Bitcoin Forum
June 25, 2019, 07:06:51 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Bitcoin security for websites that accept bitcoins  (Read 1073 times)
gweedo
Legendary
*
Offline Offline

Activity: 1246
Merit: 1000


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
November 10, 2013, 01:55:44 AM
 #1

So I have seen a lot of people getting hacked left and right. I do feel sorry even thou I think people should be able to spot scams. I will be launching a bitcoin accepting site soon so security has been on my mind.

Disclaimer no site is 100% impossible to hack, your job as admin or programmer, is to make it very difficult, that at some point it becomes too much time for the hacker to spend or not enough rewards for the time spent hacking it.

1) So the first method is probably the best method. It is cold storage or offline funds. This is great for websites, that want to accept payments for a product / service / don't need to move funds around. One way to do this is to create addresses on an offline computer. For that you can use armory or vanitygen. Then what I like to do is have a php script that can read the csv file and import into a mysql table that will then correspond to an order, using table relationships. I also like to make a one way hash with a salt of each address while also using the mysql AES function. This way I have multiple lines of verification incase someone got my mysql login and decided to change the addresses in the table. This doesn't protect against a full compromise of server, but does protect your funds in that event. Now I also verify payments by using a bitcoind and having options txindex=1, blocknotify attached to a php script that checks the transactions of each block. Then using gettransaction you can check each output if they are a payment to any of your addresses then just marked it as paid.

2) My next method is using bitcoind to accept and send payments. My first rule is buy a good computer and keep it in your home, this should be for the bitcoind. I also would set it up with a server distro of linux with an IDS/good firewall. Bitcoind has accounts and that is great for keeping a "balance" of a user. That should be a backup system. Too many times have people have showed me using that as a backend. I always use it to compare and make sure mysql is update on balances or to detect an attack in progress. I also suggest building a proxy that can check withdraws against the balance of the bitcoind. I usually make 5 BTCs and greater a threshold so anything over that becomes a manual withdraw or a scale of 1/3 of the balance or greater. I usually have it email me that transaction and use the createrawtransaction api call.

3) My final method and one that I hardly talk about but probably going to be thing for more advance companies. Is the custom client or as I call it the read-only wallet. The great thing about bitcoin is that it is open source as you all know by this point, so many people have created libraries to interact with the network or using the bicoind source code and stripping out everything you didn't need. This made me think about writing my own client, in theory I was trying to keep all sending of payments within inside this application and only have one RPC call, which is getnewaddress. The pros about this situation is if someone did get into your server they wouldn't be able to connect to the client on another machine and send a false rpc connection to send the whole balance to their address. So the basic principles of this is that you have 3 machines. One is your frontend webserver, one is your mysql server, and the last would be this server that handles all your payments, by connecting to your mysql running a few queries to make sure everything is up and up. Then sending out your withdraw or an email if a few rules were broken. I can't talk to much about this but I have 3 of them deployed in different sites that I was hired to build and they are doing great. I think this is the future, bitcoind got us to this point but now we have to look on to future.


Just some tips for securing any linux server...
  • Encrypt the swap and ram
  • Encrypt the hard drive, it is a performance hit a little
  • I use both fail2ban and denylist
  • Custom IDS
  • Application firewalls, but when you get the funds, do a hardware firewall


I welcome more people to join this thread with how they secure their sites, hopefully we can help more people. This doesn't protect from shady individuals or scams.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
1561489611
Hero Member
*
Offline Offline

Posts: 1561489611

View Profile Personal Message (Offline)

Ignore
1561489611
Reply with quote  #2

1561489611
Report to moderator
1561489611
Hero Member
*
Offline Offline

Posts: 1561489611

View Profile Personal Message (Offline)

Ignore
1561489611
Reply with quote  #2

1561489611
Report to moderator
1561489611
Hero Member
*
Offline Offline

Posts: 1561489611

View Profile Personal Message (Offline)

Ignore
1561489611
Reply with quote  #2

1561489611
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1561489611
Hero Member
*
Offline Offline

Posts: 1561489611

View Profile Personal Message (Offline)

