Just out curiosity, did you list it on the Bitcoin All Seeing Eye site? I thought about listing mine there, but decided against it. I found mine on that list even though I didn't sign up. I had mine up there many, many years ago... IIRC, there was no real "verification", so anybody could have added your server to the list... As long as it was online, open and more or less synced to a relatively recent blockheight, it would be added to the list. |
|
|
|
|
I guess it's possible that the number of connections has a cost in terms of memory consumption... Maybe that's something to ask on the dev's github repo, since he has the most intimate knowledge on how electrumX functions?
This being said, a tad bit offtopic, since a couple of weeks, i see increased hacking activity's on a lot of my bitcoin related websites... My main one is behind cloudflare (i'm not a cloudflare fan, but it's just a site with basic info and tips and tricks, nothing sensitive gets sent over, so the tradeoff is getting DDos'ed myself or using cloudflare), but my other one's do get hit pretty regular. No idear if there's a general anti-bitcoin sentiment and people using botnets and hacking skills against several services, or if these 2 things are isolated.
|
|
|
|
It isn't that hard tbh... Here's my config: load_module /usr/lib/nginx/modules/ngx_stream_module.so;
user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/electrum_error.log;
events {
worker_connections 1024;
}
stream {
upstream electrs {
server 127.0.0.1:50001;
}
log_format upstream_time '[$time_local] [$connection] $remote_addr:$remote_port => $server_addr:$server_port bytes in/out $bytes_received/$bytes_sent [$status]';
server {
access_log /var/log/nginx/electrum_access.log upstream_time;
listen 50002 ssl;
proxy_pass electrs;
ssl_certificate /etc/letsencrypt/live/electrum.mocacinno.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/electrum.mocacinno.com/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 4h;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
include blockips.conf;
}
}
Thenin the 3rd line from the bottom (include blockips.conf), there's a reference to my whitelist... Whitelists are pretty easy aswell: allow <i like this ip>;
allow <this one aswell>;
allow <ipv4 or ipv6 should work>;
deny all;
in my setup, i had electrs listening on 127.0.0.1:50001, Nginx was listening on myexternalip:50002, using a letsencrypt x3 certificate, and nginx was reverse proxy'ing to 127.0.0.1:50001 Worked like a charm... The only downside was that i had to maintain the whitelist, manually adding each ip proceeded with "allow", "deny all" has to be at the complete last line of the whitelist. |
|
|
|
Just looked in and one of my nodes is getting hit.
Which is odd, because it would have to have been found at random and was on a non-standard port so I have no idea how they found it.
Never advertised it at all. It is on an IP that is also running one of my lightning nodes so someone might have just walked the ports till they fond something.
Just changed it to a new port, will see if it comes back.
-Dave
If it's just for personal use, and the DDos is really bothering you, you could always do the same setup i did with electrs: let electrumX listen on localhost only, then use nginx as a reverse proxy (let it listen on your external ip and reverse proxy to port 50002 on 127.0.0.1) and use a whitelist for nginx so you can manually whitelist your own ip(s). Not very user-friendly, but it does get the job done... I have the nginx config file laying around somewhere in my backups in case you're interested... |
|
|
|
It isn't the first time a botnet gets used to DDos electrum nodes... Many years ago, i setup an electrs electrum node with nginx as a reverse proxy in front of it using a whitelist... That way i could whitelist bitcointalk members so they could use my node. It was the same situation: most (if not all) public electrum nodes got DDos'ed for several weeks without pause. Maybe it's time to start that project again  |
|
|
|
|
If i'm not mistaking, the issuer of the certificate on that new phising chipmixer clone does require personal information to obtain a certificate... There are only a handfull ca's that are available anonymously, and sectigo isn't one of them...
