Bitcoin Forum
December 08, 2016, 08:10:27 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: All my fairbrix just went somewhere by thremselves.....WTF!  (Read 3156 times)
caish5
Sr. Member
****
Offline Offline

Activity: 324



View Profile WWW
November 29, 2011, 02:11:38 PM
 #1

I've just noticed a transaction I did not initiate appear in my Fairbrix client.
Can anyone elaborate on this?
Could this be some sort of evil malware (on ubuntu)?
here is a screenshot.
http://ubuntuone.com/4TvNQeG81UI5lU1jp9VJ24

Bitvolcano YAC, BBQ and WDC P2Pools at http://bitvolcano.com
1481184627
Hero Member
*
Offline Offline

Posts: 1481184627

View Profile Personal Message (Offline)

Ignore
1481184627
Reply with quote  #2

1481184627
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
caish5
Sr. Member
****
Offline Offline

Activity: 324



View Profile WWW
November 29, 2011, 02:32:56 PM
 #2

All these coins are based on the same code.
What if BTC is next?

Bitvolcano YAC, BBQ and WDC P2Pools at http://bitvolcano.com
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
November 29, 2011, 02:35:56 PM
 #3

Don't you have a BTC client there too? I hope not, if it was some malware.
And are you sure you don't have RPC enabled? Like with a default user/pass?

I'm feeling bad for you if it is malware, but hell, it was only 60 bitcents they got.
Criminals are getting their hands dirty for nothing these days lol

caish5
Sr. Member
****
Offline Offline

Activity: 324



View Profile WWW
November 29, 2011, 02:40:09 PM
 #4

I don't have a btc client there.
I do however have rpc open with default password.
I never thought that was a problem
I thought at worst people could mine for me!

Bitvolcano YAC, BBQ and WDC P2Pools at http://bitvolcano.com
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
November 29, 2011, 02:41:51 PM
 #5

I don't have a btc client there.
I do however have rpc open with default password.
I never thought that was a problem
I thought at worst people could mine for me!


Maybe I'm beinga a bit harsh, after all I don't know if by open you mean accepting connections from any IP, like using a wildcard(*). If that was the case, well, the picture fully applies.

btc_artist
Full Member
***
Offline Offline

Activity: 154


Bitcoin!


View Profile WWW
November 29, 2011, 02:42:51 PM
 #6

Hmmmm

BTC: 1CDCLDBHbAzHyYUkk1wYHPYmrtDZNhk8zf
LTC: LMS7SqZJnqzxo76iDSEua33WCyYZdjaQoE
caish5
Sr. Member
****
Offline Offline

Activity: 324



View Profile WWW
November 29, 2011, 02:46:47 PM
 #7

So you can remotely control the whole client over rpc?
Had i known this i woulda used a better password.

Bitvolcano YAC, BBQ and WDC P2Pools at http://bitvolcano.com
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
November 29, 2011, 02:49:18 PM
 #8

So you can remotely control the whole client over rpc?
Had i known this i woulda used a better password.

Yes, you can control everything the client does.
You could even use the default password, as long as you wouldn't accept connections from nothing else than localhost or a specific IP address(may be dangerous, not sure how easy it is to spoof an IP)

caish5
Sr. Member
****
Offline Offline

Activity: 324



View Profile WWW
November 29, 2011, 02:51:10 PM
 #9

Well good lesson to learn with FBX i reckon!
I only opened the port so i could have a friend help me mine ages ago

Bitvolcano YAC, BBQ and WDC P2Pools at http://bitvolcano.com
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
November 29, 2011, 02:52:23 PM
 #10

Well good lesson to learn with FBX i reckon!
I only opened the port so i could have a friend help me mine ages ago

Yes, praise the Lord it wasn't something more valuable. Tongue

DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
November 29, 2011, 02:57:58 PM
 #11

Well good lesson to learn with FBX i reckon!
I only opened the port so i could have a friend help me mine ages ago

I say you came out ahead.  If it prevents you from losing 10,000 BTC someday you should thank that scammer.

If you don't need RPC then turn it off.
If you do need RPC set a custom password and limit it to the localhost.
If you need RPC access from other machines in the localnet then limit it to locahost and the specific machines.
If you need RPC access from the public internet well maybe you should reconsider (or at least be aware of the significant risk).
sd
Hero Member
*****
Offline Offline

Activity: 730



View Profile
November 29, 2011, 08:09:29 PM
 #12

I do however have rpc open with default password.

The guy with the Simpsons picture is right, that was a very silly thing to do.

BUT.. Who took these coins? Are crooks actively scanning random IPs for alternative crypto-currency clients and trying default passwords? It's possible but it seems like a lot of effort for a very small gain. Someone could have scripted it but they would have gone after bitcoin or something else with real value.

My guess is that this was done by someone who already knew your IP and that you had fairbrix.

Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
November 29, 2011, 08:13:08 PM
 #13

I do however have rpc open with default password.

The guy with the Simpsons picture is right, that was a very silly thing to do.

BUT.. Who took these coins? Are crooks actively scanning random IPs for alternative crypto-currency clients and trying default passwords? It's possible but it seems like a lot of effort for a very small gain. Someone could have scripted it but they would have gone after bitcoin or something else with real value.

My guess is that this was done by someone who already knew your IP and that you had fairbrix.

Maybe someone in the control of one of the other nodes his client was connected to or someone scrapping the IRC channel where almost all nodes bootstrap their initial connection?
I bet that are a lot of malicious nodes only getting connections to later scan the IP's and see if they can get some BTC. If they're doing it for shitbrix you can be certain they're doing it for Bitcoin and all other alt coins.

sd
Hero Member
*****
Offline Offline

Activity: 730



View Profile
November 29, 2011, 08:26:05 PM
 #14

I do however have rpc open with default password.
My guess is that this was done by someone who already knew your IP and that you had fairbrix.
Maybe someone in the control of one of the other nodes his client was connected to or someone scrapping the IRC channel where almost all nodes bootstrap their initial connection?
I bet that are a lot of malicious nodes only getting connections to later scan the IP's and see if they can get some BTC. If they're doing it for shitbrix you can be certain they're doing it for Bitcoin and all other alt coins.

Totally possible. I've never liked the way BitCoin uses IRC to bootstrap.

Let this be yet another warning to everybody - Use a good quality password.

DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
November 29, 2011, 08:36:05 PM
 #15

I do however have rpc open with default password.
My guess is that this was done by someone who already knew your IP and that you had fairbrix.
Maybe someone in the control of one of the other nodes his client was connected to or someone scrapping the IRC channel where almost all nodes bootstrap their initial connection?
I bet that are a lot of malicious nodes only getting connections to later scan the IP's and see if they can get some BTC. If they're doing it for shitbrix you can be certain they're doing it for Bitcoin and all other alt coins.

Totally possible. I've never liked the way BitCoin uses IRC to bootstrap.

Let this be yet another warning to everybody - Use a good quality password.



Good thing is neither do the developers.  My understanding is IRC is going to be removed from future version of the client as it is no longer needed.
btc_artist
Full Member
***
Offline Offline

Activity: 154


Bitcoin!


View Profile WWW
November 29, 2011, 11:28:28 PM
 #16

How will the client make its first connection then?

BTC: 1CDCLDBHbAzHyYUkk1wYHPYmrtDZNhk8zf
LTC: LMS7SqZJnqzxo76iDSEua33WCyYZdjaQoE
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
November 29, 2011, 11:32:50 PM
 #17

How will the client make its first connection then?

Two different methods:

It makes a DNS lookup of bitseed.xf2.org bitseed.bitcoin.org.uk dnsseed.bluematt.me
If it finds no connections it sequentially connects to a hard coded list of "last resort" IP addresses.

Once it finds a single active node it asks for all active nodes that node knows.  It then connects to each of those nodes and asks for all active nodes it knows.  Addresses are saved between sessions so this only applies to the initial boot ("cold boot into network").  It then broadcasts its address to all known nodes ever 24 hours.

IRC is still used but even in the current version is a "downgraded" it considers addresses found via IRC to be lower priority than addresses discovered by other methods.

Personally I think an interim step would be a version which has IRC and an option (enabled/disabled) and a "forget all addresses" option to experiment w/ non-IRC node discovery.
coblee
Donator
Legendary
*
Offline Offline

Activity: 1078


firstbits.com/1ce5j


View Profile WWW
November 30, 2011, 01:03:35 AM
 #18

This problem really only affects fairbrix and tenebrix. Lolcust released tenebrix with a default config file that has a default rpcpassword and I didn't change it for fairbrix. There's a reason why bitcoin does not have a default rpc password and forces you to set one the first time you try to use RPC.

doublec
Legendary
*
Offline Offline

Activity: 1078


View Profile
November 30, 2011, 01:28:20 AM
 #19

All nodes broadcast addresses, it's trivial to collect a list of most connectable nodes on the network. Even with IRC disabled. You can then test each of these for an open JSON-RPC port with the default password. It's possible people are actively doing that.
Gavin Andresen
Legendary
*
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW
November 30, 2011, 02:37:36 AM
 #20


Personally I think an interim step would be a version which has IRC and an option (enabled/disabled) and a "forget all addresses" option to experiment w/ non-IRC node discovery.
You can remove the addr.dat file and run with the -noirc and -nodnsseed options to experiment right now.

I fixed the bootstrap-from-hard-coded seed node code a couple of months ago, so use a recent version of bitcoin to see it working properly.

How often do you get the chance to work on a potentially world-changing project?
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!