This board has been archived, no new registrations are allowed. Please come join us on our discord!

Haasbot, VPS, and security

Can't figure out how to get a specific feature working? Ask for help here.
coinflipper
Registered User
Posts: 13
Joined: Thu Nov 16, 2017 11:51 am

Haasbot, VPS, and security

Postby coinflipper » Sat Nov 18, 2017 9:52 pm

I'm a new user and thinking about installing the bot on a (remote) dedicated server. I've seen the chapter "Run Haasbot on a Local Network or VPS" in the Wiki, so I assume this should generally be possible.

Since the dedicated server is not under my direct control (employees from the hosting company can access it, and maybe even hackers in the worst case), I was wondering how the password for logging in into the trade server is transmitted and stored.

Apparently, the bot uses normal http communication, so anybody can intercept the traffic between the browser front-end (on my local computer) and the backend (on the dedicated server). Is the password transmitted encrypted/as hash or in plain text? If plain text is used, is it possible to configure the bot to use https?

Regarding the storage of the password on the dedicated server: it is stored encrypted/as hash or in plain text? The latter case would make it rather easy for 3rd persons to log into the bot. If withdrawal is prohibited by the API keys, then the 3rd person could still conduct stupid buy/sell orders.

And last: what about the API keys, are they stored in a safe way?

chris1
Registered User
Posts: 12
Joined: Sun Oct 04, 2015 3:54 pm

Re: Haasbot, VPS, and security

Postby chris1 » Tue Nov 28, 2017 4:45 pm

Im new here, here is what I have found / my thoughts.
1. username / password are stored as two hashes in MainSettings.xml
2. you should never ever be using an http connection through the internet. It looks like the options are:
* Local server: localhost:8090 (safe)
* Remote server, VPN (safe)
* Remote server, public IP (UNSAFE without encryption)

3. I have been trying to tunnel into an aws EC2, so use localhost over ssh. So far it's worked pretty well, but Im stuck on an issue atm, will update. IMO that would be the most secure of the remote solutions, and possibly the easiest to use.

coinflipper
Registered User
Posts: 13
Joined: Thu Nov 16, 2017 11:51 am

Re: Haasbot, VPS, and security

Postby coinflipper » Tue Nov 28, 2017 5:32 pm

Thanks for the reminder, I will certainly stick to ssh. Unfortunately the bot is currently unusable for me because its buy and sell amounts are more or less random, see this posting: viewtopic.php?f=15&t=1946

At the moment I'm still running the bot locally. Unfortunately the support doesn't answer: do you have any idea how control the orders so they stay within the configured amount?

chris1
Registered User
Posts: 12
Joined: Sun Oct 04, 2015 3:54 pm

Re: Haasbot, VPS, and security

Postby chris1 » Tue Nov 28, 2017 5:46 pm

nope, sorry, just bought it yesterday. Sad to hear the support isnt responsive, Ive got a configuration issue keeping me from running. You would think they would be responsive as they are priced / marketed as the high end product. If they had responsive support behind a plan Id be fine with it.

coinflipper
Registered User
Posts: 13
Joined: Thu Nov 16, 2017 11:51 am

Re: Haasbot, VPS, and security

Postby coinflipper » Tue Nov 28, 2017 10:07 pm

Well, from what I can say so far, the bot seems to work fine. Unfortunately, for someone who doesn't have a trading background like myself, it is definitively not usable out of the box. Once you start to use a trading bot (and not just the pre-configured custom bots), the documentation is too thin if you're not already in the subject. In my case this is especially disappointing because I got all parts of the trade bot configured, even the backtest shows a nice profit. However, in real life, the bot does crazy orders (it buys about twice as much what is configured - and then it does not sell the extra amount it bought previously). As a result, the amount of coins in the respective wallets get totally unrelated to the configured amount - making the bot unusable.


Return to “Help and Support”

Who is online

Users browsing this forum: No registered users and 5 guests