It appears there is someone that is pulling all the masternodes from the wallet and running scripts on them to hack in.
Is this a surprise?
And in this case they was able to gain access via SSH, so it had nothing to do with problems in the wallet/daemon/masternode itself.
As suspected.
- The firewall was not running, so all ports were open
- Root access via SSH was allowed
- OpenSSL v1.0.1f was installed on the server
- The password to unlock the wallet was still in bash history command
- The root password was less than 8 characters
As suspected.
My recommendations:
- DO NOT allow root ssh access
- Only open port 9999 in your firewall to the world
- Only open port 22 (SSH) to a trusted ip
- Setup SSH to use certificates for logging in
- Do not run any application on the server that you dont have to
- Encrypt you wallet
- Clear your bash history
All common sense... It worries me that a rote list is being handed out. These are things a person should know if they're going to support the network...
If a person doesn't know this much already, they have no business running any server on the internet, much less a masternode. Following some rote guide line by line will only give them a false sense of security and no ability to handle the future.
Frankly, I'd prefer all ports but 9999 and TOR Listen be secured by port knocking. Re-direct all externally accessible services through TOR so that they only listen to localhost and no known .onion exists for those services to anyone but yourself. Since TOR uses renzdezvous points, the TOR port being open grants them access to none of the services passing through it, and no idea what the traffic is, where it goes, what it's for, etc... They can't protscan a port that doesn't exist. SOCKS5 stream for the win. Using TOR for this has massive advantages completely removed from it's anonymity/encryption/obfuscation functions.I re-route all my SSH through TOR. SSHD doesn't even listen to the NIC, localhost only. Also, the entire SSHD service is port knocked to trigger "service sshd start" on top of not even listening to the NIC... Run knock sequence then ssh through socat .onion... Nobody even knows it's there... Nobody knows the address but me. Logs can't even give me away since I'm coming in through tor... If only DPR had used his head... ;-)
his wallet address is XhGwaKJPMdqEyMU85QBReNNMzVGKDW2EPz
He learned the HARDWAY how not to setup your masternode. I will be putting together a list of things to check and an ISO and AMI for people to use with MOST of the issue addressed, you will still be responsible for checking any think I missed and verify it works for your setup.
His lose WILL help everyone else by showing what you MUST setup so please help him where you can. I will pull some together myself to send.
Pain is an excellent teacher. A smart man learns from his mistakes. A wise man learns from the mistakes of others. If you don't know what you're doing; don't!
It's sad and all, but I'm not sending him any welfare. I want him to learn. Let it hurt... Call me a meany poopie face if you want, but this was super extreme stupid. No excuse at all. If you don't know what youo're doing; don't. There is no guide that can teach you common sense. You MUST understand. There is no substitute.