Published: Sat 08 March 2014
The sadly defunct crypto-currency "shares" exchange
Litecoin Global has closed due to
I guess not being able to fit a spanky new thing adequately into the current regulatory environment (whatever that may
have been in Belize). The site has/had an offer up for anyone willing to buy its code base, as well
as some sage advice on how to set a similar site up. The advice I reprint here, as many of the crypto-currency world's
exchanges appear to have a lot of issues getting security right. In addition, I guess that at some point it will disappear.
Anyway here are the recommendations :
An apache / php / memcache / cronjob server
A hot wallet server. (behind a firewall that only allows incoming access from the webserver)
A MySQL server. (also behind a firewall that only allows access from the webserver)
A remote linux box to run the cold wallet / manual withdrawals. (has to run the apache/php stack, plus local cold
wallet, should be able to be taken offline between withdrawal processing runs.)
I might also add that you should get an external company to pen-test your set-up .. expensive but worth it. I'm
still weighing up whether kernel-based "security frameworks" like apparmor or tomoyo are worth the cost-benefit. The cost
is many many hours debugging, the question is how many actually useable attack vectors are you really closing off.
Proudly powered by
Pelican, which takes great advantage of Python.
The theme is by
Smashing Magazine, thanks!