The server was hacked by bitcoin

1. In June 2011, Symantec issued a warning that botnets are participating in bitcoin; mining & quot; In the middle. This can take up the computing power of the victim's computer, consume extra power, and cause the temperature of the host to rise. Later that month, ABC found an employee using the company's server to mine
some malware also make great use of the parallel computing power of graphics cards. In August 2011, botnet of bitcoin mining was discovered, and Mac OS X infected by Trojan horse was also discovered to mine bitcoin.
on June 19, 2011, security vulnerability of mt.gox (Magic: abbreviation of the gathering online exchange) bitcoin trading center caused the price of 1 bitcoin to drop to 1 cent (although other transactions were not affected). The reason is that a hacker stole the user's mtgox certificate from the computer infected with the Trojan horse, so he transferred bitcoin to his own account and sold it, resulting in a large number of "ask" requests at that price. A few minutes later, mtgox shut down and cancelled the abnormal transactions in the hacking incident, making the price of bitcoin rebound back to $15. In the end, the bitcoin exchange rate went back to what it was before the crash. Accounts equivalent to more than $8750000 were affected
in July 2011, the operator of bitomat, the world's third largest bitcoin trading center, announced the loss of access rights to the wallet.dat file that records 17000 bitcoins (about 220000 US dollars). At the same time, announced the decision to sell services to make up for the loss of users
in August 2011, mybitcoin, one of the processing centers of common bitcoin transactions, announced that it had been attacked by hackers and shut down. Involving 49% of customers' deposits, more than 78000 bitcoins (then equivalent to about $800000) are missing
in early August 2012, bitconica was sued in the San Francisco court for damages of about $460000. In 2012, bitconica was attacked twice by hackers, accused of ignoring the security of customers' funds and forging withdrawal applications
in late August 2012, bitcoin savings and trust was shut down by its owner, leaving about US $5.6 million in debt. At the same time, he was accused of operating the Ponzi scheme. In September 2012, the securities and Exchange Commission began to investigate the case
in September 2012, bitfloor trading center was also hacked, and 24000 bitcoins (about US $250000) were stolen. Bitfloor was suspended. Bitfloor resumed operations in the same month, and its founder said he had reported the theft to the FBI and that he was planning to compensate the victims, but the compensation schele was unclear
in June 2011, a hacker transferred 25000 bitcoins into his account, which is equivalent to 500000 US dollars. The whole transaction could not be traced. Although the owner of bitcoin announced the theft on the Internet, it was useless. The hacker became the first thief of bitcoin
in 2012, 46703 bitcoin worth US $228845 was stolen e to the disclosure of the super management password of the server of the website hosting provider linode. More than 43000 stolen bitcoins belong to bitcoinica, a bitcoin trading platform. Another 3094 bitcoins are owned by Marek palatinus, a Czech programmer. Gavin Andersen, the chief bitcoin programmer, also lost his five bitcoins.

2.

at present, the vast majority of digital currency transactions are concted in exchanges. Among the numerous exchanges, bitfinex, binance, okex and so on are well-known

However, bitcoin and other digital currencies, as decentralized assets, have to be traded in a centralized exchange, which seems to have hidden contradictions and dangers

1. Problems and challenges of stock exchanges=“ https://iknow-pic.cdn.bcebos.com/fd039245d688d43fdf16c83b761ed21b0ff43bbf ">

in February 2014, Mt. GOx, the world's largest bitcoin exchange at that time, was stolen 850000 bitcoins, and the price of bitcoin suffered a" cliff "crash on that day. Later, it was revealed that Mt. GOx was in fact a thief, and only 7000 bitcoins were actually stolen

in August 2016, bitfinex, the largest U.S. dollar bitcoin trading platform, suffered a security vulnerability, resulting in the theft of 120000 bitcoins, which was worth $65 million at that time. If converted into the price in December 2017, it would be worth nearly $2 billion

on December 19, 2017, South Korea's youbit exchange was attacked by hackers and lost 4000 bitcoins, and the exchange declared bankruptcy

on December 21, 2017, the Ukrainian liqui exchange was stolen 60000 bitcoins, and the unit price of bitcoin plummeted by US $2000

in 2018, such a drama will only continue

in addition to the threat of hackers, traditional exchanges also have some inherent shortcomings, such as lack of supervision and inefficiency. The security of the exchange for investors can only rely on its own credit, and the cost of running is very low. The stock exchange is regulated at the national level, but there is no such sword of Damocles on the top of the digital currency exchange. Moreover, in an exchange, the same order can only be submitted to one exchange. After the user places an order, the funds used for the transaction will be frozen and can only wait for the completion or cancellation of the transaction. These are undoubtedly inefficient

