[ANN][DASH] Dash (dash.org) | First Self-Funding Self-Governing Crypto Currency

[camosoul]

He learned the HARDWAY how not to setup your masternode. I will be putting together a list of things to check and an ISO and AMI for people to use with MOST of the issue addressed, you will still be responsible for checking any think I missed and verify it works for your setup.

I would like to request for no AMI images. There are already too many Amazon servers (over 50%) and I believe having a readily available image will just encourage more centralization! Just do ISO's, please!

Amazon already has the firewall locked down.

Root login without a .pem key is disabled.

Just the .pem key alone would of saved him.

This just shows though, that you absolutely need to be running a remote and local set up.

I would like to have an AMI from InternetApe, I don't see why you  wouldn't help all the people running Amazon nodes. People will move if detailed instructions and guidance from the Dev team is provided, the notion that people will move from Amazon without this is unrealistic.

You can repeat that non IT experts shouldn't run masternodes all you want, there is money to be make and people will run them. That is why the model was created to help by keeping coins out of circulation, so it is in the best interest of the project and the duty of the dev team to support the masternode ops whether new or expert with everything possible including AMI´s.

Experts? Even a total noob should know better. You're right. Stupid people are going to do stupid stuff no matter what I say... But what sort of man stands idly by and watches an essential aspect of the DRK network get buttfucked by idiots? I can't buy those stolen DRK on Cryptsy as morons sell into my waiting jaws... This buttfucks DRK's infrastructure directly.

It's a lot like a 51% threat... If people can't trust the network because it's run by fucktards, then you're hurting your own value. Don't let desperation for a money hose undermine your own investment, would-be noob MN runners...

the script kiddie that won the lottery of brute-forcing this MN isn't going to quit after being rewarded. He's going to try harder. I'm willing to bet that at least 51% of the MNs out there are getting fingered by him right now, and they don't even know it...

[Minotaur26]

He learned the HARDWAY how not to setup your masternode. I will be putting together a list of things to check and an ISO and AMI for people to use with MOST of the issue addressed, you will still be responsible for checking any think I missed and verify it works for your setup.

I would like to request for no AMI images. There are already too many Amazon servers (over 50%) and I believe having a readily available image will just encourage more centralization! Just do ISO's, please!

Amazon already has the firewall locked down.

Root login without a .pem key is disabled.

Just the .pem key alone would of saved him.

This just shows though, that you absolutely need to be running a remote and local set up.

I would like to have an AMI from InternetApe, I don't see why you  wouldn't help all the people running Amazon nodes. People will move if detailed instructions and guidance from the Dev team is provided, the notion that people will move from Amazon without this is unrealistic.

You can repeat that non IT experts shouldn't run masternodes all you want, there is money to be make and people will run them. That is why the model was created to help by keeping coins out of circulation, so it is in the best interest of the project and the duty of the dev team to support the masternode ops whether new or expert with everything possible including AMI´s.

Experts? Even a total noob should know better. You're right. Stupid people are going to do stupid stuff no matter what I say... But what sort of man stands idly by and watches an essential aspect of the DRK network get buttfucked by idiots? I can't buy those stolen DRK on Cryptsy as morons sell into my waiting jaws... This buttfucks DRKs infrastructure directly.

I was just saying official guidance, best practices, etc, is expected from the Dev team. This case in particular was an extreme, I consider myself a noob and I don't have any of those errors and oversights, not one. My point is the dev team needs to remain neutral and realistic and provide all the help possible because people with multiple backgrounds will most definitely run the nodes.

[Ozziecoin]

8047 difficulty.

wtf is going on? after all that value lost how come everyone and their dog is mining this?

Because the trolling failed to tank the coin, is my guess.

[c3ntrx]

It appears there is someone that is pulling all the masternodes from the wallet and running scripts on them to hack in.

Is this a surprise?

And in this case they was able to gain access via SSH, so it had nothing to do with problems in the wallet/daemon/masternode itself.

As suspected.

• The firewall was not running, so all ports were open
• Root access via SSH was allowed
• OpenSSL v1.0.1f was installed on the server
• The password to unlock the wallet was still in bash history command
• The root password was less than 8 characters

As suspected.

My recommendations:

• DO NOT allow root ssh access
• Only open port 9999 in your firewall to the world
• Only open port 22 (SSH) to a trusted ip
• Setup SSH to use certificates for logging in
• Do not run any application on the server that you dont have to
• Encrypt you wallet
• Clear your bash history

All common sense... It worries me that a rote list is being handed out. These are things a person should know if they're going to support the network...

If a person doesn't know this much already, they have no business running any server on the internet, much less a masternode. Following some rote guide line by line will only give them a false sense of security and no ability to handle the future.

