Are you using all advantage of security features that Gunbot offers to protect your money?
Like in real life, cyber-space is full of pick-pockets. You would never leave your phone and wallet with credit cards and cash on the table coffee bar while going to the restroom for a few minutes? Of course, you would not.
But, are you aware of all potential threats that can harm your hard-earned crypto-cash while you sleeping?
Is your answer YES? Then, you must have headaches and insomnia from reading all the news, hack forums, CVE site, and others.
Is your answer NO? Good for you, the grass is green, the sky is blue, you sleep calmly. Everything is fine until something bad happens. Then you start asking questions like “What I could do to prevent it” or “How it happened??”
Here in Gunthy, we consider security as the top priority. Money is money, no matter is it in the form of paper, number on your bank account or cryptocurrency, you should know how to protect it.
Encryption and security today is perfect. It’s based on mathematical functions built-in ways it’s impossible to break down. Even with all computer power in the world, it can take more than a few million years to break one cryptographic key pair. So, how all these thefts happen you may ask? The answer is not “easy” or something that will blow your mind.
The answer is most of the times HUMAN error.
Lack of knowledge, wrong or partial security implementation, being lazy and careless result running unprotected machines or software are common causes of all “hacks”. Ok, I didn’t forget social engineering, but it’s topic for next time.
Grab your cup of coffee and let’s start, this will be quick and easy
1. Most of Gunbot users use Linux VPS server to run their bots. Why you should too?
SECURITY! Linux is free and open-source software and its code are reviewed by thousands of developers all over the world compared to dozen of employees that code other closed-source OS, like Windows. Maybe you heard something like “Viruses don’t hit Linux!”, it’s partially true. Most of the software for Linux is free and open-source, anyone can review it – that means it’s hard to “hide” malicious code inside.
PERFORMANCE! Running fully functional OS without graphic with only command line sounds like a nightmare to you? It takes some time to get used, but once you master it, it becomes much faster. Remove the graphic user interface and leave CPU and RAM for running things that matter. Most modern Linux distros use less than 250MB of RAM space after boot. Also, not having bloatware installed increases stability – it’s crucial if you want your money-maker bots to run 24/7/365 without interruption. Did you know that you can update all your Linux apps and packages without ever restarting the machine? Even upgrade OS is possible. Imagine migration from Win 7 to Win 10 without restarting your machine, crazy isn’t it?
PRICE! Period. You can’t beat free, right? Especially with that performance, you can save on the VPS plan and buy cheaper ones.
2. Installing Gunbot on your VPS and secure it!
Ok, now the fun starts. Download your Gunbot to your machine, unzip it and… DON’T RUN IT YET! We have important things to do before, security first, right?
Probably you running Linux and access to your machine via SSH. Great, but if your GUI is still unprotected.
First, you need to install “OpenSSL” package, type in terminal (for most distributions):
sudo apt-get install openssl
Then navigate to /lin folder where you unzipped Gunbot.
Type in terminal:
openssl req -newkey rsa:2048 -nodes -keyout localhost.key -x509 -days 365 -out localhost.crt
You will be asked to enter the country code, after that you can leave everything blank. It will not affect security.
Now, you have to edit your config.js file from Gunbot installation.
Find:
“https”: false,
and change it to:
“https”: true,
Save config.js file.
You have successfully enabled SSL for your Gunbot GUI!
Now, you can start Gunbot and access it via a web browser at: https://your-vps-ip:5000
But wait, it says “your connection is not secure!!”
That happens because SSL certificate is self-signed, it’s normal. You can have signed an SSL certificate by companies like VeriSign, Norton, etc, but they cost a lot of money. Only payment sites use them and if you ever go to the site that requests your credit card info or similar with self-signed certificate – RUN AWAY! “Your connection is not secure” warning is actually for that moments.
Now, with SSL installed – you can create a password for Gunbot GUI without fear that anyone will intercept your password in-between your PC and VPS server.
The last thing for today (I said it will be quick and easy) is setting up 2FA authentication. It is a good idea if you completed previous steps with your PC, now use your phone, laptop or any other device for this step. This is the last line of defense and you don’t want to make mistake now.
Even if someone has compromised your PC and watching your whole time while you entering a new password for your GUI, let’s say “it’s still OK”.
Change device, use your phone for example. Install any 2FA software, depends on your preference, like Gauth, Authy, etc… Go to https://your-vps-ip:5000, enter your password.
Navigate to Settings > Authentication > Enable Two-Factor Authentication.
Scan QR code or copy the “QR Code” phase under the QR code image to your preferred 2FA application.
Make sure you make a backup of the QR code or phase in case you lose your 2FA device. Do not store it on your PC or phone, best practice is to write it on a piece of paper and store it safely.
Congratulations! You are safe now! Well, almost. There are many other ways for hackers to exploit, but more on that later, I promised to be short right now.
Even this 10 minutes of your work can make your Gunbot protected enough for some attackers to quit and leave you alone and go search for next easy target.
Install self-signed SSL certificate
It encrypts all communication between your PC and your Gunbot GUI. All passwords, settings, API keys and everything you do is impossible to see for any Man-in-the-Middle. Your ISP, VPN, various routers around internet or even other devices connected to your WiFi network can see your passwords and all you do if you are not using HTTPS.
Setting GUI password
It’s obvious. But this feature is used very poor by many people. Did you know how easy is for modern computer to brute-force passwords? All 8-lenght lower-case combinations can be brute-forced in few hours on home PC. Good strong password should be at least 16 characters, contain upper-case and lower-case letters, special signs as !./%# and numbers. It would take more than many million years with all computers in existance to guess correct password. Use password managers and protect them also!
You can’t blame Gunbot security if you use LetMeIn! as your password. Also use different password for every site in case one of sites go down. There is big chance that one of forums, web-shops, etc where you have account already got hacked!
Two-Factor Authentication
It’s your last resort if your password goes down! 2FA device generates new code every minute and old one becomes invalid, so if attacker doesn’t have latest key he is unable to get in.