Pages:
Author

Topic: All my fairbrix just went somewhere by thremselves.....WTF! (Read 3531 times)

legendary
Activity: 2142
Merit: 1010
Newbie
I've just noticed a transaction I did not initiate appear in my Fairbrix client.
Can anyone elaborate on this?
Could this be some sort of evil malware (on ubuntu)?
here is a screenshot.
http://ubuntuone.com/4TvNQeG81UI5lU1jp9VJ24

Maybe http://blockexplorer.sytes.net/block/413976c9a943c084673af2d80e6da36cedd480b3013a415a50d70fad22ebe877 ?

See a fork in NEXT BLOCK section?
sr. member
Activity: 392
Merit: 250
lol I used to solomine litecoins with rpcallowip=*
I too thought that the worst that could happen would be for someone else to mine for me(don't think I forwarded the port on my router though) guess I got lucky.
Same here. There should be some kind of warning in the client when the configuration is clearly too open such as rpcallowip=*. I never thought RPC was for anything else than mining... I think I kept it at rpcallowip=127.0.0.1, though.
hero member
Activity: 686
Merit: 564
This problem really only affects fairbrix and tenebrix. Lolcust released tenebrix with a default config file that has a default rpcpassword and I didn't change it for fairbrix. There's a reason why bitcoin does not have a default rpc password and forces you to set one the first time you try to use RPC.
Solidcoin has a default rpcpassword too and you have to have one set if you want to mine solo using the built-in miner.
donator
Activity: 1654
Merit: 1351
Creator of Litecoin. Cryptocurrency enthusiast.
lol I used to solomine litecoins with rpcallowip=*
I too thought that the worst that could happen would be for someone else to mine for me(don't think I forwarded the port on my router though) guess I got lucky.

With litecoin, there's no default rpc password. So unless you set the password to something like "password", you are not that vulnerable. Of course, it's still not totally safe to do rpcallowip=*.
sr. member
Activity: 270
Merit: 250
lol I used to solomine litecoins with rpcallowip=*
I too thought that the worst that could happen would be for someone else to mine for me(don't think I forwarded the port on my router though) guess I got lucky.
donator
Activity: 1218
Merit: 1079
Gerald Davis

Personally I think an interim step would be a version which has IRC and an option (enabled/disabled) and a "forget all addresses" option to experiment w/ non-IRC node discovery.
You can remove the addr.dat file and run with the -noirc and -nodnsseed options to experiment right now.

I fixed the bootstrap-from-hard-coded seed node code a couple of months ago, so use a recent version of bitcoin to see it working properly.

Thanks I will check it out.
legendary
Activity: 1652
Merit: 2301
Chief Scientist

Personally I think an interim step would be a version which has IRC and an option (enabled/disabled) and a "forget all addresses" option to experiment w/ non-IRC node discovery.
You can remove the addr.dat file and run with the -noirc and -nodnsseed options to experiment right now.

I fixed the bootstrap-from-hard-coded seed node code a couple of months ago, so use a recent version of bitcoin to see it working properly.
legendary
Activity: 1078
Merit: 1005
All nodes broadcast addresses, it's trivial to collect a list of most connectable nodes on the network. Even with IRC disabled. You can then test each of these for an open JSON-RPC port with the default password. It's possible people are actively doing that.
donator
Activity: 1654
Merit: 1351
Creator of Litecoin. Cryptocurrency enthusiast.
This problem really only affects fairbrix and tenebrix. Lolcust released tenebrix with a default config file that has a default rpcpassword and I didn't change it for fairbrix. There's a reason why bitcoin does not have a default rpc password and forces you to set one the first time you try to use RPC.
donator
Activity: 1218
Merit: 1079
Gerald Davis
How will the client make its first connection then?

Two different methods:

It makes a DNS lookup of bitseed.xf2.org bitseed.bitcoin.org.uk dnsseed.bluematt.me
If it finds no connections it sequentially connects to a hard coded list of "last resort" IP addresses.

Once it finds a single active node it asks for all active nodes that node knows.  It then connects to each of those nodes and asks for all active nodes it knows.  Addresses are saved between sessions so this only applies to the initial boot ("cold boot into network").  It then broadcasts its address to all known nodes ever 24 hours.

IRC is still used but even in the current version is a "downgraded" it considers addresses found via IRC to be lower priority than addresses discovered by other methods.