Frankly, I'd prefer all ports but 9999 and TOR Listen be secured by port knocking. Re-direct all externally accessible services through TOR so that they only listen to localhost and no known .onion exists for those services to anyone but yourself. Since TOR uses renzdezvous points, the TOR port being open grants them access to none of the services passing through it, and no idea what the traffic is, where it goes, what it's for, etc... They can't protscan a port that doesn't exist. SOCKS5 stream for the win. Using TOR for this has massive advantages completely removed from it's anonymity/encryption/obfuscation functions.

I re-route all my SSH through TOR. SSHD doesn't even listen to the NIC, localhost only. Also, the entire SSHD service is port knocked to trigger "service sshd start" on top of not even listening to the NIC... Run knock sequence then ssh through socat .onion... Nobody even knows it's there... Nobody knows the address but me. Logs can't even give me away since I'm coming in through tor... If only DPR had used his head... ;-)

his wallet address is XhGwaKJPMdqEyMU85QBReNNMzVGKDW2EPz

He learned the HARDWAY how not to setup your masternode. I will be putting together a list of things to check and an ISO and AMI for people to use with MOST of the issue addressed, you will still be responsible for checking any think I missed and verify it works for your setup.

His lose WILL help everyone else by showing what you MUST setup so please help him where you can. I will pull some together myself to send.

Pain is an excellent teacher. A smart man learns from his mistakes. A wise man learns from the mistakes of others. If you don't know what you're doing; don't!

It's sad and all, but I'm not sending him any welfare. I want him to learn. Let it hurt... Call me a meany poopie face if you want, but this was super extreme stupid. No excuse at all. If you don't know what youo're doing; don't. There is no guide that can teach you common sense. You MUST understand. There is no substitute.

Thats the way to do it!  

[chaeplin]

thank you very much for the help over skype, it seems that the hacker could enter my vps, don't know how exactly but he did
he will post on darkcointalk some advice and tips to not have the same issue as me

if someone can help me in any way please send some tip on my darkcoin wallet
XhGwaKJPMdqEyMU85QBReNNMzVGKDW2EPz

So here was the issue(s).

 It appears there is someone that is pulling all the masternodes from the wallet and running scripts on them to hack in.

And in this case they was able to gain access via SSH, so it had nothing to do with problems in the wallet/daemon/masternode itself.

• The firewall was not running, so all ports were open
• Root access via SSH was allowed
• OpenSSL v1.0.1f was installed on the server
• The password to unlock the wallet was still in bash history command
• The root password was less than 8 characters

My recommendations:

• DO NOT allow root ssh access
• Only open port 9999 in your firewall to the world
• Only open port 22 (SSH) to a trusted ip
• Setup SSH to use certificates for logging in
• Do not run any application on the server that you dont have to
• Encrypt you wallet
• Clear your bash history

There are more, but this would have secured this server.

If any of you can spare a few darkcoins to help this person, he lost 999DRK because of the above issues.

his wallet address is XhGwaKJPMdqEyMU85QBReNNMzVGKDW2EPz

He learned the HARDWAY how not to setup your masternode. I will be putting together a list of things to check and an ISO and AMI for people to use with MOST of the issue addressed, you will still be responsible for checking any think I missed and verify it works for your setup.

His lose WILL help everyone else by showing what you MUST setup so please help him where you can. I will pull some together myself to send.

I want add one more

Do InternetApe's recommendations plus
 -  use /etc/hosts.allow and /etc/hosts.deny for caution(if firewall is opened somehow, it will help)
    (** if your home ip is dedicated or vary with in c class range).

Code:

# /etc/hosts.deny
# See 'man tcpd' and 'man 5 hosts_access' as well as /etc/hosts.allow
# for a detailed description.

sshd : all

Code:

# /etc/hosts.allow
# See 'man tcpd' and 'man 5 hosts_access' for a detailed description
# of /etc/hosts.allow and /etc/hosts.deny.
#
sshd : specific_ip
sshd : a.b.c.          # allow a.b.c.0 ~ a.b.c.255

[Sleepyx]

thank you very much for the help over skype, it seems that the hacker could enter my vps, don't know how exactly but he did
he will post on darkcointalk some advice and tips to not have the same issue as me

if someone can help me in any way please send some tip on my darkcoin wallet
XhGwaKJPMdqEyMU85QBReNNMzVGKDW2EPz

So here was the issue(s).

 It appears there is someone that is pulling all the masternodes from the wallet and running scripts on them to hack in.

And in this case they was able to gain access via SSH, so it had nothing to do with problems in the wallet/daemon/masternode itself.

• The firewall was not running, so all ports were open
• Root access via SSH was allowed
• OpenSSL v1.0.1f was installed on the server
• The password to unlock the wallet was still in bash history command
• The root password was less than 8 characters

My recommendations:

• DO NOT allow root ssh access
• Only open port 9999 in your firewall to the world
• Only open port 22 (SSH) to a trusted ip
• Setup SSH to use certificates for logging in
• Do not run any application on the server that you dont have to
• Encrypt you wallet
• Clear your bash history

There are more, but this would have secured this server.

If any of you can spare a few darkcoins to help this person, he lost 999DRK because of the above issues.

his wallet address is XhGwaKJPMdqEyMU85QBReNNMzVGKDW2EPz

He learned the HARDWAY how not to setup your masternode. I will be putting together a list of things to check and an ISO and AMI for people to use with MOST of the issue addressed, you will still be responsible for checking any think I missed and verify it works for your setup.

His lose WILL help everyone else by showing what you MUST setup so please help him where you can. I will pull some together myself to send.

Jesus christ, I dont know much but I know to do all of that stuff, its even in the guide. How are people so careless with their money. Poor guy but man $10,000, you should have researched the shit out of what you needed to do.

[btc-mike]

i am surprised it took this long.

there have been people complaining for weeks that setting up the MN on Linux is too hard and they have been getting their hand held through the setup.

[camosoul]

I want add one more

Do InternetApe's recommendations plus
 -  use /etc/hosts.allow and /etc/hosts.deny for caution(if firewall is opened somehow, it will help)
    (** if your home ip is dedicated or vary with in c class range).

Code:

# /etc/hosts.deny
# See 'man tcpd' and 'man 5 hosts_access' as well as /etc/hosts.allow
# for a detailed description.

sshd : all

Code:

# /etc/hosts.allow
# See 'man tcpd' and 'man 5 hosts_access' for a detailed description
# of /etc/hosts.allow and /etc/hosts.deny.
#
sshd : specific_ip
sshd : a.b.c.          # allow a.b.c.0 ~ a.b.c.255

If you torify services, this becomes obsolete and the whole mess gets more secure and easier to handle. You don't need any list of allow/reject because the .onion address is what you need. Without that, they can't even brute-force it.

Think of it more like the difference between a safe you can crack the combination on, and a solid hunk of steel that just looks like a safe. They can play with that dial all they want, they're no getting inside of something that doesn't actually have an inside... It's just solid steel with fancy crap on the front waste their time.

[Nthelight]

https://darkcointalk.org/threads/10-reasons-to-invest-in-darkcoin.814/

Just my opinion, and I do mean well. I basically concur with the people who feel that the entry level for masternode ownership must be kept very high, especially in this beta stage, so I'm equally sceptical about helping people set up their masternode. Skillful people should help each other getting it close to perfect, and not allow anyone with 1000 DRK to set up a MN. But it's a trade-off as Evan wants hundreds of MN's asap and leaves this to the community to realize. Kyle is perhaps too nice. No ISO's for newcomers please.

You need to set up a MN to support Darkcoin's anonymous feature, nothing more. Be part of our eco-system, that's it. I don't even think it's really profitable with all the work it requires and wil continue to require. Are you ready for a DDOS attack? How will you manage that? How funny that some people think it's just setting up the server and waiting for payments. It is not easy money ! I wish people would understand that, but the conversations about MN profitability are attracting unskilled people who just want to make quick/easy money.

Risks:
#03 - The masternodes may proof to be the achilles heel of the darkcoin network. These masternodes could become the target of hackers and mayhem could come from it in ways nobody can foresee at this time. I have no confidence in the security hardening skills (on system and network level) of people quickly setting up a masternode to make money. I never had any confidence in the security skills of one person. Any security matter in my professional situation was validated by at least 2 other experts internally and followed by an extensive security audit performed by an independent party. This is not happening here or it's not clear to me. DRK is implicitly asking everyone to provide a lot of trust towards this solution. No-one should ignore the huge risk involved. A genuine worry.

#04 - The implementation of masternodes create various new trust based challenges from within the system or I simply do not understand well. Masternode owners may have the opportunity to manipulate. Especially if there would be collaboration between these operators. Especially if one large holder has many masternodes under his or her control. Why should I trust a masternode? Why should I trust a masternode owner? The incentive to set up a masternode is about profit and hence it will also attract the wrong people. Anyone who created a tutorial 'how to setup a masternode for dummies' may be effectively making this layer the weakest link, despite having good intentions. I can't be confident about the security, because they managed to install and setup a masternode, using a tutorial. The entry level should have been kept very high and only masterfull system engineers with deep knowledge of security should be involved. I understand it's somewhat of a contradiction, because probably the safest approach is just to have a lot of of masternodes? But who has 1000 DRK coins? I haven't seen any number of masternodes set up that makes me feel confident.