IF this scammer didn't use stolen credit card info to obtain the certificate, i guess somebody could try to actually go to the police and see if they're willing to follow the trace and catch this scammer?
|
|
|
|
Maybe relevant to this thread, since it specifically is about lastpass, which was the initial topic of discussion: https://www.theverge.com/2021/12/28/22857485/lastpass-compromised-breach-scareSure, it was a scare... but if you didn't trust a thirth party to begin with, there would have been nothing to be scared about  ... if you keep your passwords on your own device (maybe even offline), there is nobody to send you e-mails, try to send you to a phising site, databases to be hacked,... |
|
|
|
Could there be on this disk that there is one Linux install AND one Windows install?
And that for some reason we only see the Linux instance when using and external disk reader. So that the Windows instance is hidden from us.
But that somehow even if its hidden, some files like those Electrum files still show when doing searches on the disk.
So that the Electrum instance and wallet is somehow on the hidden-Windows-part of the disk and I need to figure out how to access that somehow.
Part of this is possible, part of it isn't. A disk can have multiple partions, and it's possible to install linux on one partion an windows on another one (dual boot). However, searching a mounted partition and finding hits on another one that's not mounted is not possible. You can always use fdisk to see if there are more than one partition on your disk, so you can verify if every partition is mounted. If you don't know how to use fdisk, you can try gparted, that should also work. There are other ways of finding disks and partitions, but gparted is a user-friendly gui that makes thing pretty easy. But, the thing is, you see source files on the linux partition, you see desktop shortcuts and images on your linux partition... I guess you tried installing a bitcoin client on your linux partition, even if there's an unmounted windows partition on the disk this doesn't change the fact you clearly experimented with bitcoin while running a linux os. |
|
|
|
Aha I am viewing this on an old Ubuntu instance, I will look for how to see hidden files in Ubuntu.
I have updated the document with one more photo/screenshot of /users/ there is only one user "ha**" and then what comes up when I click on that.
There is no .bitcoin or .electrum but as you say I must figure out how to look for hidden files.
I try to view hidden files in Ubuntu by pressing Ctrl+h
But the weird thing is that when I do that it shows fewer files, not more.
So I think somehow the default, where I have posted the screenshot IS to view "all". And that when I press ctrl+h then is removes some files from view.
I do see hidden files in your new screenshot... So if there's no .bitcoin or .electrum folder, odds are there isn't one to begin with. Is it possible you used root (eventough, within ubuntu it's hard to switch to root)? In that case, you can also check /root/ for .bitcoin or .electrum folders. BTW, just fyi, it's your gui file manager that's hiding those hidden folders (not your os), so you'll probably have to figure out which file manager it is (i seldomly use the graphical shell, so i cannot recognize it from the screenshot) and then find a walktrough on how to view hidden files and folders for your specific file manager. Or, like i previously proposed, you can always just use a terminal (which i personally find much easyer to use, but that's probably personal taste). cd /home/h**/
#or, if searching a disk you mounted, search the mountpoint with "mount" then do
cd /whatevermountpoint/home/h**/
ls -ltrha | grep -i -e bit -e elec
|
|
|
|
Aha very interesting, so this old laptop (it was a very very small micro machine) probably was a Linux machine then.
In that case try to find where the wallet would be on a Linux machine.
But the weird thing is that I cant seem to find where the Electrum folder seems to be. I can only find those files as a clue that there should have been Electrum on this machine.
