Author

Topic: bitcoin server crash.. (Read 1374 times)

legendary
Activity: 1498
Merit: 1000
June 01, 2012, 11:14:02 AM
#12
easy, block them from accessing the bitcoind using chmod so only root (who should be the owner) can execute, and in the sudoers file you can block it so it becomes a root only command, I have done this before for clients Smiley
So you're saying that running bitcoind as root is more secure than running it under a less-privileged user?
no run bitcoind under it's own user but you still need to have access to it to send commands those should be done only on root

you should have a database on your side that keeps track of the times for every ip that comes on the site, this looks like some kid found out a part of your script that doesn't do what you thought it did, I would suggest you do more testing to make sure, all your links and scripts are being secured from the outside so they can't be runned by any ip but only by other scripts, add tokens to make sure they person is who they are. things like that
Links secured from the outside? That doesn't make any sense to me. Scripts and includes which are not meant to be accessible via the browser simply aren't stored in the docroot.
All security won't help you if there's a bug in the source, no input validation, or a way to interact with the site that was not considered by the developer.
[/quote]

True, but it sounds like the scripts were accessed directly instead of thru the site js
legendary
Activity: 1498
Merit: 1000
June 01, 2012, 11:11:24 AM
#11
Did anyone experience the same? Bitcoin server crashes for some unknown reason?

Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins..

Is there any help out there?  Huh

your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now!

There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue..
But I hope it is gone now.. Wink

it was security issue in your code, and these things just don't go away you better start auditing it and making sure that is was the issue you were thinking

I already did.. or do you know more about it?!Do you know where to look for?

you should have a database on your side that keeps track of the times for every ip that comes on the site, this looks like some kid found out a part of your script that doesn't do what you thought it did, I would suggest you do more testing to make sure, all your links and scripts are being secured from the outside so they can't be runned by any ip but only by other scripts, add tokens to make sure they person is who they are. things like that

this database already exists.. I also use 2 analysis tools to get notice of the ip addresses.
What exactly do you mean by tokens?

tokens are like a one way fuction and are sent with the request so they can't just access the script without the token so you know if they are using the site or if they directly contacting the script that sends out the bitcoins
hero member
Activity: 576
Merit: 514
June 01, 2012, 03:40:47 PM
#10
We are talking about the scripts running on fiveminutecoin.com
Obviously.

However, I don't see how it matters to talk about access restrictions to scripts.
If a script should not be accessible via browser, it should be outside docroot.
If a script is in docroot, the developer has to sanatize any possible input.
member
Activity: 70
Merit: 10
June 01, 2012, 02:02:23 PM
#9
We are talking about the scripts running on fiveminutecoin.com
hero member
Activity: 576
Merit: 514
June 01, 2012, 01:43:06 PM
#8
True, but it sounds like the scripts were accessed directly instead of thru the site js
What scripts are we talking about here anyway?
legendary
Activity: 1652
Merit: 2301
Chief Scientist
June 01, 2012, 01:02:26 PM
#7
no run bitcoind under it's own user but you still need to have access to it to send commands those should be done only on root

Ummm....

When you run something like: 
Code:
bitcoind getinfo

... bitcoind creates a network connection to localhost:rpcport and talks to the running bitcoind process via the JSON-RPC protocol.

So it doesn't matter what user the
Code:
bitcoind getinfo
process is running as, what matters is securing access to the JSON-RPC network port, keeping the rpcpassword a secret, and preventing attackers from getting in and copying wallet.dat.
hero member
Activity: 576
Merit: 514
June 01, 2012, 11:09:18 AM
#6
easy, block them from accessing the bitcoind using chmod so only root (who should be the owner) can execute, and in the sudoers file you can block it so it becomes a root only command, I have done this before for clients Smiley
So you're saying that running bitcoind as root is more secure than running it under a less-privileged user?

you should have a database on your side that keeps track of the times for every ip that comes on the site, this looks like some kid found out a part of your script that doesn't do what you thought it did, I would suggest you do more testing to make sure, all your links and scripts are being secured from the outside so they can't be runned by any ip but only by other scripts, add tokens to make sure they person is who they are. things like that
Links secured from the outside? That doesn't make any sense to me. Scripts and includes which are not meant to be accessible via the browser simply aren't stored in the docroot.
All security won't help you if there's a bug in the source, no input validation, or a way to interact with the site that was not considered by the developer.
member
Activity: 70
Merit: 10
June 01, 2012, 10:58:09 AM
#5
Did anyone experience the same? Bitcoin server crashes for some unknown reason?

Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins..

Is there any help out there?  Huh

your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now!

There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue..
But I hope it is gone now.. Wink

it was security issue in your code, and these things just don't go away you better start auditing it and making sure that is was the issue you were thinking

I already did.. or do you know more about it?!Do you know where to look for?

you should have a database on your side that keeps track of the times for every ip that comes on the site, this looks like some kid found out a part of your script that doesn't do what you thought it did, I would suggest you do more testing to make sure, all your links and scripts are being secured from the outside so they can't be runned by any ip but only by other scripts, add tokens to make sure they person is who they are. things like that

this database already exists.. I also use 2 analysis tools to get notice of the ip addresses.
What exactly do you mean by tokens?
member
Activity: 70
Merit: 10
June 01, 2012, 10:40:01 AM
#4
Did anyone experience the same? Bitcoin server crashes for some unknown reason?

Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins..

Is there any help out there?  Huh

your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now!

There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue..
But I hope it is gone now.. Wink

it was security issue in your code, and these things just don't go away you better start auditing it and making sure that is was the issue you were thinking

I already did.. or do you know more about it?!Do you know where to look for?
member
Activity: 70
Merit: 10
June 01, 2012, 10:19:34 AM
#3
Did anyone experience the same? Bitcoin server crashes for some unknown reason?

Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins..

Is there any help out there?  Huh

your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now!

There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue..
But I hope it is gone now.. Wink
legendary
Activity: 1372
Merit: 1008
1davout
June 01, 2012, 09:46:42 AM
#2
or even sudo user.
And how would you do that mr security expert ? Smiley
member
Activity: 70
Merit: 10
June 01, 2012, 04:14:58 AM
#1
Did anyone experience the same? Bitcoin server crashes for some unknown reason?

Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins..

Is there any help out there?  Huh
Jump to: