So I have seen a lot of people getting hacked left and right. I do feel sorry even thou I think people should be able to spot scams. I will be launching a bitcoin accepting site soon so security has been on my mind.
Disclaimer no site is 100% impossible to hack, your job as admin or programmer, is to make it very difficult, that at some point it becomes too much time for the hacker to spend or not enough rewards for the time spent hacking it.
1) So the first method is probably the best method. It is cold storage or offline funds. This is great for websites, that want to accept payments for a product / service / don't need to move funds around. One way to do this is to create addresses on an offline computer. For that you can use armory or vanitygen. Then what I like to do is have a php script that can read the csv file and import into a mysql table that will then correspond to an order, using table relationships. I also like to make a one way hash with a salt of each address while also using the mysql AES function. This way I have multiple lines of verification incase someone got my mysql login and decided to change the addresses in the table. This doesn't protect against a full compromise of server, but does protect your funds in that event. Now I also verify payments by using a bitcoind and having options txindex=1, blocknotify attached to a php script that checks the transactions of each block. Then using gettransaction you can check each output if they are a payment to any of your addresses then just marked it as paid.
2) My next method is using bitcoind to accept and send payments. My first rule is buy a good computer and keep it in your home, this should be for the bitcoind. I also would set it up with a server distro of linux with an IDS/good firewall. Bitcoind has accounts and that is great for keeping a "balance" of a user. That should be a backup system. Too many times have people have showed me using that as a backend. I always use it to compare and make sure mysql is update on balances or to detect an attack in progress. I also suggest building a proxy that can check withdraws against the balance of the bitcoind. I usually make 5 BTCs and greater a threshold so anything over that becomes a manual withdraw or a scale of 1/3 of the balance or greater. I usually have it email me that transaction and use the createrawtransaction api call.
3) My final method and one that I hardly talk about but probably going to be thing for more advance companies. Is the custom client or as I call it the read-only wallet. The great thing about bitcoin is that it is open source as you all know by this point, so many people have created libraries to interact with the network or using the bicoind source code and stripping out everything you didn't need. This made me think about writing my own client, in theory I was trying to keep all sending of payments within inside this application and only have one RPC call, which is getnewaddress. The pros about this situation is if someone did get into your server they wouldn't be able to connect to the client on another machine and send a false rpc connection to send the whole balance to their address. So the basic principles of this is that you have 3 machines. One is your frontend webserver, one is your mysql server, and the last would be this server that handles all your payments, by connecting to your mysql running a few queries to make sure everything is up and up. Then sending out your withdraw or an email if a few rules were broken. I can't talk to much about this but I have 3 of them deployed in different sites that I was hired to build and they are doing great. I think this is the future, bitcoind got us to this point but now we have to look on to future.
Just some tips for securing any linux server...
- Encrypt the swap and ram
- Encrypt the hard drive, it is a performance hit a little
- I use both fail2ban and denylist
- Custom IDS
- Application firewalls, but when you get the funds, do a hardware firewall
I welcome more people to join this thread with how they secure their sites, hopefully we can help more people. This doesn't protect from shady individuals or scams.