folders staring with a dot (.) are hidden (in this case .bitcoin and .electrum)... Either use a terminal, or look at your gui file explorer's settings to show hidden files and folders... I updated my previous post with the paths that could be interesting. |
|
|
|
The first screenshot shows a couple of images and a shortcut for your desktop Second one also some pictures and a shortcut Thirth one also some pictures and a shortcut Fourth one shows the root of a linux volume None of the screenshots contain any files that i would identify as a wallet file. Go and look in the /home/ folder, iterate trough the users in the home folder and look for /home/[user]/.bitcoin/ and /home/[user]/.electrum folders. If you find a user /home/[user]/.bitcoin/ folder look if there's a wallet.dat file, if not: open bitcoin.conf and see if there's a different wallet path, if not: look if /home/[user]/.bash_history exists and see if you can find any indication of how you started bitcoin core If you find a /home/[user]/.electrum, look if there's a wallet subfolder containing wallets |
|
|
|
Thanks for the input from everybody  I'm happy to see that at least i'm not being extremely paranoid and several other members also think there's something off about this guy... From time to time you encounter somebody that's clearly a scammer and you deal with him/her as such. Other times it's more subtitle, and you wonder whether or not you're becoming paranoid. The guy did not contact me again, so i did not have the chance to give him his $5 back (eventough i explicitly asked him to make me an invoice). Once he does give me an invoice i'm planning on refunding him and then just letting it be, whilst still keeping an eye on him from time to time so i can give him a negative or neutral feedback if he clearly crosses the line. Since i think this thread and the input i got is more than sufficient for me to make up my mind, i'll close it (for now). If anybody wants to add extra remarks, don't hesitate to PM me and i'll unlock it for a short while so you can add an extra post. |
|
|
|
thanks
I know I also have at least one instance of electrum on one of my old disks
Is there a similar file to wallet.dat to search for to find Electrum wallet
thanks
yes. Electrum also uses wallets, IIRC, the default wallet is called default_wallet, but electrum makes it really easy to pick different names for new wallets... There are default places where both bitcoin core and electrum store their wallet files (not in the same place, they both have their own default folder), but those paths differ between different operating systems... Also, both electrum and bitcoin core allow you to create wallets in about any path you want, they just also happen to have a default path. |
|
|
|
|
nope
Those files are just bitcoin's sourcecode...
The only thing you can do with those files is compile them into a binary, they don't contain private keys or other private information... Unless you took a wallet.dat and manually changed the extension to hide it in plain sight.
If you can open the file with a text editor (kate, gedit, vi, nano, notepad, notepad++,...) and read actual code, it's an ascii file and it's just sourcecode... If you cannot open these files because they're pure gibberish (and with gibberish i mean just random looking weird characters), it *might* be a hidden wallet file... But since the names you list there are 100% the names of the files containing bitcoin's sourcecode, i think the odds for a hidden wallet are slim to none.
|
|
|
|
and that +rep would be appreciated and sent back!
[~snip~]
Now, my main question: am i being paranoid, or was this user just baiting DT members with a small denomination only to guilt them into giving him positive trust?
From what I read, I'd understand the same thing as you from all this business. And, more than that, after sending the 5$ back (imho that was kinda mistake, especially as you know that there's "no free lunch"), I could even consider negative feedback. In, hindsight, you are 100% correct, there IS no such thing as a free lunch. The reason i took the bait was that there seems to be a renewed intrest in the lightning network (at least, my gut feeling is that i'm seeing more LN topics recently), so i basically assumed the user's question was a legit one, and the he did indeed need a ln invoice... Maybe he wanted to test his scripts, maybe he wanted to test his routings, maybe... ? But yeah, i should have left it "as is". He didn't sent me a $5 invoice (yet), but i truly hope he sends it asap, so this can be over and done with... --snip--
If the offer is not sensitive, would you mind sharing it so we have at least some idea about what is going on?
--snip--
I'll PM you with the thread(s): the one that "trapped" me and the one that's a bit to good to be true... Just don't disclose them, since i have no proof of an actual scam or a "hard" bribe attempt, i'd rather not besmear the user's rep based on my gut feelings EDIT: i opened this thread just before the closing of the business day... I'll be AFK for about 16 hours, so i probably won't be able to reply before tomorrow morning |
|
|
|
I think begging for positive trust is not ok, whether it's a $5 or a $5000 deal. A successful trade doesn't automatically make one "unlikely to scam", and pestering after a $5 trade (or donation or whatever) is sketchy AF. Probably worth a neutral but that's up to you.
