Bitcoin Forum

The question is in the subject. If I am running a Bitcoin website, how do I ensure that the webhost doesn't steal bitcoins on the server or replace an address displayed on my website with their own? I know I can encrypt the wallet, but that would prevent the server from automatically paying out. Multisig helps (since the buyer or seller need to agree with what is happening to the money) but the multisig information can still be replaced with that of the webhost.

What is the solution? Do websites like localbitcoins.com do something special?

There is nothing you can do other than trust your web hosting provider. Even localbitcoins have been hacked due to a flaw in the security of their web host.

Any website that is used to deal with large amounts of value should be run from a computer which the website owner has full control over or is controlled by a trusted hosting company with a good knowledge of best security practises.

Don't use a webhost.  Use colocated hardware you own and control.

Agreed, shared hosting is almost never a good idea. Maybe purchase a PI for hosting or a Dedi?

maybe you can keep just the private keys on another (more secure) server
and use an API to get signed transactions back from that server.

keep your coins in a well secured qt wallet

Consider your coins on the server as lost. So make sure it's never an amount you cannot afford to pay back. Cold wallets and limited hot wallet (therefor sometimes slower withdrawals) > all coins gone.

But it would be great if there are some guides of how to protect your coins for a website. Like a decent website like localbitcoins doesn't directly have any coins on their "website server". Are there some articles about different infrastructures like that? Also for different sizes of websites, for example if you cannot afford multiple co-located servers, what would be the way (at least cold wallet obv.) Would help webdevelopers a lot that are just starting with bitcoin.

Localbitcoins also said they also have all the data encrypted. So if the attacker has root access he still needs a lot of time to get something useful (and by that time, access to their "bitcoin server" can be blocked already.) Anyone know what implementation they would use for that?

If you are dealing with large amounts of BTC.. consider keeping a "hot wallet" on the web server with enough to service withdraw requests.. and moving the majority to a "cold wallet" on an offline computer that cannot be attacked by hackers. :)

If you just want to receive money then you can minimize your risk to "what if the host changes my addresses." Meaning you don't have to store bitcoins on the server. You can just generate addresses off a master public key or extended public key of a deterministic wallet.

Edit: Oh and you can setup a watchdog script on a second server hosted by another company. This script will periodically check your site to make sure that the addresses generated are ones you own.