fffeee (OP)
|
|
June 01, 2012, 09:14:58 AM Last edit: June 01, 2012, 09:42:07 AM by fffeee |
|
Did anyone experience the same? Bitcoin server crashes for some unknown reason? Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins.. Is there any help out there?
|
|
|
|
|
|
|
|
|
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, which will follow the rules of the network no matter what miners do. Even if every miner decided to create 1000 bitcoins per block, full nodes would stick to the rules and reject those blocks.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1007
1davout
|
|
June 01, 2012, 02:46:42 PM |
|
or even sudo user.
And how would you do that mr security expert ?
|
|
|
|
fffeee (OP)
|
|
June 01, 2012, 03:19:34 PM |
|
Did anyone experience the same? Bitcoin server crashes for some unknown reason? Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins.. Is there any help out there? your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now! There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue.. But I hope it is gone now..
|
|
|
|
fffeee (OP)
|
|
June 01, 2012, 03:40:01 PM |
|
Did anyone experience the same? Bitcoin server crashes for some unknown reason? Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins.. Is there any help out there? your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now! There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue.. But I hope it is gone now.. it was security issue in your code, and these things just don't go away you better start auditing it and making sure that is was the issue you were thinking I already did.. or do you know more about it?!Do you know where to look for?
|
|
|
|
fffeee (OP)
|
|
June 01, 2012, 03:58:09 PM |
|
Did anyone experience the same? Bitcoin server crashes for some unknown reason? Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins.. Is there any help out there? your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now! There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue.. But I hope it is gone now.. it was security issue in your code, and these things just don't go away you better start auditing it and making sure that is was the issue you were thinking I already did.. or do you know more about it?!Do you know where to look for? you should have a database on your side that keeps track of the times for every ip that comes on the site, this looks like some kid found out a part of your script that doesn't do what you thought it did, I would suggest you do more testing to make sure, all your links and scripts are being secured from the outside so they can't be runned by any ip but only by other scripts, add tokens to make sure they person is who they are. things like that this database already exists.. I also use 2 analysis tools to get notice of the ip addresses. What exactly do you mean by tokens?
|
|
|
|
Bitsky
|
|
June 01, 2012, 04:09:18 PM |
|
easy, block them from accessing the bitcoind using chmod so only root (who should be the owner) can execute, and in the sudoers file you can block it so it becomes a root only command, I have done this before for clients So you're saying that running bitcoind as root is more secure than running it under a less-privileged user? you should have a database on your side that keeps track of the times for every ip that comes on the site, this looks like some kid found out a part of your script that doesn't do what you thought it did, I would suggest you do more testing to make sure, all your links and scripts are being secured from the outside so they can't be runned by any ip but only by other scripts, add tokens to make sure they person is who they are. things like that
Links secured from the outside? That doesn't make any sense to me. Scripts and includes which are not meant to be accessible via the browser simply aren't stored in the docroot. All security won't help you if there's a bug in the source, no input validation, or a way to interact with the site that was not considered by the developer.
|
|
|
|
Gavin Andresen
Legendary
Offline
Activity: 1652
Merit: 2216
Chief Scientist
|
|
June 01, 2012, 06:02:26 PM |
|
no run bitcoind under it's own user but you still need to have access to it to send commands those should be done only on root
Ummm.... When you run something like: ... bitcoind creates a network connection to localhost:rpcport and talks to the running bitcoind process via the JSON-RPC protocol. So it doesn't matter what user the process is running as, what matters is securing access to the JSON-RPC network port, keeping the rpcpassword a secret, and preventing attackers from getting in and copying wallet.dat.
|
How often do you get the chance to work on a potentially world-changing project?
|
|
|
Bitsky
|
|
June 01, 2012, 06:43:06 PM |
|
True, but it sounds like the scripts were accessed directly instead of thru the site js
What scripts are we talking about here anyway?
|
|
|
|
fffeee (OP)
|
|
June 01, 2012, 07:02:23 PM |
|
We are talking about the scripts running on fiveminutecoin.com
|
|
|
|
Bitsky
|
|
June 01, 2012, 08:40:47 PM |
|
We are talking about the scripts running on fiveminutecoin.com
Obviously. However, I don't see how it matters to talk about access restrictions to scripts. If a script should not be accessible via browser, it should be outside docroot. If a script is in docroot, the developer has to sanatize any possible input.
|
|
|
|
|