Thank you for reading my ramblings and verifying that at least from my point of view of the situation smells rather fishy... It's perfectly possible that the person i'm talking about is just very "clingy" and is disgruntled because he payed me $5 and didn't get what he wanted in return... It's just that i really don't know what to make of it and wether or not it's worth making it a "real" issue (escalating everything). |
|
|
|
I need some input on wether or not i'm being paranoid here... Just to learn from my mistakes. I'm not publicly stating the username of the user i'm talking about, since i have no proof of any real wrong-doing, so i do not want to tarnish his rep. If anybody digs and finds the person i'm talking about, i'd like to request not to post his username here... I'm also going to paraphrase instead of quoting him, for exactly the same purpose.
So, the story goes as follows Yesterday, i was browsing a non-bitcoin related subforum and a clickbait title catches my attention. As usual, i open the post to read if my instinct was correct... The OP said (and i'm paraphrasing to protect the identity of the user i'm talking about) I'm testing an LN application and i need a $5 LN invoice for my test. The first one that PM's me such an invoice will see it getting payed
At least, that's how i interpreted the post The topic wasn't closed, nobody posted anything that indicated the $5 invoice was created for this user... So i taught to myself: i get payed about $30/hour (after taxes), $5 is worth 10 minutes of my time... So i opened a connection to my ln node, looked up the exchange rate for $5, created an invoice and sent it to the user. He immediately payed $5, so i taught his test was succesfull and i helped him out whilst getting a $5 tip for my efforts (which is nice, but not world-changing... It's basically what i make in 10 minutes, which was about the amount of time i spent on the whole process... BUT at least i did something nice for somebody that was in need). However, the user immediately PM'ed me back, leading me to a thread that can only be described as containing an offer to good to be true... However, if something is to good to be true, it usually is, and this particular offer has a potential to leading to my identity being DOXXED, aswell as a potential of illegal goods being purchased under my name... So i made up a (true) excuse and tought the communication with the OP was over. Today, however, i receive a PM from him telling me that i should have thanked him for the $5 (wich might be true... IDK) AND that i SHOULD give him some +rep. I answered that i'd vouch on his thread that he did indeed payed the invoice and did indeed gave me the $5, but that i wasn't going to give him +rep since i didn't give out +rep unless i've dealth with you for a very long time (hence, TRUST you, which is basically the idear behind the trust system)... Moreover, that i tought i was doing him a favour by sending him the invoice, but i thanked him for the $5 anyways. A couple of hours later, he replies (once again) that his initial thread was a couple of days old already, and he didn't need the invoice i sent him, but he payed it anyways (like i should have guessed this) and that +rep would be appreciated and sent back! I replied him basically telling him that i didn't like the way this discussion was going, and asked him to create a ln invoice with the same value as the one i initially sent him, so i could refund his $5 and be done with it. I already spent the better part of an hour creating the LN invoice, verifying it, reading and replying to his thread... I really don't want to end up being a suspect in a trust bribery scandal for $5 and i really don't want to spend any more time for a $5 tip... Now, my main question: am i being paranoid, or was this user just baiting DT members with a small denomination only to guilt them into giving him positive trust? |
|
|
|
|
Apparently the OP no longer needs help.
@OP: please close your thread or at least update your post when help is no longer needed.
|
|
|
|
--snip-- In the solution you propose, I guess that he will have to get the output and parse it. Clearly possible and clearly inelegant too  On the other hand, in case he wants to do this (run a command line, get the output) for a website, I don't know whether that's possible at all (but I may be completely wrong too). Of course, what I wrote was an idea OP can take into account or completely ignore. No biggie. Just for the sake of clarity and completeness, i'd like to say that it's defenatly inelegant, but i do system calls from python scripts all the time and python is perfectly capable of handling these situations... In my line of work, i usually get closed source binaries from vendors... If i want to write wrapper scripts, the only thing i can do is use system calls to these closed source binaries and parse the output... Offcourse, if the vendor upgrades his binary, or if you get unforseen output, you'll need to maintain the wrapper script aswell. As for using the output for a website: it shouldn't matter if he's using a native python library or a system call. The end result is exactly the same. |
|
|
|
|
Show Posts
