Topic: [ANN] Sia - Decentralized Storage - page 327. (Read 1382191 times)

As you probably later read I did create new installs of my wallet yet the attacked managed to get to them too.
Maybe once compromised my local network remains vulnerable to the attacker IDK too.
When I set my wallet to localhost I can only mine with the local rig, other rigs on the same network can not find the wallet on the rig that it is installed... IDK why I have to bind it to the physical local address 192.168...:port instead of localhost:port
Also I get different balances and transactions when running the same wallet on different computers and get some weird transactions of -0.03 SIA or 0.00 SIA even on not compromised wallets... wtf?

You should address those issues, basically your coin is not mineable except on localhost, when using SSL tuneling or when lucky. If I can be of any assistance (mainly with more info PM me)

Upgrade to v 1.0.0 is mandatory?

If I want to create a farm machine is there a startup for dummies I can follow?

So basically you downloaded a malicious miner. Why not use the official miner and start a new wallet that has not been compromised? I have seen several posts here where it has been asked if the person used the "official" miner and the answer has either been a no or not answered at all. Very strange.

The attacker is able to continue stealing because they were able to get your wallet seed. The only way to protect your coins is to create a new wallet with a new seed and to transfer all of your old coins to that wallet.


You are using the old GUI, which has a few bugs with regards to the way it displays the transaction. I'm not sure why it distinguishes them that way, as the person who wrote our GUI is gone. My best advice is that you shouldn't use v0.5.2 GUI and instead stick to the command line. The v1.0.0 GUI will be out sometime tomorrow barring some major incident.

----------------------------

I cannot verify that your internal connection is secure. I know that miners using only localhost have not been having problems. If the attacker is able to get past your firewall in any way, that may be enough for them to get access to your wallet api. I am not sure. If you exposing your api port over anything other than localhost, you are putting yourself at risk. Some people know enough about network security to do this safely, but if you can't say with certainty that you know how to expose your api in a secure way, you should not be doing it.

We're looking at ways to make things more secure out-of-the-box, but security is very difficult and it's not something we can clean up in just a few days. There are a few things we can do but a sufficiently good attacker has a lot of tools to break into an exposed api. Simply adding a password may not be sufficient, and there are some significant issues with implementing TLS into the api - namely, you need a way to give both sides a key, and simply using Diffie-Helman isn't good enough because you have to distinguish between an attacker and your own client. Websites don't have this issue because they have user accounts.

On the bright side, a few miners have reported that the weird transactions listed in the v0.5.2 GUI were not actually stolen transactions. On the less bright side, miners who are CLI-only have reported stolen coins. Yours might be in the former category.

Most of the answers you may find here:-

https://www.reddit.com/r/siacoin/comments/4o1tu4/we_are_the_sia_core_team_aua/

Regards

will it be easy for non devs to farm out space on their drives?

If you get complaint you can erase illegal files. You can also provide those parts of encrypted files to the goverment if they ask but they wont be able to use them.

If I participate as a host, how do I escape legal liability if illegal files are found in the "SIA" partition of my hard drive?

Tomorrow is a big day for Siacoin! I really hope wallet launching will go ok and the mainstream media will get the news about decenralised, encrypted hosting which is cheaper than Google and Amazon!

I am using Sia-v0.6.0-beta-windows-amd64 original (btw the intel version always crashes around block 37000, so using a AMD PC for server).
I am binding siad to internalIP:port and starting to mine.
I than copied my wallet on my own PC with Sia-UI-win32-x64 original GUI for easy use.
I am mining at a business center I think they have some protection but IDK. I am using Win8.1 and I have to allow siad in my firewall so basically I don't think I have any protection.
All ports are closed now but when I got my first block stolen a few days back I was mining over the internet and there was a port to my siad, so attacker might know my IP but everything is closed now (learned from my mistake), and I am using a new wallet on a different PC.
I don't think miner software is to blame! This is the third time this has happened. First two I used GOminer from a friend I thrust, last time used my own build from official miner.

Before I start mining I send to my wallet some Siacoins for testing end even before I caught my first block they got transferred  without me issuing a transfer.
The weird thing is (PLEASE EXPLAIN THIS) is why the hacker transaction gets displayed with a red $ instead of a red heart in the GUI wallet?

I have been hacked 4 times now and got two blocks stolen
Only wallets that haven't been hacked are the once mining at LOCALHOST and the once that are not mining (they are in the same building)

Re: explorer - https://forum.sia.tech/topic/219/sia-explorer/3

It's about time for the devs to explain why the blockchain explorer is offline.

Check your ports. What software are you using? If you are not using the official miner binaries, there may be malware. But more likely, the attacker has somehow gotten past your firewall some other way and is able to query your network. We've only had reports of miners getting their coins stolen. Most up until this point have later confessed that they were serving the API over the public internet with their wallet unlocked. (Wallet does need to be unlocked to mine - this is something we can address, but it will take time).

The first reports of theft were only a few weeks ago. It's a new set of attacks, but largely the problem seems to be miners doing insecure practices.

I want to work with you to figure out how the attacker is getting access to your wallet. You need to know though, that after the attacker has stolen coins once, he will be able to steal them again as many times as he wants without access to your API, because the attacker will have the wallet seed. Once the attacks start, the only protection is to get a completely new wallet and hope you can transfer your coins to it before the attacker takes them.

Can you tell me more about the attack though? How many coins are getting stolen? Are you using the v0.5.2 GUI, because that has some bugs in the way it talks to the wallet, and sometimes reports transactions as 'negative' erroneously. The best way to know your balance and know the status of the miner is to use `siac`.

How is it not a security vulnerability?!  
I am mining with 5-6 rigs locally, I am not using a public IP:port and port forwarding or SSL tunneling, but mining on a local network.Yet still the attacker is able to steal my coins.
Only way he can not steal them (I think he cant) is when mining on LOCALHOST, and wallets that are not used for mining at least for now are protected.

You are talking about releasing v1.0 of a wallet which is 100% hack-able ... wtf... let alone creating a pool.

Hey, developer here.

The best I can tell, most miners who are having blocks stolen from them are exposing their API over the public Internet. If you run `siad -a ipaddress:port`, anyone on the internet can see your API and take your coins. Some attacker is scanning the nodes on the network and looking for miners who have improperly configured their siad.

That's not a security vulnerability as much as it is a usability problem. You are essentially giving the attacker your seed, password, and full access to your wallet, your files, and your whole Sia identity when you this.

IDK if GOminer originally has this vulnerability or if at all it is GOminer but he is right.
Someone is stealing mined blocks like hot bread, maybe there are hacked builds over the net, but miners have reported to me dozens of stolen block rewards.
Immediately after the 144th confirmation the block reward gets transferred with a red $ icon instead of red heart in the GUI wallet, the console wallet shows it as a normal transaction (IDK what the difference is) and with the block chain conveniently not working it is impossible to know.

I think it is time the developers address this issue!

How to save a backup of the wallet?

I must say that a lot of people do not know how to build gominer resulting in them looking for binaries through other sources.
I'll start publishing binaries when the current development version turns out to be stable.

Seriously dude, gominer is open source and the reason there are no binaries released is exactly to prevent stupid statements like this.
Read through the code yourself, it are only a few files in go code and validate yourself that the above statement is bullshit.