[camosoul]

i am surprised it took this long.

there have been people complaining for weeks that setting up the MN on Linux is too hard and they have been getting their hand held through the setup.

It's not hard at all. It just requires that you know what you're doing. And, it should stay that way because it won't be safe otherwise.

[Minotaur26]

Only one last thing on this issue: no target no problem. A cold wallet option, as have been mentioned before would solve this problem 100%.

[CryptoPleb]

Whatever happened to the remote/local cold storage idea? Impossible?

[falsealarm_bf]

i am surprised it took this long.

there have been people complaining for weeks that setting up the MN on Linux is too hard and they have been getting their hand held through the setup.

Another reason to establish a "foundation" organization. An entity can not only support beginner and intermediate investors with technology, but also provide monthly security, even hosting services to generate income for the Darkcoin community. We need to take the "foundation" organization need seriously or further incidents like this will result in an "implosion" of this coin like a dying star.

[camosoul]

i am surprised it took this long.

there have been people complaining for weeks that setting up the MN on Linux is too hard and they have been getting their hand held through the setup.

Another reason to establish a "foundation" organization. An entity can not only support beginner and intermediate investors with technology, but also provide monthly security, even hosting services to generate income for the Darkcoin community. We need to take the "foundation" organization need seriously or further incidents like this will result in an "implosion" of this coin like a dying star.

I disagree on the security aspect. We need to impart the understanding and the ability to stand alone with competence. Not offer a "stay clueless" service. Clueless operators are the problem, not the manner in which they remain clueless.

Changing the way you get a flat tire won't change the fact that it's flat.

[falsealarm_bf]

people can't trust the network because it's run by fucktards

You said it...

Well, considering a generous portion of the general public falls within the "fucktards" category when it comes to security, this is inevitable. We need to find a feasible way to sponsor growth. Calling for "no help to n00bs to maintain a barrier to entry" is a good way to commit coin-cide.

[Ignition75]

i am surprised it took this long.

there have been people complaining for weeks that setting up the MN on Linux is too hard and they have been getting their hand held through the setup.

I'm a crypto miner, from a hardware and windoz sense, I've never dabbled in Linux so I'm paying someone to help me set-up my node properly and securely...

You don't have to be a guru from a technical sense to run a master node, you just need to know enough to know when you don't know enough...

[camosoul]

people can't trust the network because it's run by fucktards

You said it...

Well, considering a generous portion of the general public falls within the "fucktards" category when it comes to security, this is inevitable. We need to find a feasible way to sponsor growth. Calling for "no help to n00bs to maintain a barrier to entry" is a good way to commit coin-cide.

If masternode adoption were key to widespread use, you'd be right. But it's not. So you're wrong. It only needs 2000 +/- people on the entire planet to not be fucktards. It's a bit of a stretch, but I think it's possible that 2000 human beings out of the entire population of the planet are not fucktards. Maybe I'm just optimistic... ;-)

Didn't I just tell the whole thread that my seemingly god-like investment strategy is based on nothing but the inevitability of humans being stupid and simply being prepared for it when it strikes?

[falsealarm_bf]

i am surprised it took this long.

there have been people complaining for weeks that setting up the MN on Linux is too hard and they have been getting their hand held through the setup.

Another reason to establish a "foundation" organization. An entity can not only support beginner and intermediate investors with technology, but also provide monthly security, even hosting services to generate income for the Darkcoin community. We need to take the "foundation" organization need seriously or further incidents like this will result in an "implosion" of this coin like a dying star.

I disagree on the security aspect. We need to impart the understanding and the ability to stand alone with competence. Not pay someone else so operators can stay clueless. Clueless operators is the problem, not the manner in which they stay clueless.

Do you think all venture capitalists are CEHs, CISSPs, seasoned software architects when they go to invest in startups? No, there is a core group of technologists that support the decision making process. The foundation would do just that by promoting a secure baseline for all money coming into create the MN network. Host the damn nodes, scan, recommend POAM for investors if necessary which would be a great way to generate income also. You will not effectively stop the stupid from spinning up a MN, and today's turmoil is the best reason for there to be a singular voice behind it all.

[mrcashking]

Do you guys have a bounty for Twitter Promoter I am musician on twitter with about 60K mainstream followers and growing. I could help try to make DarkCoin trend worldwide on twitter.

@MrCashKing is my twitter handle.

[CatKiwi]

I don't have a clue how to set up a masternode - does that make me a 'fucktard' too?  I hold over 200 DRK and believe in this coin just as much those who are savvy with the technical side of things.

Teach us, educate us - don't turn people away who want to understand.