rdig / ethereum-honeypot Goto Github PK
View Code? Open in Web Editor NEWTrack external parties actions run on open ethereum nodes.
License: MIT License
Track external parties actions run on open ethereum nodes.
License: MIT License
For local development, there's a Vagrant image, for the container environments there's Docker images.
Here we'll cover the third case, a Virtual Machine. Either local, barebones or rented.
A bash autosetup script will cover this nicely.
This will serve as an alternate json
object storage solution (NoSQL).
It will not replace the planned MongoDB integration, but will serve as an alternative to having to deal with setting up and configuring mongo.
When this project is in a decent state, and able to be released, rename it something sensible. Eg: ethereum-honeypot
We seem to be hitting the reads / day quota very easily (granted, this was during development of #30):
We should look into this to find out where the numerous reads come from. Also, if it makes sense, change the logger to also use transactions
(just like stats).
On the other hand, this might be a one time fluke and we might be threading on premature optimization territory.
NOTE: If we end up implementing #5, this will not be relevant anymore.
It should come as no surprise that this should have a web interface that displays the relevant maps, charts and stats.
Otherwise the whole logging endeavor is kinda for naught
This should be a drop-in replacement for the existing ganache-core
server.
Rewriting it we can make it more specialized, adding the ability to log requests and responses and everything in between.
Also gives us the ability to use ganache-core
as an actual dependency, instead of just cloning and changing the code.
Integrate Snyk, or equivalent, into the project repository (via GH's marketplace) to help with code and dependency vulnerability detection.
Integrate Circle CI to help with automated builds, unit and integration testing.
Most likely this will also help integrate Greenkeeper into the project.
This should be available / accessed via GH's new Checks tab.
It will be useful to have some server health stats tracked as well.
A good use case would be correlating different RPC methods with high memory / cpu use.
Maybe this could be tied into #7
The system should be able to handle multiple honeypots, set up in different regions, logging data into the same database.
This is the main need for #5
A nice to have is a script that will randomly simulate transactions between accounts to further the idea of a real blockchain node.
This can be done via a cron
script, a trigger on every request, or some other solution.
Since ganache
give us the ability of forking an existing chain, we should take advantage of this to further the simulation and the chances that the honeypot is discovered.
A mechanism to periodically re-fork the chain should also be considered, so that the data is somewhat up-to-date.
This is needed in order to be able to respond the the web3_clientVersion
call with different strings.
This should just intercept the calls, pass them through, but change the calls that we need.
This may not be possible and a provider might need to be written: to investigate.
A naive implementation may be possible by intercepting the response in the server just before sending it out and modifying the string.
This is not ideal as it would be redundant, and obviously eat up more resources.
The node
process
that's running the RPC server keeps crashing randomly (maybe one of the commands executed against the honeypot crashes the process...).
The makeshift logger that we set up doesn't catch much output (something to do with the server env it's running on, since on the local dev machine it logs every error).
So, to plug the leak, until we have time to deal with the underlying issue, we can set up a script to restart the node
process
periodically (on the hour maybe?).
This is actually an improvement, since every time we restarted, fresh accounts with new ether are generated, so the bots have new toys to play with.
The server, provider and the rest of the helpers should log debug info to a local .log
file for diagnostic purposes.
Continuing the implementation from #3 which tracks modifying the response from the web3_clientVersion
call.
It should query the database, find out the last request from this IP (current requester) and match the client version response.
This way, it will be a little less obvious that the machine is running a honeypot.
For production deployment in environments which use Docker containers a pre-build image would speed up setup time / upfront learning curve.
Integrate Greenkeeper most likely via CI for dependency updates and management.
This will most likely be done via CI. See #19 about that.
This issues should keep track of the various infrastructure architecture configurations:
Since #25 landed all data storage was moved to Firebase's Cloud Firestore engine.
The currently available data, that is still stored inside sqlite3
files needs to be migrated to the new storage format.
Since this project will have quite a few moving parts, it will be nice to have an automated setup process / image that takes care of this.
For local development a Vagrant image might be a good choice. Obviously there may very well be a better alternative.
This Epic tracks implementation of code improvements in the RPC server code.
They are marked with @TODO
code blocks.
Since we are storing data inside a NoSQL database we can't really get nice stats like we need to display on our interface.
Currently planned stats:
We can overcome this by creating a new Firestore collection that tracks this for us, so we will just have query that to display info on web page.
We added a new stats collection in #29, but this will track stats only going forward, not the ones that already exits.
This issue tracks implementing a local script that will use transactions to process backlogged requests.
Since we'll need it will be nice to support multiple input sources (multiple servers) we need a database engine that can handle that.
While the current sqlite
is super easy to work with, it will be cumbersome to set up for multiple servers. Also the filesystem file limit will play a role here.
This is a suggestion made by somebody (me) who's main expertise is not databases, so my choice may not be the best.
The current service we are using ip-api.com limits more than 150 calls per minute by banning the originating IP.
If this happens (and it happens when there's an influx of bots accessing the node) the whole logger method call will fail (this issue should also look into fixing that) and the data will be lost.
Either use an external service, or something local, it's all good, as long as it works.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.