Why Self-Hosting is Important

Overview

PROHASHING self-hosts all of its services. All coin daemons, websites, mining services, exchange management, monitoring, databases, and other programs all run on servers that PROHASHING physically controls. This hosting method contrasts with the cloud hosting model, where a company pays another provider, like Amazon, Microsoft, or Oracle, or any one of thousands of other providers, to host their services.

PROHASHING designed its systems for self-hosting since its inception on December 23, 2013. This guide explains why self-hosting is so important, and shows how cloud hosting has led to a number of high-profile security breaches in the cryptocurrency industry throughout the years.

Two Models

PROHASHING’s self-hosted model

In PROHASHING’s self-hosted model, all of the company’s servers are under its own control. The following diagram shows how the system is configured:

PROHASHING's system architecture

PROHASHING has three networks: a production network, a development network, and an auditing network. Unconnected to any network is PROHASHING’s cold storage system, which stores money owed to customers.

Inside each network, the servers communicate with each other and with a local database. None of this traffic ever leaves the network, so it cannot be intercepted by parties elsewhere on the Internet. When customers do send a request, such as a connection attempt to the mining server, the data is processed through a single router machine that PROHASHING has configured to control access across the entire system. PROHASHING controls all of the machines in this network, including the edge router which is connected directly to Comcast Enterprise Services’s fiber network.

PROHASHING also has a development network, which employees use to test new versions of PROHASHING’s services. The database on the development network is a partial copy of the production network’s database, except that personally identifiable information like E-Mail addresses is scrubbed before the copy is made. Therefore, no PROHASHING employee can steal any personal or marketing data by copying the development database.

PROHASHING also operates a monitoring system, which monitors the output of 310 parameters to determine if any parts of the system are offline. An auditing system detects balance discrepancies or trading issues and has the authority to halt the system from performing operations, like payouts, until an Amazon Alexa notification is sent and the issue is addressed. The red arrows are one-way because these systems cannot authorize the production network to take any action, only to stop doing actions that it would otherwise do. Likewise, money can be sent to the cold wallet, but since the private key to the wallet is not stored on any computer, money cannot be withdrawn from the wallet.

A typical mining pool’s cloud hosted model

This diagram depicts how a theoretical pool that uses cloud hosting might be configured:

Other pool's system architecture

In this theoretical mining pool that uses cloud hosting, all of the servers are virtual machines hosted in an environment by a contracted company. The mining pool does not have to concern itself with setting up servers or configuring routers, and instead pays another company to perform those tasks for it. Because the mining pool doesn’t have control of the physical hardware, a “control panel” is often made available to the pool to manage their servers. Customer service representatives from the hosting company may also be contacted to resolve issues with the mining pool’s servers.

It is not possible for the mining pool to specify where the virtual machines are located, or to manage the routers that bring traffic into the network. Therefore, all of the virtual machines receive traffic sent to them from any machine on the Internet. It is possible to configure them to ignore incoming traffic, but it can’t be assumed that specific machines are firewalled off from external request. It also isn’t possible to modify how other virtual machines on the system impact their performance.

Concerns

Hosting a mining pool in a shared hosting environment can be problematic because it allows additional people who do not work for the company to access the pool’s servers. Let’s review some of the specific areas of concern and how the self-hosting model addresses those concerns.

Administration control panels

Cloud hosting usually involves administration control panels. These control panels are websites, intended to be inaccessible to the public, which allow customers to make add, remove, and change server configurations. For example, a control panel could allow a mining pool’s administrator to delete servers, to purchase additional services from the cloud host, or to download or back up files.

Any additional access to a system presents a larger attack surface for hackers to breach. In the case of control panels, the password used to secure the panel is perhaps the greatest weakness, as it can be weak or can be compromised by another source. Some panels do not offer two-factor authentication, a necessary requirement for securing systems of such importance.

The hosting provider can also upgrade control panels without notifying the pool. In the case of Altilly, the hosting provider performed a system upgrade to a newer version of its control panels. The upgrade created additional accounts with two-factor authentication disabled by default. Altilly had no input into, and may not even have been aware of, this upgrade, and even if the pool itself had impenetrable systems, it could not control its host’s control panel.