All in all, the problems of exchanges are the problems of centralization

2. Decentralization of exchanges=“ https://iknow-pic.cdn.bcebos.com/86d6277f9e2f070889a173c9e224b899a801f257 ">

(1) the progress of the exchange itself

the upgrade of security means is various. At present, the best use is cold wallet, that is, to keep the digital currency in the offline U disk. At the end of 2017, when the YouTube exchange was attacked, 75% of its assets were withdrawn into the cold purse in time to avoid greater losses. However, it seems to be a helpless way to protect the online assets by offline means. Of course, there should be many other methods, which will not be repeated here

(2) the representative of cross ledger transaction is ripple network, and the operating company is ripple labs, which is a semi centralized system. Ripple is a decentralized clearing agreement. In order to solve the high cost and delay of inter-bank clearing, its base currency is XRP. Ripple network can connect all kinds of assets, such as US dollar, RMB, Japanese yen, bitcoin, etc. to its own network. In this system, U.S. dollars or bitcoin can be converted into reborn currency, and then reborn currency can circulate freely in the network, just as a highway is built between various assets. Due to the support of major banking institutions, the reborn currency achieved nearly 300 times growth in 2017

(3) decentralized exchange

some teams try to use blockchain technology to build a decentralized exchange. This kind of decentralized exchange, to some extent, is an extension of cross ledger trading

bitshares is the most representative of early rising projects. It builds a blockchain development platform with servers scattered all over the world. Even if some of them are attacked, the system will not collapse. Anyone can transfer money and borrow money freely on this platform, and can also quickly build a centralized exchange based on this platform. In order to ensure stable value, bitstocks also require three times of digital assets as collateral. At present, bitstocks are running fairly well

later, with the development of Ethereum and smart contract, the x x protocol came into being. This is an open protocol running in the Ethereum blockchain and a decentralized exchange in the Ethereum ecosystem. The agreement has attracted many investors. At present, it has completed financing and started to build open source software tools and infrastructure. Of course, there are many competitors. Ether Delta, IDEX and oasis DEX are trying to provide similar functions. Moreover, it is a smart contract system based on Ethereum, which only supports erc20 token. If other smart contract public chains start to rise, the demand will be reced

in addition, there are some teams that are entering, such as the domestic road seal agreement, looping (LRC) in English. They adopted a design similar to the X protocol, and also introced a fast payment function similar to the lightning network. It is characterized by trying to match multiple exchanges, the user's order can be broadcast to multiple exchanges, and completed by different exchanges. Moreover, the user can still use the account funds after placing an order, and the user's behavior of transferring part or all of the funds is equivalent to partial or total cancellation. To some extent, it improves the breadth and timeliness of the transaction. However, this system seems to have damaged the "power" of the existing exchanges. Whether we can persuade everyone to play together will be a difficult problem

At present, there is still a long way to go for the construction of decentralized exchange. In 3-5 years, traditional exchange will still be the main battlefield of digital currency

However, in the future, it is worth looking forward to let the decentralized digital currency get rid of the shackles of centralization

3. 1. Every server has a database backup, and some of them are backed up on other databases or other mobile hard disks. If hackers attack, they can recover
2. If you don't have a backup, you have to call the police
3. Contacting hackers without permission can't recover data, and they will only sink deeper and deeper
4. Pay attention to more backup and multiple ways in the future, and the daily responsibilities of the administrator should also be managed by someone.

4. At present, there is an unpopular way to use bug to get your character into the wall, so that you won't be attacked by monsters, but you can't get out. If you insist on going to three-layer mining, the best way is to form a team to go down mining together

5. It depends on the unit or the indivial. There are about 20 or 30 units in the unit and about 10 units in the indivial family. Of course, there are also games to watch.

6. If the currency is not illegal. It's OK. It's like doing business. Shopping. There is nothing against the law. As long as it's legal. It's all right

7. According to the analysis of 360 security center, the campus network blackmail virus was spread by the "eternal blue" hacker weapon leaked by NSA“ "Eternal blue" can remotely attack the 445 port (file sharing) of windows. If the system does not install the Microsoft patch in March this year, it does not need any user operation. As long as it turns on the Internet, "eternal blue" can execute any code in the computer and implant malicious programs such as blackmail virus.

