You are viewing a single comment's thread from:

RE: Claimed.

in #steem7 years ago

How were they hacked? Using the blockchain as the intermediary means you only have to trust your RPC endpoints, so unless you were giving people direct access to the server you were running them against I can't think of how. Though I'd be interested to know if I've overlooked something.

Sort:  

I'm not sure. I just know I ran the bots on a virtual server running ubuntu 16.04. While leaving the bots idle, while I was coding, not much happened. As soon as I left them to run on their own, they each ran for about 2 to 3 hours then would stop. When I checked on them the servers were either hit with DDOS, or in one instance someone actually got into the system as I could see a rogue connection on a udp port. Instead of trying to figure out how it happened I just destroyed the servers since it was just an experiment anyway. Since I spin up Ubuntu servers all the time, and since they usually don't get hacked that fast, I assume that it might have something to do either with the Piston code itself, or the activity from the server to the blockchain was enough to attract the attention of outsiders. My only point in all of this is that it would take me about a day to write the code for the bot. But if I'm expected to serve the bot as well, then it would take me much longer to ensure that the server was secure. If @berniesanders already has a server in mind to run the bot code on, then I will gladly code the bot. If not, I'm a little more hesitant as it mean debugging the piston code which I'm rather too unfamiliar with to do this in a timely manner.