Personally I think an interim step would be a version which has IRC and an option (enabled/disabled) and a "forget all addresses" option to experiment w/ non-IRC node discovery.
full member
Activity: 154
Merit: 102
Bitcoin!
How will the client make its first connection then?
donator
Activity: 1218
Merit: 1079
Gerald Davis
I do however have rpc open with default password.
My guess is that this was done by someone who already knew your IP and that you had fairbrix.
Maybe someone in the control of one of the other nodes his client was connected to or someone scrapping the IRC channel where almost all nodes bootstrap their initial connection?
I bet that are a lot of malicious nodes only getting connections to later scan the IP's and see if they can get some BTC. If they're doing it for shitbrix you can be certain they're doing it for Bitcoin and all other alt coins.

Totally possible. I've never liked the way BitCoin uses IRC to bootstrap.

Let this be yet another warning to everybody - Use a good quality password.



Good thing is neither do the developers.  My understanding is IRC is going to be removed from future version of the client as it is no longer needed.
sd
hero member
Activity: 730
Merit: 500
I do however have rpc open with default password.
My guess is that this was done by someone who already knew your IP and that you had fairbrix.
Maybe someone in the control of one of the other nodes his client was connected to or someone scrapping the IRC channel where almost all nodes bootstrap their initial connection?
I bet that are a lot of malicious nodes only getting connections to later scan the IP's and see if they can get some BTC. If they're doing it for shitbrix you can be certain they're doing it for Bitcoin and all other alt coins.

Totally possible. I've never liked the way BitCoin uses IRC to bootstrap.

Let this be yet another warning to everybody - Use a good quality password.

legendary
Activity: 1358
Merit: 1002
I do however have rpc open with default password.

The guy with the Simpsons picture is right, that was a very silly thing to do.

BUT.. Who took these coins? Are crooks actively scanning random IPs for alternative crypto-currency clients and trying default passwords? It's possible but it seems like a lot of effort for a very small gain. Someone could have scripted it but they would have gone after bitcoin or something else with real value.

My guess is that this was done by someone who already knew your IP and that you had fairbrix.

Maybe someone in the control of one of the other nodes his client was connected to or someone scrapping the IRC channel where almost all nodes bootstrap their initial connection?
I bet that are a lot of malicious nodes only getting connections to later scan the IP's and see if they can get some BTC. If they're doing it for shitbrix you can be certain they're doing it for Bitcoin and all other alt coins.
sd
hero member
Activity: 730
Merit: 500
I do however have rpc open with default password.

The guy with the Simpsons picture is right, that was a very silly thing to do.

BUT.. Who took these coins? Are crooks actively scanning random IPs for alternative crypto-currency clients and trying default passwords? It's possible but it seems like a lot of effort for a very small gain. Someone could have scripted it but they would have gone after bitcoin or something else with real value.

My guess is that this was done by someone who already knew your IP and that you had fairbrix.

donator
Activity: 1218
Merit: 1079
Gerald Davis
Well good lesson to learn with FBX i reckon!
I only opened the port so i could have a friend help me mine ages ago

I say you came out ahead.  If it prevents you from losing 10,000 BTC someday you should thank that scammer.

If you don't need RPC then turn it off.
If you do need RPC set a custom password and limit it to the localhost.
If you need RPC access from other machines in the localnet then limit it to locahost and the specific machines.
If you need RPC access from the public internet well maybe you should reconsider (or at least be aware of the significant risk).
legendary
Activity: 1358
Merit: 1002
Well good lesson to learn with FBX i reckon!
I only opened the port so i could have a friend help me mine ages ago

Yes, praise the Lord it wasn't something more valuable. Tongue
sr. member
Activity: 324
Merit: 250
Well good lesson to learn with FBX i reckon!
I only opened the port so i could have a friend help me mine ages ago
legendary
Activity: 1358
Merit: 1002
So you can remotely control the whole client over rpc?
Had i known this i woulda used a better password.

Yes, you can control everything the client does.
You could even use the default password, as long as you wouldn't accept connections from nothing else than localhost or a specific IP address(may be dangerous, not sure how easy it is to spoof an IP)
sr. member
Activity: 324
Merit: 250
So you can remotely control the whole client over rpc?
Had i known this i woulda used a better password.
Pages:
Jump to: