Note to BPs - How not to get hacked!
Many BP candidates have went through a lot of public campaigns, talks, events and community work to make it to this point and stand a chance to get elected.
However getting elected will be a small comfort if BP fails to keep his Block Producing node up and running. Besides connecting it to the Mainnet there are other security concerns that needs to be addressed if BP node wants to run BP operations longer then one day.
There are basic rules to follow when setting up security:
- Shutdown any and all services you don't use on your machine.
- Move ssh port from 22 to a higher number port (ex. 6007).
- Setup ssh key login and disable password login.
- Enable ufw firewall on your ubuntu machine, only allow access to ports you need, disable default ports like 22, etc.
- Do no use default ports for anything including EOS ports.
- Do not run any plugins except producer plugin on BP node.
- Ideally run BP nodes behind full node and not exposed publicly.
Install nmap unix utility on another machine and scan your IP address for open ports:
If you do everything right - you should get nothing back.
Additional reference material: