Last night, a private chain with 4 nodes was built on the Alibaba Cloud online server. When I came back in the morning, I found that the private chain was running normally, but I checked the system account and found that the balance of 0.10 billion ether disappeared out of thin air. Then the private chain was rebuilt, and after a while, I checked again, and found that the balance of the system account became 0 again at this time. At this time, the system has a total of 1337 blocks. Using the web3j function to query, it is found that a transfer occurs in the 726th block. The query transaction results are as follows:
Query the information of the account 0x6ef57be1168628a2bd6c5788322a41265084408a on the public network:
From this, it can be determined that there are hackers using the geth vulnerability to attack the private chain of the server. I checked online and found the link below. http://www.sohu.com/a/226144088_116815 .
Hackers use geth's RPC vulnerability to attack to transfer the ether in the account. The solution is to set the server value to allow a fixed ip to access this RPC port of the server. Add rules to the security group of Alibaba Cloud server,
Add the security group rules as follows:
Then there is no hacker attacking the private chain so far. Hopefully it's hackers who aren't interested in attacking me anymore.