Bitcoin Forum

I've just noticed a transaction I did not initiate appear in my Fairbrix client.
Can anyone elaborate on this?
Could this be some sort of evil malware (on ubuntu)?
here is a screenshot.
http://ubuntuone.com/4TvNQeG81UI5lU1jp9VJ24

All these coins are based on the same code.
What if BTC is next?

Don't you have a BTC client there too? I hope not, if it was some malware.
And are you sure you don't have RPC enabled? Like with a default user/pass?

I'm feeling bad for you if it is malware, but hell, it was only 60 bitcents they got.
Criminals are getting their hands dirty for nothing these days lol

I don't have a btc client there.
I do however have rpc open with default password.
I never thought that was a problem
I thought at worst people could mine for me!

http://2.bp.blogspot.com/_0xwCEJJys0M/TTYOtuLgGQI/AAAAAAAAAuQ/xdubklQEuQE/s1600/HomerSimpson36.gif

Maybe I'm beinga a bit harsh, after all I don't know if by open you mean accepting connections from any IP, like using a wildcard(*). If that was the case, well, the picture fully applies.

Hmmmm

So you can remotely control the whole client over rpc?
Had i known this i woulda used a better password.

Yes, you can control everything the client does.
You could even use the default password, as long as you wouldn't accept connections from nothing else than localhost or a specific IP address(may be dangerous, not sure how easy it is to spoof an IP)

Well good lesson to learn with FBX i reckon!
I only opened the port so i could have a friend help me mine ages ago

Yes, praise the Lord it wasn't something more valuable. :P

I say you came out ahead.  If it prevents you from losing 10,000 BTC someday you should thank that scammer.

If you don't need RPC then turn it off.
If you do need RPC set a custom password and limit it to the localhost.
If you need RPC access from other machines in the localnet then limit it to locahost and the specific machines.
If you need RPC access from the public internet well maybe you should reconsider (or at least be aware of the significant risk).

The guy with the Simpsons picture is right, that was a very silly thing to do.

BUT.. Who took these coins? Are crooks actively scanning random IPs for alternative crypto-currency clients and trying default passwords? It's possible but it seems like a lot of effort for a very small gain. Someone could have scripted it but they would have gone after bitcoin or something else with real value.

My guess is that this was done by someone who already knew your IP and that you had fairbrix.

Maybe someone in the control of one of the other nodes his client was connected to or someone scrapping the IRC channel where almost all nodes bootstrap their initial connection?
I bet that are a lot of malicious nodes only getting connections to later scan the IP's and see if they can get some BTC. If they're doing it for shitbrix you can be certain they're doing it for Bitcoin and all other alt coins.

Totally possible. I've never liked the way BitCoin uses IRC to bootstrap.

Let this be yet another warning to everybody - Use a good quality password.

http://memegenerator.net/cache/instances/400x/11/11472/11747628.jpg

Good thing is neither do the developers.  My understanding is IRC is going to be removed from future version of the client as it is no longer needed.

How will the client make its first connection then?

Two different methods:

It makes a DNS lookup of bitseed.xf2.org bitseed.bitcoin.org.uk dnsseed.bluematt.me
If it finds no connections it sequentially connects to a hard coded list of "last resort" IP addresses.

Once it finds a single active node it asks for all active nodes that node knows.  It then connects to each of those nodes and asks for all active nodes it knows.  Addresses are saved between sessions so this only applies to the initial boot ("cold boot into network").  It then broadcasts its address to all known nodes ever 24 hours.

IRC is still used but even in the current version is a "downgraded" it considers addresses found via IRC to be lower priority than addresses discovered by other methods.

Personally I think an interim step would be a version which has IRC and an option (enabled/disabled) and a "forget all addresses" option to experiment w/ non-IRC node discovery.

This problem really only affects fairbrix and tenebrix. Lolcust released tenebrix with a default config file that has a default rpcpassword and I didn't change it for fairbrix. There's a reason why bitcoin does not have a default rpc password and forces you to set one the first time you try to use RPC.

All nodes broadcast addresses, it's trivial to collect a list of most connectable nodes on the network. Even with IRC disabled. You can then test each of these for an open JSON-RPC port with the default password. It's possible people are actively doing that.

You can remove the addr.dat file and run with the -noirc and -nodnsseed options to experiment right now.

I fixed the bootstrap-from-hard-coded seed node code a couple of months ago, so use a recent version of bitcoin to see it working properly.

Thanks I will check it out.

lol I used to solomine litecoins with rpcallowip=*
I too thought that the worst that could happen would be for someone else to mine for me(don't think I forwarded the port on my router though) guess I got lucky.

With litecoin, there's no default rpc password. So unless you set the password to something like "password", you are not that vulnerable. Of course, it's still not totally safe to do rpcallowip=*.

Solidcoin has a default rpcpassword too and you have to have one set if you want to mine solo using the built-in miner.

Same here. There should be some kind of warning in the client when the configuration is clearly too open such as rpcallowip=*. I never thought RPC was for anything else than mining... I think I kept it at rpcallowip=127.0.0.1, though.

Maybe http://blockexplorer.sytes.net/block/413976c9a943c084673af2d80e6da36cedd480b3013a415a50d70fad22ebe877 ?

See a fork in NEXT BLOCK section?