Bitcoin Forum

Subject.

Imagine, that there is web-server and bicoin-server.

What if hacker will get access to web-server and make RPC call to bitcoind server and send coins to his address?

In this case no reason to have separate bitcoin-server for this. Or I missed something.

i dont see a problem with having them on the same machine as long as that server does not control any funds.

any bitcoin server which can be used to send money should be on another network and on a machine which you control physically to avoid attacks from your hoster.

I dont understand you :) In first sentence you say that there is no problem to keep bitcoin server and web server on the same machine,
in the second you say that bitcoin server should be on another network :)

bitcoin server which has an empty wallet -> same server
bitcoin server which has access to money -> another server which YOU host yourself

You shouldn't have your web server rpc call to bitcoind.  Bitcoind should be on a locked down server that only allows outgoing connections to the database so it can ask the database what needs to be sent and allow it connect to a single bitcoind instance you control that is only used to broadcast transactions.  Of course, you should design it in such a way that an attacker would have to spend significant time understanding your built in checks before they are able to fake records without tripping up your automated integrity checks.  If an integrity check does fail, immediately send all funds to a cold wallet and cease operations until a human can check it out. Even with all that, most funds should be kept offline and only made available to the bitcoind server when it's supply runs low.

but how to make automatically payouts ?


good idea. At least attacker will not get direct access to wallet.dat or send RPC call to spend all available coins.

I need my web application to generate keypairs. I could also generate them via PHP, but importing the private key to bitcoind is a pain in the ass (makes bitcoind unresponsible for minutes). :)
My bitcoind server is a laptop running in my basement.

You can solve this problem in the same way - your bitcoin server checks the task "create new keypair" and if it is exists - proceed it.
Your solution is OK too, if you satisfied how it works.

No need, the machine can be encrypted, or even just the wallet encrypted and unlocked when it has to send out funds. And only use https calls to get data so that the host can't find clues in the traffic.

This is bad advice (except the https part).

notme has given you good advice if you want your funds to be safer. I won't repeat what he said, but his advice is sound.  (You should also be concerned about using a VPN, bitcoins have been reportedly stolen from them even with good security, by ISP employees.)

If hacker takes control of your web-server, he can send rpc request to your bitcoin server or prepare data for pick up from 'locked down' server.
The best way - to secure your web server. Use encrypted disks for sensitive data like db, bitcoin configs and wallets. Unmount disks, lock wallet on any unautorized access to the server. Send rpc request from dedicated user, not from www.

At the end of the day, if you know where your single point of failure/entry is, it is that point that you should secure to whatever degree is feasible in your situation. Web servers unfortunately have tons of attack vectors available.