An additional problem with hosting control panels is that the panel is too powerful. The ability to create, delete, and manage servers through the control panel may be within the job responsibilities of a server administrator, but the administrator has no need for wallet data. Yet, because most panels allow data to be backed up, it is not possible to properly restrict administrators from extracting data from those backups. Retrieving data from hosted machines through a control panel is how Slush’s pool lost thousands of bitcoins in 2012.

Self-hosting has no administration control panels, so there is no need to install additional software to make data changes to servers. Instead, the mining pool’s owners simply visit the physical location and make the necessary changes by connecting a keyboard, mouse, and monitor. Lower-level administrators who have no need to access wallets can be granted the limited access they do require through a separate system.

Host customer service and insider theft

Cloud hosts provide customer service representatives, who can be called to resolve issues with the system. Many hosts fail to provide sufficient training to their customer service representatives to detect fraud. These representatives can be tricked into resetting access by criminals who claim to be from the mining pool.

Another risk is that an employee at the host intentionally takes money for himself or herself. No matter what safeguards are in place, the owners of the hosting firm will always have the ability to copy all of the data from the pool’s servers. This risk is total – there is no limitation possible – and it cannot be avoided except by self-hosting.

With self-hosting, nobody outside the mining pool has the authority to provide service for the pool’s servers, and therefore there is no external provider who could be responsible for the loss of data or money.

Virtual machine attacks

Even in the case that the cloud host is the most honest company imaginable, it cannot vouch for all of its customers.

Over the years, many vulnerabilities have been uncovered that can allow other programs on a computer to uncover data that only other services should be able to access. Two of the most widespread vulnerabilities were Meltdown and Spectre, which exploit processor optimizations to read data stored in the memory of other processes. These exploits are extremely difficult to patch, and are thought to be impossible to fix on some systems.

In the case of cryptocurrency, a criminal can sign up for several hosting contracts with the pool’s provider, create virtual machines on the provider’s servers, and use these vulnerabilities to read memory from the provider’s other hosts. If wallets are unlocked to send money, the private key to those wallets is stored in memory, and can be obtained by exploiting the vulnerability. The mining pool does not have the ability to patch the vulnerability, does not know if it has been patched, and in some cases, patching it is impossible. A request to the host to patch the vulnerability may be ignored, or lost in a ticketing system.

With self-hosting, the mining pool controls all the virtual machines operating on the servers, so no other customers can exploit hardware vulnerabilities.

Packet sniffing

As the diagrams in the beginning of this article demonstrate, in a shared hosting environment, all of the communications between the mining pool’s services are sent across the Internet, or at least between servers on the cloud host’s network. At the very least, all of the packets are sent through routers at the hosting provider.

Since this traffic is routed through the cloud host’s routers, it can be inspected live, or written to disks for later analysis. Any small vulnerability in encryption might lead to additional information being revealed. Even if private keys are never sent between servers, public data like customer IP addresses and public keys can easily be recorded for analysis.

With self-hosting, the pool controls the routers in its own network, so the hosting provider can’t record metadata like IP addresses.

Physical access

Perhaps the most obvious advantage of self-hosting is physical access to the mining pool’s servers, and requires little additional explanation. The ability to connect peripherals, pull cables, or steal drives is present in any shared datacenter. A hosting employee, a fake contractor, or another customer, can add a USB drive to the servers, or could swap a data cable.

Some hosts resell or aggregate services from other hosting providers, so the host from which a company is buying may not even be the bottom-line company with physical access to its servers.

With self-hosting, only the mining pool has access to the hardware, so it can control any hardware changes that might occur.

Conclusion

Cloud hosting has a number of advantages for many businesses. For cryptocurrency companies, however, the security provided by cloud hosts is insufficient. Hosting control panels can be breached, datacenter employees can be tricked into providing access, security vulnerabilities in the physical computers owned by the hosts can be hacked, network traffic can be monitored, and no system is completely secure if physical access isn’t controlled.

Since PROHASHING opened, it has always self-hosted its systems to provide the highest level of security to customers, and every cryptocurrency company’s security strategy must include self-hosting as part of a comprehensive security strategy.

Found this post useful? Share it!