worthy to me are coin service providers that use phpMyAdmin to manage databases on services that handle users coins. I admit to using it on coin explorers, mostly the server with the CCE3 test explorers, but never on any of my sites that handle other peoples coins (My pools). The command line console for mysql is not that hard to learn and use and MANY times more secure then phpMyAdmin. Call me old fashioned, but I want as few ports and exposure to the Internet as possible when handling other peoples assets. |