Create a gist now Instantly share code, notes, and snippets.Bitcoin Full Node on AWS Free Tier Provisioning Launch one T2 micro instance, using Ubuntu 14.04 LTS AMI.Open SSH and Bitcoin Protocol TCP ports: 22, 8333.Attach 40GB EBS (General-Purpose SSD) volume for blockchain storage to /dev/sdf.The pricing should be ~3$ for the first year (assuming 30GB upload per month).See here for more details.Installing (based on the following reddit post) Run as superuser: $ sudo dd if=/dev/zero of=/opt/swapfile bs=1M count=1024 $ sudo mkswap /opt/swapfile $ sudo swapon /opt/swapfile $ mkdir ~/.bitcoin/ $ sudo add-apt-repository -y ppa:bitcoin/bitcoin $ sudo apt-get update -y $ sudo apt-get install bitcoind -y Add the following to /etc/fstab configuration: # /dev/xvdf is EXT4 filesystem under /home/ubuntu/.bitcoin /dev/xvdf /home/ubuntu/.bitcoin ext4 defaults 0 0 /opt/swapfile swap swap defaults 0 0 Mount them using: sudo mount -a Torrent bootstrap.dat for speed, as described here.

Use the following configuration file (.bitcoin/bitcoin.conf): server=1 daemon=1 connections=40 rpcuser=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX rpcpassword=YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY disablewallet=1 Use the following traffic control script (.bitcoin/utils/tc.sh) for bandwidth throttling: #network interface on which to limit traffic IF="eth0" #limit of the network interface in question LINKCEIL="1gbit" #limit outbound Bitcoin protocol traffic to this rate LIMIT="200kbit" #defines the address space for which you wish to disable rate limiting LOCALNET="172.31.0.0/16" #delete existing rules tc qdisc del dev ${IF} root #add root class tc qdisc add dev ${IF} root handle 1: htb default 10 #add parent class tc class add dev ${IF} parent 1: classid 1:1 htb rate ${LINKCEIL} ceil ${LINKCEIL} #add our two classes.one unlimited, another limited tc class add dev ${IF} parent 1:1 classid 1:10 htb rate ${LINKCEIL} ceil ${LINKCEIL} prio 0 tc class add dev ${IF} parent 1:1 classid 1:11 htb rate ${LIMIT} ceil ${LIMIT} prio 1 #add handles to our classes so packets marked with go into the class with "... handle fw ..."

tc filter add dev ${IF} parent 1: protocol ip prio 1 handle 1 fw classid 1:10 tc filter add dev ${IF} parent 1: protocol ip prio 2 handle 2 fw classid 1:11 #limit outgoing traffic to and from port 8333. but not when dealing with a host on the local network iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 8333 !ethereum stock review-d ${LOCALNET} -j MARK --set-mark 0x2 iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 8333 !bitcoin tax preparation-d ${LOCALNET} -j MARK --set-mark 0x2 Use the following logrotate script (.bitcoin/utils/rotate.conf): "/home/ubuntu/.bitcoin/debug.log" { daily missingok rotate 5 copytruncate compress } Use the following crontab: @reboot bitcoind @reboot sudo /home/ubuntu/.bitcoin/utils/tc.sh @daily logrotate /home/ubuntu/.bitcoin/utils/logrotate.conf Testing Run bitcoin server and watch its log file: bitcoind tail -F ~/.bitcoin/debug.log Connect to its public IP from https://getaddr.bitnodes.io/, to make sure it is accepting connections from other nodes.litecoin buy euro

Sign up for free to join this conversation on GitHub.Already have an account?Sign in to comment You signed in with another tab or window.Amazon Web Services gives developers access to massive computing capability.Now hackers have found ways to hijack some accounts and use that power to make money on someone else’s dime.Joe Moreno’s bill for Amazon Web Services is usually about $5 a month.bitcoin jobs vancouverBut last Thursday, he learned his AWS credentials had been compromised.american bitcoin exchange ceo found deadAn unknown person started renting computing power from Amazon on his account, racking up more than $5,300 in charges on servers in Amazon data centers as far away as Tokyo, São Paulo, Sydney, and Singapore.It appeared that he was running processes that “mined” Bitcoin—creating units of the digital currency in exchange for processing transactions.Given the timing of the attack, Moreno initially thought the Heartbleed bug was to blame, until he tracked down the breach and realized it was his own error.In addition to developers’ usernames and passwords for their accounts, AWS uses “access keys” which are easier to include in software.ethereum target

