|
Title: bitcoin server crash.. Post by: fffeee on June 01, 2012, 09:14:58 AM Did anyone experience the same? Bitcoin server crashes for some unknown reason?
Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins.. Is there any help out there? ??? Title: Re: bitcoin server crash.. Post by: davout on June 01, 2012, 02:46:42 PM or even sudo user. And how would you do that mr security expert ? :)Title: Re: bitcoin server crash.. Post by: fffeee on June 01, 2012, 03:19:34 PM Did anyone experience the same? Bitcoin server crashes for some unknown reason? Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins.. Is there any help out there? ??? your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now! There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue.. But I hope it is gone now.. ;) Title: Re: bitcoin server crash.. Post by: fffeee on June 01, 2012, 03:40:01 PM Did anyone experience the same? Bitcoin server crashes for some unknown reason? Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins.. Is there any help out there? ??? your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now! There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue.. But I hope it is gone now.. ;) it was security issue in your code, and these things just don't go away you better start auditing it and making sure that is was the issue you were thinking I already did.. or do you know more about it?!Do you know where to look for? Title: Re: bitcoin server crash.. Post by: fffeee on June 01, 2012, 03:58:09 PM Did anyone experience the same? Bitcoin server crashes for some unknown reason? Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins.. Is there any help out there? ??? your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now! There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue.. But I hope it is gone now.. ;) it was security issue in your code, and these things just don't go away you better start auditing it and making sure that is was the issue you were thinking I already did.. or do you know more about it?!Do you know where to look for? you should have a database on your side that keeps track of the times for every ip that comes on the site, this looks like some kid found out a part of your script that doesn't do what you thought it did, I would suggest you do more testing to make sure, all your links and scripts are being secured from the outside so they can't be runned by any ip but only by other scripts, add tokens to make sure they person is who they are. things like that this database already exists.. I also use 2 analysis tools to get notice of the ip addresses. What exactly do you mean by tokens? Title: Re: bitcoin server crash.. Post by: Bitsky on June 01, 2012, 04:09:18 PM easy, block them from accessing the bitcoind using chmod so only root (who should be the owner) can execute, and in the sudoers file you can block it so it becomes a root only command, I have done this before for clients :) So you're saying that running bitcoind as root is more secure than running it under a less-privileged user?you should have a database on your side that keeps track of the times for every ip that comes on the site, this looks like some kid found out a part of your script that doesn't do what you thought it did, I would suggest you do more testing to make sure, all your links and scripts are being secured from the outside so they can't be runned by any ip but only by other scripts, add tokens to make sure they person is who they are. things like that Links secured from the outside? That doesn't make any sense to me. Scripts and includes which are not meant to be accessible via the browser simply aren't stored in the docroot.All security won't help you if there's a bug in the source, no input validation, or a way to interact with the site that was not considered by the developer. Title: Re: bitcoin server crash.. Post by: Gavin Andresen on June 01, 2012, 06:02:26 PM no run bitcoind under it's own user but you still need to have access to it to send commands those should be done only on root Ummm.... When you run something like: Code: bitcoind getinfo ... bitcoind creates a network connection to localhost:rpcport and talks to the running bitcoind process via the JSON-RPC protocol. So it doesn't matter what user the Code: bitcoind getinfo Title: Re: bitcoin server crash.. Post by: Bitsky on June 01, 2012, 06:43:06 PM True, but it sounds like the scripts were accessed directly instead of thru the site js What scripts are we talking about here anyway?Title: Re: bitcoin server crash.. Post by: fffeee on June 01, 2012, 07:02:23 PM We are talking about the scripts running on fiveminutecoin.com
Title: Re: bitcoin server crash.. Post by: Bitsky on June 01, 2012, 08:40:47 PM We are talking about the scripts running on fiveminutecoin.com Obviously.However, I don't see how it matters to talk about access restrictions to scripts. If a script should not be accessible via browser, it should be outside docroot. If a script is in docroot, the developer has to sanatize any possible input. |