#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2015
    Posts
    5
    Rep Power
    0

    Question The best method to protect the user's account gets hacked


    Let me explain what I want to know,I have a main site on server A and software used by this site on server B
    how do I protect mutual information between the site and the software.
  2. #2
  3. Lazy Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    16,436
    Rep Power
    9645
    SSL is the most basic thing you can do. Beyond that it depends how the two communicate and what information they're sending to each other...
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2015
    Posts
    5
    Rep Power
    0
    The main site on server A and tradebot software on server B what is best method to encryption of tradebot properties.
    I'm looking for a symmetric encryption scheme to encode the accounts,passwords etc of the bot. So if the bot site gets hacked, the hacker cannot directly use the accounts. It should give us at least some time to change the accounts.
  6. #4
  7. Lazy Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    16,436
    Rep Power
    9645
    If an attacker gets access to server B then you're hosed. No encryption will protect you. Won't even stall them for more than a couple minutes.

    What's this "tradebot" thing?

    [edit] Actually, wait. Are you able to alter both servers? Or just server A/B?

    Comments on this post

    • Will-O-The-Wisp agrees
    Last edited by requinix; April 27th, 2015 at 06:10 PM.
  8. #5
  9. Contributed User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2005
    Posts
    4,478
    Rep Power
    1875
    I would suggest you read up on server security in general, rather than hoping 'encryption' by itself will magically solve all your problems for you.

    The first thing I would do is set up the firewall on B to accept connections only from A, and only on those port(s) necessary for the communication with A.
    Everything else should be nailed down.

    Is A on the public internet and B behind a DMZ?

    Run your tradebot from a separate user account, and enable per user encryption on the disk (also beneficial if the physical machine gets stolen). An intruder who somehow logs in as say 'nobody' wouldn't be able to read the data files belonging to tradebot. Even if they managed to login as root, they would still have a great deal of difficulty in accessing the on-disk information.

    Make sure key log files are set to always open in append mode, to make it harder for an intruder to cover their tracks.

    Which operating systems are running A and B?.

    Comments on this post

    • Will-O-The-Wisp agrees
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2015
    Posts
    5
    Rep Power
    0
    So far this should be a oneway communication. The bot just gives the main site the last trades, profits etc.

    Since those are displayed on main site anyway, encryption is not very critical here.

    My bigger concern are hackers, that might hack the tradebot site. They should not get uncrypted exchange accounts. That's why I'm asking for a
    symmetric encryption scheme for the tradebot properties.

    @requinix cryptocurrency tradebot

    @salem both on the public internet -CentOs 6.5

IMN logo majestic logo threadwatch logo seochat tools logo