Ignore
1561489611
Reply with quote  #2

1561489611
Report to moderator
1561489611
Hero Member
*
Offline Offline

Posts: 1561489611

View Profile Personal Message (Offline)

Ignore
1561489611
Reply with quote  #2

1561489611
Report to moderator
Dabs
Staff
Legendary
*
Offline Offline

Activity: 2366
Merit: 1143



View Profile
November 10, 2013, 02:52:18 AM
 #2

I thought of something similar:

1. use vanitygen to make a few thousand addresses offline.
2. use pywallet to make a watch-only clone wallet.dat. Then you can use bitcoind safely.
3. use something that notifies you when 50% of the addresses have been used. You then manually add new addresses. Or you keep track of your orders anyway, so you should know.


Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
No_2
Hero Member
*****
Offline Offline

Activity: 853
Merit: 1006


BTC: the beginning of stake-based public resources


View Profile WWW
November 10, 2013, 11:39:06 AM
 #3

I thought of something similar:

1. use vanitygen to make a few thousand addresses offline.
2. use pywallet to make a watch-only clone wallet.dat. Then you can use bitcoind safely.
3. use something that notifies you when 50% of the addresses have been used. You then manually add new addresses. Or you keep track of your orders anyway, so you should know.

I read somewhere that you can generate a 'seed' for public and private addresses offline and then use this public seed to generate as many addresses as you want on your public server, i.e. one per customer. Any time funds are spent to these addresses they are then in cold storage. Using the private seed, which you store offline, you can then access any of these cold storage addresses when you want.

I can think of a couple ways this can be done cryptographically. I can't remember specifically where I first read about this but I've been meaning to read/think more on this at some point...

Crytponomy: a blockchain and cryptocurrency consultancy
Twitter: @CryptonomyCo | Facebook | Telegram
Abdussamad
Legendary
*
Offline Offline

Activity: 2142
Merit: 1148



View Profile WWW
November 10, 2013, 12:00:07 PM
 #4

I thought of something similar:

1. use vanitygen to make a few thousand addresses offline.
2. use pywallet to make a watch-only clone wallet.dat. Then you can use bitcoind safely.
3. use something that notifies you when 50% of the addresses have been used. You then manually add new addresses. Or you keep track of your orders anyway, so you should know.

I read somewhere that you can generate a 'seed' for public and private addresses offline and then use this public seed to generate as many addresses as you want on your public server, i.e. one per customer. Any time funds are spent to these addresses they are then in cold storage. Using the private seed, which you store offline, you can then access any of these cold storage addresses when you want.

I can think of a couple ways this can be done cryptographically. I can't remember specifically where I first read about this but I've been meaning to read/think more on this at some point...

Yep you can do this easily with a deterministic wallet like electrum. There is even some php code for generating new addresses given the master public key. Stick made this small library using code from other sources:

https://github.com/prusnak/addrgen

So the seed remains offline so even if your server is compromised you can't loose your coins. At most you loose privacy.

Dabs
Staff
Legendary
*
Offline Offline

Activity: 2366
Merit: 1143



View Profile
November 10, 2013, 12:11:58 PM
 #5

The problem with the current implementation of the public and private deterministic seeds, is that they generate uncompressed private keys.

So I prefer vanitygen with compressed keys. Besides, adding 10,000 addresses at a time shouldn't be much of a problem.

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
Abdussamad
Legendary
*
Offline Offline

Activity: 2142
Merit: 1148



View Profile WWW
November 10, 2013, 12:47:07 PM
 #6

The problem with the current implementation of the public and private deterministic seeds, is that they generate uncompressed private keys.

So I prefer vanitygen with compressed keys. Besides, adding 10,000 addresses at a time shouldn't be much of a problem.

If you want to generate a lot of addresses offline then bitcoind is also an option. Set the key pool in the config file to 10k and use getnewaddress + dumpprivkey in a loop or just run pywallet on the wallet.dat file. You can run bitcoind without downloading the blockchain by doing the following:

bitcoind -daemon -connect=127.0.0.1


Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!