Bitcoin Forum
October 15, 2019, 07:41:44 AM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: I don't Want to Hack You  (Read 183 times)
Possum
Member
**
Offline Offline

Activity: 85
Merit: 10


View Profile
September 30, 2019, 07:31:25 PM
 #1

Hi

For my own education I am running a server from home on a raspberry Pi. Standard Vanilla. Apache, Mysql, php. I have a static PI address which I point to my Parked URL with GoDaddy and just want to see how far I can go with this set up as far as hits and programming.  

I would like to link to my URL here. But I'm not going to as I would hate to be hacked and my server could attack others.

I am very careful about security. But its a moving target. If you have any security Advice for me that would be great as you guys  need to protect your investments. That means you know your security.

I have a home server, static IP address pointed to a url

What could go wrong..?
1571125304
Hero Member
*
Offline Offline

Posts: 1571125304

View Profile Personal Message (Offline)

Ignore
1571125304
Reply with quote  #2

1571125304
Report to moderator
1571125304
Hero Member
*
Offline Offline

Posts: 1571125304

View Profile Personal Message (Offline)

Ignore
1571125304
Reply with quote  #2

1571125304
Report to moderator
The Bitcoin network protocol was designed to be extremely flexible. It can be used to create timed transactions, escrow transactions, multi-signature transactions, etc. The current features of the client only hint at what will be possible in the future.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1571125304
Hero Member
*
Offline Offline

Posts: 1571125304

View Profile Personal Message (Offline)

Ignore
1571125304
Reply with quote  #2

1571125304
Report to moderator
1571125304
Hero Member
*
Offline Offline

Posts: 1571125304

View Profile Personal Message (Offline)

Ignore
1571125304
Reply with quote  #2

1571125304
Report to moderator
1571125304
Hero Member
*
Offline Offline

Posts: 1571125304

View Profile Personal Message (Offline)

Ignore
1571125304
Reply with quote  #2

1571125304
Report to moderator
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 1526
Merit: 1320


https://bit.ly/2FR9nyn - free python tutorials


View Profile
September 30, 2019, 07:40:38 PM
 #2

What is your firewall setup? In my experience there are two extremes of modem firmware, one let's every port stay open and has a fairly awful firewall, another had it so you have to say which devices should be able to engage in receiving external traffic when they didn't make the connection first...

Do you have the domain set up to go to a socket [ip+port]? Linux is fairly secure as long as you haven't fiddled with permissions too much though the probability of you being hacked anyway  through bitcoin core are very low (nodes get ddosed now and then, if it was that easy to hack them why pay for a ddos).

I don't know of any vulnerabilities in php, I know sql can suffer from injections so it's worth protecting against that.

khaled0111
Hero Member
*****
Online Online

Activity: 854
Merit: 574


WOLF.BET - Provably Fair Dice Game


View Profile
October 01, 2019, 12:10:52 AM
 #3

Here is what a hacker will do, if you post your website link online:
- He will scan your website for vulnerabilities (SQL injections, RFI, CSS, RCE...)
- He will scan your server for vulnetabilities (open ports, some outdated programmes can be vulnerable).

All you can do is to use a good firewall and update all your softwares. If you are too skeptical, you can hire a white hacker to test how secure is your server.

Don't host your website on a shared hosting server.
Don't use free scripts.
Update all your softwares.
Close all ports you don't use.

.WOLF.BET.
▀  ▀▀▀▀▀▀
  ▀ ▀▀▀
 ▄ ▄▄▄   
  ▄ ▄▄▄
▄  ▄▄▄▄▄▄
        ▄▄▄▀▀▀▀▄▄▄
    ▄███▌        ▀▀▄
  ▄▀   ▐█████████▄  ▀▄
 ▄▀  ▄█████████████▄  █
 ▌  █████████████████  █
▐  ████████████████ ▄█
█  █████████████████████▌
▐  ██████████████████ ▀█▌
 ▌ ▐█████████████████▌ ▐▀
 █  ██████████████▀ ▄▀
  █   ███████████▀  ▄▀
   ▀▄▄██ ▀▀▀▀▀▀▀  ▄▄▀
     ▀██▄▄▄▄▄▄▄▄▀▀▀
▄███████████▄
███████    ████████████▄
███████    ███████   ▀██
██████████████████    ██
██    ██████████████████
██    ███████    ███████
█████████████    ███████
███████    █████████████
███████    ███████    ██
██████████████████   ▄██
██        ▀███████████▀
██
██
      ▄█▄         ▄█▄
 ▄██ ███ ███████ ███ ██▄
▐███▄ ▀ ▄███████▄ ▀ ▄███▌
▐█▌▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▐█▌
▐█▌   ▄▄▄▄▄▄▄▄        ▐█▌
▐█▌   ████████        ▐█▌
▐█▌       ███     ▄▄▀▀▀██▄
▐█▌      ███    ██▀      ▀█
▐█▌     ███    ███         █
▐█▌    ███     ███          █
 ██▄           ███▄         █
  ▀█████████████████▄     ▄█
                  ▀▀█████▀▀

████
██
██
██
██
██
██
██
██
██
██
████


.AFFILIATE PROGRAM.
   ...FREE FAUCET........
..CHAT RAIN.............
Khaos77
Member
**
Offline Offline

Activity: 294
Merit: 57

Flag Day ☺


View Profile
October 01, 2019, 02:13:27 AM
 #4

https://www.grc.com/x/ne.dll?bh0bkyd2

Quote
ShieldsUP

Test your Setup.  Smiley

Possum
Member
**
Offline Offline

Activity: 85
Merit: 10


View Profile
October 01, 2019, 02:53:47 AM
 #5

Quote
Shieldsup

Its was Steve Gibson of Security Now who got me into Bitcoins in the first place.

https://twit.tv/shows/security-now/episodes/287

I believe I have done the full circle now.
Thank You..
AverageGlabella
Sr. Member
****
Offline Offline

Activity: 419
Merit: 601


CryptoTalk.Org - Get Paid for every Post!


View Profile
October 02, 2019, 06:30:57 PM
Merited by Welsh (4), bones261 (4), hugeblack (1)
 #6

Only use scripts which you have developed yourself or open source software. The benefit of this is you know exactly what the code is and can scope out any back doors within the software. Open source software is usually more secure because developers can make a commit easily and patch out any known issues. This means that there will be hundreds of potential developers monitoring the software and code and updating it if necessary which is better than just you working on your own code.

Try avoiding javascript as much as possible on your website. Usually vulnerabilities are found exploiting javascript. It is probably worth mentioning that the host that you choose should be experienced, trustworthy and clued up on social engineering tactics. Some of the biggest websites in the world have been social engineered at some point and you want to limit that as much as possible. Hosting it yourself would be the best option as you are no longer relying on a third party and their weaknesses. However if you are not an experienced web host it is probably better to go with someone who has a little experience.

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
CryptoTalk.org| 
MAKE POSTS AND EARN BTC!
🏆
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!