And that’s the problem—developers include them in software, including copies of the software they store in public source-code repositories like GitHub.Moreno had uploaded code to a GitHub repository, inadvertently including his Amazon credentials.You might think this is an isolated case, but a security expert in Australia discovered almost 10,000 AWS credentials in a search of GitHub last month.Ty Miller, founder of security testing firm Threat Intelligence, found exposed credentials for Amazon, Google’s Cloud Platform, and Microsoft Azure in GitHub repositories, but the largest number were for Amazon.“These credentials are likely to provide full access to the AWS account,” Miller told ReadWrite.ethereum cpu or gpuThat means hackers could delete data or add data and start new computing processes which could perform just about any task.Amazon appears to be aware of the problem.bitcoin magic trick

The company specifically warns developers against including their credentials in code that they upload.But it’s not clear how Amazon can police the problem.Moreno discovered the breach to his account after receiving email from Amazon asking him to update his credit-card information.bitcoin miner app iosMoreno, a former software developer at Apple, logged in and noticed the charges.He immediately contacted Amazon.“Your AWS credentials have been compromised,” the Amazon representative said.Bitcoin mining was a common goal of these hackers, though the AWS computing resources could be used for all kinds of money-making schemes.When software consultant Ted Howard learned of Moreno’s experience, he commiserated.On April 5, he had learned that his Amazon account had been hacked.“I immediately changed my password, disabled my access key and created a new key,” he told ReadWrite.Howard also believes the breach was likely his fault.

After checking his GitHub repository, he found that he had committed a file that contained his AWS access key.“I seem to be incapable of escaping my own stupidity,” he said.But the unintentional publication of AWS credentials appears to be a common problem.It even happened to security researcher Rich Mogull in January.Howard thought his immediate problem was over, though he still had the bill to settle with Amazon.But on Friday, after communicating with Moreno, he discovered yet another security breach on his AWS account, despite the steps he had already taken to secure it.After Moreno’s Amazon troubles came to light, Howard logged back into his own Amazon account and saw that 13 new EC2 instances in Oregon had been started—on April 9, days after he learned of $6,000 in fraudulent charges on his account.“Of course I changed my password and disabled my new access key,” he said.“This time I didn’t even bother creating a new one.”Since he hadn’t used the new access key anywhere, or uploaded or shared it anywhere, he was worried.“Whether it’s related to Heartbleed is anyone’s guess,” Howard said.

“It’s possible that they still accepted requests with the old access key after I killed it.Perhaps the attacker was notified of the new key somehow.I really have no idea.”Later on Friday, Amazon told Howard that the hacker may have used a feature called “Spot Requests” on his account before he reset his credentials.He checked out his account and found many of them.As an Amazon developer, you can bid on unused computing resources via Spot Requests, and when Amazon accepts the price you set, it automatically starts using the designated computing resources.Amazon told Howard he had to check each of Amazon’s geographical region for such requests, as deleting one would not affect instances in any other region.“The nefarious way to use this is to set up a ton of requests with a high max price,” Howard said.“Even once all the credentials are changed, this request is still present, so new instances continue to be spun up and down over time.This is apparently what happened to me.”That’s what an Amazon representative told Moreno the day he discovered the breach.

The Amazon employee also told Moreno to check his EC2 spot instances in other regions, and predicted he would see high end instances running.Which he did.Like Howard, Moreno changed his password, but took the extra precaution of removing his code from GitHub.That’s not a trivial process: Because the way repositories are backed up, his old keys may still be discoverable.A helpful GitHub tutorial explains how to purge files from your repositories permanently and avoid accidental commits in the future.Recently, Amazon has changed the way it generates credentials, Moreno and Howard both said.To allow programs to access AWS resources, you used to need an access key ID and a secret access key—strings of characters generated by Amazon.In the past, you could log into your account and retrieve the secret key at any time.That’s no longer the case.“If you lose [the secret key], you must disable and generate a new access key,” Howard said.An Amazon guide for managing AWS credentials suggests removing, or not generating, an access key for your root account; and using AWS Identity Access Management (IAM) to create temporary security credentials for applications that interact with AWS resources.

It also explains how to manage IAM access keys.“We take security very seriously at AWS, and we provide many resources, guidelines and mechanisms to help customers configure AWS services and develop applications using security best practices,” an AWS spokesperson said.“When we become aware of potentially exposed credentials, we proactively notify the affected customers and provide guidance on how to secure their access keys.”It seems that Amazon could do more, however.If security researchers can easily scan public sites like GitHub and find access keys, couldn’t Amazon do the same, and save itself and its customers from these incidents by immediately deactivating the keys?It may go without saying, but if you’ve uploaded code to GitHub, you might want to check whether you inadvertently included your credentials for anyone, including hackers, to access.“I’m sure many developers have made the mistake I’ve made,” Moreno said.He and Howard offer the following advice.And if that doesn’t stop a hack, you’ll still want to gather information about what happened.