It has recently come to light that someone is stealing from insecure ethereum nodes. Unlike some other cryptocurrencies, Ethereum’s reference node implementation, geth, doubles as a wallet. This means that ethereum nodes can be exploited to steal funds out of an account connected to them. Attackers do this by using the JSON RPC to send transactions to themselves on your behalf. Below are some methods you can use to Secure your ethereum against this vulnerability.
What is the geth RPC?
An RPC, or remote procedure call, is a method for one program to ask another to do something. In the case of an ethereum node, the things another program can ask varies from asking for network statistics, to asking the node to send a transaction. While asking for network statistics is harmless, aside from the fact that it can be used to slow down the node, sending can be used to take funds out of your account.
Methods to make your ethereum node secure
Ensuring that the RPC is not enabled is the simplest method of keeping your ethereum node secure. Geth has the RPC disabled by default, requiring the use of the flag
--rpc be added to the command line for it to be enabled.
The next best step is to only allow connections to the RPC from your local computer. This works if all the external applications you intend to have running are running on the same computer. This is as simple as the first method, requiring an extra argument to geth, specifically,
--rpcaddr 127.0.0.1. The address 127.0.0.1 is a special address that redirects traffic back to the computer that sent it.
The last method you can employ is also one that should be in place already. You can put your node behind a firewall and block all but the IPs you want to access the RPC from using the port which the RPC resides on.