bitcoin server crash..

[fffeee]

Did anyone experience the same? Bitcoin server crashes for some unknown reason?

Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins..

Is there any help out there? 

[1714137138]

1714137138

[1714137138]

1714137138

[1714137138]

1714137138

[1714137138]

1714137138

[davout]

or even sudo user.

And how would you do that mr security expert ?

[fffeee]

Did anyone experience the same? Bitcoin server crashes for some unknown reason?

Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins..

Is there any help out there? 

your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now!

There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue..
But I hope it is gone now..

[fffeee]

Did anyone experience the same? Bitcoin server crashes for some unknown reason?

Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins..

Is there any help out there? 

your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now!

There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue..
But I hope it is gone now..

it was security issue in your code, and these things just don't go away you better start auditing it and making sure that is was the issue you were thinking

I already did.. or do you know more about it?!Do you know where to look for?

[fffeee]

Did anyone experience the same? Bitcoin server crashes for some unknown reason?

Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins..

Is there any help out there? 

your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now!

There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue..
But I hope it is gone now..

it was security issue in your code, and these things just don't go away you better start auditing it and making sure that is was the issue you were thinking

I already did.. or do you know more about it?!Do you know where to look for?

you should have a database on your side that keeps track of the times for every ip that comes on the site, this looks like some kid found out a part of your script that doesn't do what you thought it did, I would suggest you do more testing to make sure, all your links and scripts are being secured from the outside so they can't be runned by any ip but only by other scripts, add tokens to make sure they person is who they are. things like that

this database already exists.. I also use 2 analysis tools to get notice of the ip addresses.
What exactly do you mean by tokens?

[Bitsky]

easy, block them from accessing the bitcoind using chmod so only root (who should be the owner) can execute, and in the sudoers file you can block it so it becomes a root only command, I have done this before for clients

So you're saying that running bitcoind as root is more secure than running it under a less-privileged user?

you should have a database on your side that keeps track of the times for every ip that comes on the site, this looks like some kid found out a part of your script that doesn't do what you thought it did, I would suggest you do more testing to make sure, all your links and scripts are being secured from the outside so they can't be runned by any ip but only by other scripts, add tokens to make sure they person is who they are. things like that

Links secured from the outside? That doesn't make any sense to me. Scripts and includes which are not meant to be accessible via the browser simply aren't stored in the docroot.
All security won't help you if there's a bug in the source, no input validation, or a way to interact with the site that was not considered by the developer.

[Gavin Andresen]

no run bitcoind under it's own user but you still need to have access to it to send commands those should be done only on root

Ummm....

When you run something like: 

Code:

bitcoind getinfo

... bitcoind creates a network connection to localhost:rpcport and talks to the running bitcoind process via the JSON-RPC protocol.

So it doesn't matter what user the

Code:

bitcoind getinfo

process is running as, what matters is securing access to the JSON-RPC network port, keeping the rpcpassword a secret, and preventing attackers from getting in and copying wallet.dat.

[Bitsky]

True, but it sounds like the scripts were accessed directly instead of thru the site js

What scripts are we talking about here anyway?

[fffeee]

We are talking about the scripts running on fiveminutecoin.com

[Bitsky]

We are talking about the scripts running on fiveminutecoin.com

Obviously.

However, I don't see how it matters to talk about access restrictions to scripts.
If a script should not be accessible via browser, it should be outside docroot.
If a script is in docroot, the developer has to sanatize any possible input.