Author

Topic: Is it really necessary to keep bitcoind on separate server? (Read 2248 times)

newbie
Activity: 16
Merit: 1
At the end of the day, if you know where your single point of failure/entry is, it is that point that you should secure to whatever degree is feasible in your situation. Web servers unfortunately have tons of attack vectors available.
sr. member
Activity: 261
Merit: 265
If hacker takes control of your web-server, he can send rpc request to your bitcoin server or prepare data for pick up from 'locked down' server.
The best way - to secure your web server. Use encrypted disks for sensitive data like db, bitcoin configs and wallets. Unmount disks, lock wallet on any unautorized access to the server. Send rpc request from dedicated user, not from www.
legendary
Activity: 4228
Merit: 1313
i dont see a problem with having them on the same machine as long as that server does not control any funds.

any bitcoin server which can be used to send money should be on another network and on a machine which you control physically to avoid attacks from your hoster.

No need, the machine can be encrypted, or even just the wallet encrypted and unlocked when it has to send out funds. And only use https calls to get data so that the host can't find clues in the traffic.

This is bad advice (except the https part).

notme has given you good advice if you want your funds to be safer. I won't repeat what he said, but his advice is sound.  (You should also be concerned about using a VPN, bitcoins have been reportedly stolen from them even with good security, by ISP employees.)

full member
Activity: 164
Merit: 100
Indie Developer
i dont see a problem with having them on the same machine as long as that server does not control any funds.

any bitcoin server which can be used to send money should be on another network and on a machine which you control physically to avoid attacks from your hoster.

No need, the machine can be encrypted, or even just the wallet encrypted and unlocked when it has to send out funds. And only use https calls to get data so that the host can't find clues in the traffic.
full member
Activity: 224
Merit: 100
You shouldn't have your web server rpc call to bitcoind.

I need my web application to generate keypairs. I could also generate them via PHP, but importing the private key to bitcoind is a pain in the ass (makes bitcoind unresponsible for minutes). Smiley
My bitcoind server is a laptop running in my basement.

You can solve this problem in the same way - your bitcoin server checks the task "create new keypair" and if it is exists - proceed it.
Your solution is OK too, if you satisfied how it works.
full member
Activity: 395
Merit: 100
Market Integration Platform
You shouldn't have your web server rpc call to bitcoind.

I need my web application to generate keypairs. I could also generate them via PHP, but importing the private key to bitcoind is a pain in the ass (makes bitcoind unresponsible for minutes). Smiley
My bitcoind server is a laptop running in my basement.
full member
Activity: 224
Merit: 100
Quote
bitcoin server which has an empty wallet -> same server
bitcoin server which has access to money -> another server which YOU host yourself

but how to make automatically payouts ?

Quote
Bitcoind should be on a locked down server that only allows outgoing connections to the database so it can ask the database what needs to be sent and allow it connect to a single bitcoind instance you control that is only used to broadcast transactions.

good idea. At least attacker will not get direct access to wallet.dat or send RPC call to spend all available coins.
legendary
Activity: 1904
Merit: 1002
Subject.

Imagine, that there is web-server and bicoin-server.

What if hacker will get access to web-server and make RPC call to bitcoind server and send coins to his address?

In this case no reason to have separate bitcoin-server for this. Or I missed something.

You shouldn't have your web server rpc call to bitcoind.  Bitcoind should be on a locked down server that only allows outgoing connections to the database so it can ask the database what needs to be sent and allow it connect to a single bitcoind instance you control that is only used to broadcast transactions.  Of course, you should design it in such a way that an attacker would have to spend significant time understanding your built in checks before they are able to fake records without tripping up your automated integrity checks.  If an integrity check does fail, immediately send all funds to a cold wallet and cease operations until a human can check it out. Even with all that, most funds should be kept offline and only made available to the bitcoind server when it's supply runs low.
sr. member
Activity: 266
Merit: 250
i dont see a problem with having them on the same machine as long as that server does not control any funds.

any bitcoin server which can be used to send money should be on another network and on a machine which you control physically to avoid attacks from your hoster.

I dont understand you Smiley In first sentence you say that there is no problem to keep bitcoin server and web server on the same machine,
in the second you say that bitcoin server should be on another network Smiley

bitcoin server which has an empty wallet -> same server
bitcoin server which has access to money -> another server which YOU host yourself
full member
Activity: 224
Merit: 100
i dont see a problem with having them on the same machine as long as that server does not control any funds.

any bitcoin server which can be used to send money should be on another network and on a machine which you control physically to avoid attacks from your hoster.

I dont understand you Smiley In first sentence you say that there is no problem to keep bitcoin server and web server on the same machine,
in the second you say that bitcoin server should be on another network Smiley
sr. member
Activity: 266
Merit: 250
i dont see a problem with having them on the same machine as long as that server does not control any funds.

any bitcoin server which can be used to send money should be on another network and on a machine which you control physically to avoid attacks from your hoster.
full member
Activity: 224
Merit: 100
Subject.

Imagine, that there is web-server and bicoin-server.

What if hacker will get access to web-server and make RPC call to bitcoind server and send coins to his address?

In this case no reason to have separate bitcoin-server for this. Or I missed something.
Jump to: