You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If your ethereum full node is on a public network server.
You should advise users to make firewall policies that prohibit external calls to RPC.
Because the attacker will scan the code to your node and attack you.
You can look at this :Billions of Tokens Theft Case cause by ETH Ecological Defects
Defense Advices
Change the default RPC API port, The configuration method is: --rpcport 8377 or --wsport 8378
Change the RPC API listen address to Intranet. The configuration method is: --rpcaddr 192.168.0.100 or --wsaddr 192.168.0.100
Configure iptables to restrict access to the RPC API port. For example, only 192.168.0.101 is allowed to access port 8545:
iptables -A INPUT -s 192.168.0.101 -p TCP --dport 8545 -j ACCEPT
iptables -A INPUT -p TCP --dport 8545 -j DROP
The keystore should not be stored on the node (because the account is not on the node, unlockAccount will not be used)
Any transaction that uses web3's sendTransaction and sendRawTransaction to send a private key signed transaction
Private key physical isolation (such as cold wallets, manual transcriptions) or high-strength encrypted storage and security keys
At last
If you need, you can contact us to audit dogethereum-contracts.
We support DogeCoin payment.
HaHa
: )
We are the slowmist security team,You can visit our official website: www.slowmist.com
We like DogeCoin very much.
We will pay attention to you, I wish you good luck.
The text was updated successfully, but these errors were encountered:
This operation will cause you to be hacked and steal your ETH coin.
https://github.com/dogethereum/dogethereum-tools/blob/master/user/unlock.js
If your ethereum full node is on a public network server.
You should advise users to make firewall policies that prohibit external calls to RPC.
Because the attacker will scan the code to your node and attack you.
You can look at this :Billions of Tokens Theft Case cause by ETH Ecological Defects
Defense Advices
Change the default RPC API port, The configuration method is: --rpcport 8377 or --wsport 8378
Change the RPC API listen address to Intranet. The configuration method is: --rpcaddr 192.168.0.100 or --wsaddr 192.168.0.100
Configure iptables to restrict access to the RPC API port. For example, only 192.168.0.101 is allowed to access port 8545:
iptables -A INPUT -s 192.168.0.101 -p TCP --dport 8545 -j ACCEPT
iptables -A INPUT -p TCP --dport 8545 -j DROP
The keystore should not be stored on the node (because the account is not on the node, unlockAccount will not be used)
Any transaction that uses web3's sendTransaction and sendRawTransaction to send a private key signed transaction
Private key physical isolation (such as cold wallets, manual transcriptions) or high-strength encrypted storage and security keys
At last
If you need, you can contact us to audit dogethereum-contracts.
We support DogeCoin payment.
HaHa
: )
We are the slowmist security team,You can visit our official website: www.slowmist.com
We like DogeCoin very much.
We will pay attention to you, I wish you good luck.
The text was updated successfully, but these errors were encountered: