Bitcoin Forum
December 05, 2016, 04:41:18 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: bitcoin server crash..  (Read 1171 times)
fffeee
Member
**
Offline Offline

Activity: 70


View Profile WWW
June 01, 2012, 09:14:58 AM
 #1

Did anyone experience the same? Bitcoin server crashes for some unknown reason?

Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins..

Is there any help out there?  Huh

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
June 01, 2012, 02:45:16 PM
 #2

Did anyone experience the same? Bitcoin server crashes for some unknown reason?

Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins..

Is there any help out there?  Huh

your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now!

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
June 01, 2012, 02:46:42 PM
 #3

or even sudo user.
And how would you do that mr security expert ? Smiley

fffeee
Member
**
Offline Offline

Activity: 70


View Profile WWW
June 01, 2012, 03:19:34 PM
 #4

Did anyone experience the same? Bitcoin server crashes for some unknown reason?

Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins..

Is there any help out there?  Huh

your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now!

There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue..
But I hope it is gone now.. Wink

gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
June 01, 2012, 03:32:28 PM
 #5

or even sudo user.
And how would you do that mr security expert ? Smiley

easy, block them from accessing the bitcoind using chmod so only root (who should be the owner) can execute, and in the sudoers file you can block it so it becomes a root only command, I have done this before for clients Smiley

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
June 01, 2012, 03:34:58 PM
 #6

Did anyone experience the same? Bitcoin server crashes for some unknown reason?

Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins..

Is there any help out there?  Huh

your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now!

There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue..
But I hope it is gone now.. Wink

it was security issue in your code, and these things just don't go away you better start auditing it and making sure that is was the issue you were thinking

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
fffeee
Member
**
Offline Offline

Activity: 70


View Profile WWW
June 01, 2012, 03:40:01 PM
 #7

Did anyone experience the same? Bitcoin server crashes for some unknown reason?

Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins..

Is there any help out there?  Huh

your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now!

There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue..
But I hope it is gone now.. Wink

it was security issue in your code, and these things just don't go away you better start auditing it and making sure that is was the issue you were thinking

I already did.. or do you know more about it?!Do you know where to look for?

gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
June 01, 2012, 03:50:34 PM
 #8

Did anyone experience the same? Bitcoin server crashes for some unknown reason?

Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins..

Is there any help out there?  Huh

your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now!

There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue..
But I hope it is gone now.. Wink

it was security issue in your code, and these things just don't go away you better start auditing it and making sure that is was the issue you were thinking

I already did.. or do you know more about it?!Do you know where to look for?

you should have a database on your side that keeps track of the times for every ip that comes on the site, this looks like some kid found out a part of your script that doesn't do what you thought it did, I would suggest you do more testing to make sure, all your links and scripts are being secured from the outside so they can't be runned by any ip but only by other scripts, add tokens to make sure they person is who they are. things like that

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
fffeee
Member
**
Offline Offline

Activity: 70


View Profile WWW
June 01, 2012, 03:58:09 PM
 #9

Did anyone experience the same? Bitcoin server crashes for some unknown reason?

Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins..

Is there any help out there?  Huh

your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now!

There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue..
But I hope it is gone now.. Wink

it was security issue in your code, and these things just don't go away you better start auditing it and making sure that is was the issue you were thinking

I already did.. or do you know more about it?!Do you know where to look for?

you should have a database on your side that keeps track of the times for every ip that comes on the site, this looks like some kid found out a part of your script that doesn't do what you thought it did, I would suggest you do more testing to make sure, all your links and scripts are being secured from the outside so they can't be runned by any ip but only by other scripts, add tokens to make sure they person is who they are. things like that

this database already exists.. I also use 2 analysis tools to get notice of the ip addresses.
What exactly do you mean by tokens?

Bitsky
Hero Member
*****
Offline Offline

Activity: 542


View Profile
June 01, 2012, 04:09:18 PM
 #10

easy, block them from accessing the bitcoind using chmod so only root (who should be the owner) can execute, and in the sudoers file you can block it so it becomes a root only command, I have done this before for clients Smiley
So you're saying that running bitcoind as root is more secure than running it under a less-privileged user?

you should have a database on your side that keeps track of the times for every ip that comes on the site, this looks like some kid found out a part of your script that doesn't do what you thought it did, I would suggest you do more testing to make sure, all your links and scripts are being secured from the outside so they can't be runned by any ip but only by other scripts, add tokens to make sure they person is who they are. things like that
Links secured from the outside? That doesn't make any sense to me. Scripts and includes which are not meant to be accessible via the browser simply aren't stored in the docroot.
All security won't help you if there's a bug in the source, no input validation, or a way to interact with the site that was not considered by the developer.

Bounty: Earn up to 68.7 BTC
Like my post? Feel free to drop a tip to 1BitskyZbfR4irjyXDaGAM2wYKQknwX36Y
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
June 01, 2012, 04:11:24 PM
 #11

Did anyone experience the same? Bitcoin server crashes for some unknown reason?

Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins..

Is there any help out there?  Huh

your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now!

There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue..
But I hope it is gone now.. Wink

it was security issue in your code, and these things just don't go away you better start auditing it and making sure that is was the issue you were thinking

I already did.. or do you know more about it?!Do you know where to look for?

you should have a database on your side that keeps track of the times for every ip that comes on the site, this looks like some kid found out a part of your script that doesn't do what you thought it did, I would suggest you do more testing to make sure, all your links and scripts are being secured from the outside so they can't be runned by any ip but only by other scripts, add tokens to make sure they person is who they are. things like that

this database already exists.. I also use 2 analysis tools to get notice of the ip addresses.
What exactly do you mean by tokens?

tokens are like a one way fuction and are sent with the request so they can't just access the script without the token so you know if they are using the site or if they directly contacting the script that sends out the bitcoins

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
June 01, 2012, 04:14:02 PM
 #12

easy, block them from accessing the bitcoind using chmod so only root (who should be the owner) can execute, and in the sudoers file you can block it so it becomes a root only command, I have done this before for clients Smiley
So you're saying that running bitcoind as root is more secure than running it under a less-privileged user?
no run bitcoind under it's own user but you still need to have access to it to send commands those should be done only on root

you should have a database on your side that keeps track of the times for every ip that comes on the site, this looks like some kid found out a part of your script that doesn't do what you thought it did, I would suggest you do more testing to make sure, all your links and scripts are being secured from the outside so they can't be runned by any ip but only by other scripts, add tokens to make sure they person is who they are. things like that
Links secured from the outside? That doesn't make any sense to me. Scripts and includes which are not meant to be accessible via the browser simply aren't stored in the docroot.
All security won't help you if there's a bug in the source, no input validation, or a way to interact with the site that was not considered by the developer.
[/quote]

True, but it sounds like the scripts were accessed directly instead of thru the site js

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
Gavin Andresen
Legendary
*
qt
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW
June 01, 2012, 06:02:26 PM
 #13

no run bitcoind under it's own user but you still need to have access to it to send commands those should be done only on root

Ummm....

When you run something like: 
Code:
bitcoind getinfo

... bitcoind creates a network connection to localhost:rpcport and talks to the running bitcoind process via the JSON-RPC protocol.

So it doesn't matter what user the
Code:
bitcoind getinfo
process is running as, what matters is securing access to the JSON-RPC network port, keeping the rpcpassword a secret, and preventing attackers from getting in and copying wallet.dat.

How often do you get the chance to work on a potentially world-changing project?
Bitsky
Hero Member
*****
Offline Offline

Activity: 542


View Profile
June 01, 2012, 06:43:06 PM
 #14

True, but it sounds like the scripts were accessed directly instead of thru the site js
What scripts are we talking about here anyway?

Bounty: Earn up to 68.7 BTC
Like my post? Feel free to drop a tip to 1BitskyZbfR4irjyXDaGAM2wYKQknwX36Y
fffeee
Member
**
Offline Offline

Activity: 70


View Profile WWW
June 01, 2012, 07:02:23 PM
 #15

We are talking about the scripts running on fiveminutecoin.com

Bitsky
Hero Member
*****
Offline Offline

Activity: 542


View Profile
June 01, 2012, 08:40:47 PM
 #16

We are talking about the scripts running on fiveminutecoin.com
Obviously.

However, I don't see how it matters to talk about access restrictions to scripts.
If a script should not be accessible via browser, it should be outside docroot.
If a script is in docroot, the developer has to sanatize any possible input.

Bounty: Earn up to 68.7 BTC
Like my post? Feel free to drop a tip to 1BitskyZbfR4irjyXDaGAM2wYKQknwX36Y
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!