8. It is necessary to do a good job in server security to prevent being hacked. Server security generally adopts the security setting of software assisted and manual service. Rich people buy several w of hardware to do server security. But for me a small stationmaster, which can bear. One year's server hosting is only more than 5000. It is recommended that you find a professional server security company or team to do server security maintenance for you

the issue of security is very important. Last time, I searched for some articles about server security settings on the Internet just to save money. Facing the articles, I set them one by one and took several days to complete. Unexpectedly, the server was paralyzed and the website could not be opened. Finally, I understood that free things are also the most expensive, The loss is really great, the database has returned to my file, which I regret. Motherfucker. Finally, let the computer room to re install the system, and then find the sine security company to do the website server security maintenance. I also signed a contract with them. It's really a price and a service. The professional service is very safe and stable. Only when the website is safe, can it bring safe and stable customer source. The truth can only be understood after experience. Said so many experiences, hoped can help more and I same website stationmaster

here are some suggestions on safety

after a period of time, you can always hear what websites are linked and what websites are hacked. It seems that invading and hanging horses is a very simple thing. In fact, the invasion is not simple, the simple thing is that the necessary security measures for your website are not well done
if possible, it is recommended to find a professional sine security for website security< It is suggested that users upload and maintain web pages through FTP, and try not to install ASP upload program

2. Regularly check the security of the website, and you can use some online tools, such as the sinafe website hanging horse detection tool

3. The user name and password of ASP program administrator should be complex, not too simple, and should be changed regularly

4. To download the ASP program from the regular website, the database name and storage path should be modified after downloading, and the database file name should also have certain complexity


5. Try to keep the program up-to-date

6. Do not add a link to the landing page of the background management program on the web page


7. In order to prevent the program from having unknown vulnerabilities, you can delete the login page of the background management program after maintenance, and then upload it through FTP ring the next maintenance

8. Always back up important files such as database

9. Daily maintenance should be done, and attention should be paid to whether there are ASP files of unknown origin in the space. Remember: a sweat, for a safety

10. Once found to be invaded, unless you can identify all Trojan files, you should delete all files

11. The call of ASP upload program must be authenticated, and only trusted people are allowed to use the upload program. This includes various press releases, shopping malls and forums<

2: recovery measures:
1. Modify the account password
whether it is commercial or not, the initial password is mostly admin. So the first thing you get from a website program is to "change your account password.". The account number
password should not be used before, but should be changed to something special. Try to put the letters, numbers and symbols together. In addition, the password should be more than 15 digits. If you use
sql, you should use a special account password instead of using admin, otherwise it is easy to be invaded
2. Creating a robots.txt
robots can effectively prevent hackers who use search engines to steal information
3. Modify the background file
Step 1: modify the name of the verification file in the background
Step 2: modify CONN.ASP to prevent illegal downloading, or modify CONN.ASP after encrypting the database
Step 3: modify the acess database name. The more complex the database, the better. If possible, change the directory where the data is located< This method is the most effective, and every virtual host user should have a function. If your IP is not fixed, please change it every time. Security first
5. Custom 404 page and custom transmission of ASP error information
404 enables hackers to batch find some important files in your background and check whether there are injection vulnerabilities in the web page
ASP error, it may send the information that the other party wants to the unknown
6. Choose the website program carefully
pay attention to whether there are loopholes in the website program itself. You and I should have a balance in mind
7. Be cautious about upload vulnerabilities
it is learned that upload vulnerabilities are often the simplest and most serious, which can make hackers or hackers easily control your website
uploading can be prohibited or restricted. If you don't understand, you can find a professional website security company, sinesafe
8. Cookie protection
try not to visit other sites when logging in to prevent cookie leakage. Remember to exit when you close all browsers
9. Directory permissions
please set some important directory permissions to prevent abnormal access. For example, do not give the upload directory execution script permission and do not give the non upload directory write permission
10. Self test
nowadays, there are a lot of hacker tools on the Internet, so you can find some to test whether your website is OK
11. Routine maintenance
A. backup data regularly. It's best to back up once a day. After downloading the backup file, you should delete the backup file on the host in time
B. change the name of the database and the account secret of the administrator regularly
C. through web or FTP management, check the volume of all directories, the last modification time and the number of files, check whether the files are abnormal, and check whether there are abnormal accounts

generally, websites are hanged because the website program has loopholes or the server's security performance is not up to the standard and is attacked by illegal hackers

it is a common phenomenon that websites are hanged, but it is also the trouble of every website operator

have you ever wanted to give up because your website and servers are hacked every day? Have you delayed the operation of your website because you don't know much about the website technology? Do you feel impatient because your well-run website is repeatedly hacked by some boring hackers. Conditional suggestions to find a professional website security sine security to do security maintenance.