bitpop
Legendary
 Offline
Activity: 2912
Merit: 1060
|
 |
January 14, 2014, 12:30:37 PM |
|
Go to digital ocean and do all their tutorials. It'll cost you a couple bucks. You'll learn almost everything.
thanks for the advice, will do. it looks like the tutorials are all pretty old. are they possibly out of date? I don't think so. I did see ubuntu is 12.04 and newest is 13.10 but it doesn't matter. |
|
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
r3wt (OP)
|
|
January 14, 2014, 12:32:57 PM |
|
last time i checked, experience > exams
Would you try flying a plane without a license, without taking exams to determine you are capable and competent. I hope not. the loudest voice in the room is often the weakest |
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
|
r3wt (OP)
|
|
January 14, 2014, 12:37:45 PM |
|
it's my first server, doesn't mean i'm incapable of learning i just don't know because i'm not experienced. maybe i'll find someone who is and hire them to teach me how to properly secure the server.
That in itself is scary. Security is ongoing, when you say "properly secure the server" you imply that at some point the job is done. You should not be running a server that has other peoples money stored on it. My advice would be to get some qualifications first. thanks for your advice. everyone can learn. you are wrong. There are no "properly secure the server". Securing a server is a cyclic task with continuous risk assessment, fine tuning your systems and admin procedures, searching for vulnerabilities and fixing them. Perhaps you should take a look at ISO 27001. I was gonna be sarcastic here, but what the hell. thank you for your informative post. |
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
|
Coin_Master
|
|
January 14, 2014, 12:38:11 PM |
|
last time i checked, experience > exams
Would you try flying a plane without a license, without taking exams to determine you are capable and competent. I hope not. the loudest voice in the room is often the weakest You are a dangerous man r3wt! (probably more like reckless actually) |
|
|
|
|
|
r3wt (OP)
|
|
January 14, 2014, 12:43:55 PM |
|
last time i checked, experience > exams
Would you try flying a plane without a license, without taking exams to determine you are capable and competent. I hope not. the loudest voice in the room is often the weakest You are a dangerous man r3wt! (probably more like reckless actually) i got the gist of it without the parenthesis |
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
phil92
Newbie
Offline
Activity: 47
Merit: 0
|
|
January 14, 2014, 12:45:14 PM |
|
last time i checked, experience > exams
Would you try flying a plane without a license, without taking exams to determine you are capable and competent. I hope not. the loudest voice in the room is often the weakest You are a dangerous man r3wt! (probably more like reckless actually) i got the gist of it without the parenthesis OMG stop responding to comments here and solve our deposits/withdrawals issues on the website !!! |
|
|
|
|
|
r3wt (OP)
|
|
January 14, 2014, 12:46:43 PM |
|
last time i checked, experience > exams
Would you try flying a plane without a license, without taking exams to determine you are capable and competent. I hope not. the loudest voice in the room is often the weakest You are a dangerous man r3wt! (probably more like reckless actually) i got the gist of it without the parenthesis OMG stop responding to comments here and solve our deposits/withdrawals issues on the website !!! what, i'm not allowed to multitask? |
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
|
Coin_Master
|
|
January 14, 2014, 12:54:05 PM |
|
1) non-standard port
2) no root login
3) ssh key entry only
4) iptables ip restriction
This was posted earlier in the thread. If you insist on running an exchange at this point in time, I would suggest setting an 'ip address restriction'. This means no ssh connections can be made to your server from any ip address that is not permitted. It is not 100% fool proof as your ISP could launch an attack on your server by spoofing your permitted ip addresses. This is extremely unlikely, but a possibility. Doing this one thing would likely prevent any future compromises. |
|
|
|
|
|
r3wt (OP)
|
|
January 14, 2014, 12:56:32 PM |
|
1) non-standard port
2) no root login
3) ssh key entry only
4) iptables ip restriction
This was posted earlier in the thread. If you insist on running an exchange at this point in time, I would suggest setting the 'ip address restriction'. This means no ssh connections can be made to your server from any ip address that is not permitted. It is not 100% fool proof as your ISP could launch an attack on your server by spoofing your permitted ip addresses. This is extremely unlikely, but a possibility. Doing this one thing would likely prevent any future compromises. i have read a few tutorials on the subject and after discussing with Justin, we have chosen to do the smart thing and have contacted a professional server administrator. he's not cheap but he's agreed to help us get it secured as much as humanly is possible, with the notion that we would hire him full or part time once we can afford it. |
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
|
jytou
|
|
January 14, 2014, 12:58:08 PM |
|
Give the guy a break. He messed up. And he confessed it. I know others who would have kept it silent until complete crash or recover. Others might have just disappeared. He may not be a security guru, but his site is working. Not a noob as I would call it. And whoever is keeping lots of funds on an exchange site is a fool. Not saying he shouldn't do something about it: I guess he had his lesson. @Coinmaster: at last a constructive message.  |
|
|
|
|
|
|
|
bzyzny
|
|
January 14, 2014, 01:04:46 PM |
|
I was hoping things would go well for this exchange since it was open source. but having it open source before security auditing may have given some clue about its insecurity unfortunately. hope you will have better luck next time or at least hire someone reputable to help with security.
also, I was wondering if username/passwords where stolen, or any other coins? was the hack only affecting btc wallet?
0.14203175btc @ 1PFo41TnkogkD1DJWxFwMWc5ShMn1tJxhN
|
|
|
|
|
McC0rm1ck
Newbie
Offline
Activity: 9
Merit: 0
|
|
January 14, 2014, 01:08:25 PM
Last edit: January 14, 2014, 01:20:26 PM by McC0rm1ck |
|
I pay a bounty of 1'000 BinaryCoin (BIC) to someone where find this very poor burglar and take him to justice.
I hope that the developer will continue his work. He made a nice open source exchange!
|
|
|
|
|
|
r3wt (OP)
|
|
January 14, 2014, 01:10:42 PM |
|
I was hoping things would go well for this exchange since it was open source. but having it open source before security auditing may have given some clue about its insecurity unfortunately. hope you will have better luck next time or at least hire someone reputable to help with security.
also, I was wondering if username/passwords where stolen, or any other coins? was the hack only affecting btc wallet?
0.14203175btc @ 1PFo41TnkogkD1DJWxFwMWc5ShMn1tJxhN
whoever it was only in the server for 6 minutes before i found out. we do not know, but as a precaution we are having everyone withdraw all coins. database will be completely wiped, along with wallet.dats and conf files. have to start over from scratch. who knows what they took while they were in there. |
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
jdebunt
Legendary
Offline
Activity: 1596
Merit: 1010
|
|
January 14, 2014, 01:11:11 PM |
|
Sorry to hear this happened r3wt  |
|
|
|
|
|
nocoin
|
|
January 14, 2014, 01:11:44 PM |
|
Wait did you use a password for your ssh login?
What is the address of the wallet?
i don't know. he took the wallet.dat it's my first server
r3wt is a trusted man
 |
|
|
|
|
phil92
Newbie
Offline
Activity: 47
Merit: 0
|
|
January 14, 2014, 01:17:55 PM |
|
I was hoping things would go well for this exchange since it was open source. but having it open source before security auditing may have given some clue about its insecurity unfortunately. hope you will have better luck next time or at least hire someone reputable to help with security.
also, I was wondering if username/passwords where stolen, or any other coins? was the hack only affecting btc wallet?
0.14203175btc @ 1PFo41TnkogkD1DJWxFwMWc5ShMn1tJxhN
whoever it was only in the server for 6 minutes before i found out. we do not know, but as a precaution we are having everyone withdraw all coins. database will be completely wiped, along with wallet.dats and conf files. have to start over from scratch. who knows what they took while they were in there. Sorry to insist, but as I can see you will delete the entire database and wallet, what about pending DEPOSITS ? I'd be happy to withdraw my money but I can't. 0.02569114 BTC - Deposit address at the time : 1A4LKQVr4r7WgG3rTYMBfDrM4qhpRU6ufR. But you changed that address since then so don't know it this will be of any help... |
|
|
|
|
50cent_rapper
Legendary
Offline
Activity: 1344
Merit: 1000
|
|
January 14, 2014, 01:18:41 PM |
|
It's better to have bad things at start, rather than when you are operating 500 btc-s.
And yeah, shit happens.
|
|
|
|
|
|
r3wt (OP)
|
|
January 14, 2014, 01:20:43 PM |
|
I was hoping things would go well for this exchange since it was open source. but having it open source before security auditing may have given some clue about its insecurity unfortunately. hope you will have better luck next time or at least hire someone reputable to help with security.
also, I was wondering if username/passwords where stolen, or any other coins? was the hack only affecting btc wallet?
0.14203175btc @ 1PFo41TnkogkD1DJWxFwMWc5ShMn1tJxhN
whoever it was only in the server for 6 minutes before i found out. we do not know, but as a precaution we are having everyone withdraw all coins. database will be completely wiped, along with wallet.dats and conf files. have to start over from scratch. who knows what they took while they were in there. Sorry to insist, but as I can see you will delete the entire database and wallet, what about pending DEPOSITS ? I'd be happy to withdraw my money but I can't. 0.02569114 BTC - Deposit address at the time : 1A4LKQVr4r7WgG3rTYMBfDrM4qhpRU6ufR. But you changed that address since then so don't know it this will be of any help... I will be happy to help you phil. let me know the details via pm. |
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
|
r3wt (OP)
|
|
January 14, 2014, 01:22:13 PM |
|
Sorry to hear this happened r3wt Yeah me too. back to the drawing board once more. |
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
|
