LNbits v0.10.9: New Security Features 🎉
1270 sats \ 4 comments \ @AR0w 4 Jul 2023 bitcoin

LNbits v0.10.9: New Security Features
— Jul 4, 2023
LNbits is free and open-source Lightning wallet and accounts system that comes with a variety of useful plugins and integrations.
  • "In this release, we introduce a whole suite of new security features to harden your LNbits instance."
  • "Our goal is to make these features accessible and keep every instance as safe as possible to protect user funds from possible security breaches."

What's new
  • New security panel. "You will find a new Security panel in your Manage Server AdminUI that you can access as the super user. All features are opt-in and are also accessible via the LNbits API."
  • The panel consists of six components: 1) server logs 2) IP blocker 3) Rate limiter 4) Security notifications 5) Killswitch 6) Watchdog.
  • Server logs. **"**You can now directly view the logs of your LNbits instance from the admin UI. This will allow users to observe the activity of your instance and identify issues without having to log into a shell."
  • IP blocker. "The IP blocker allows you to add IP addresses that you would like to block from accessing your instance."
  • Rate limiter. "The built-in rate limiter protects your instance better from denial-of-service attacks. You can set the number of requests per time unit you want to allow."
  • Security notifications. "The new notifications area will show you updates from the LNbits team to notify you about new version releases and any warnings we might want to issue. The updates are polled from a GitHub repository, so you don't leak your IP to us. This is an opt-in feature."
  • Killswitch. "We have built a security mechanism that allows us to temporarily disable your LNbits instance from making any payments until you restart it. This feature is only intended to protect users from loss of funds in the event of a security incident. We will trigger the killswitch only if we discover critical exploits. The updates are polled from a GitHub repository, so you don't leak your IP to us. This is an opt-in feature."
  • Watchdog (coming soon). "Watchdog is a service that runs periodic checks against your node's balance and your LNbits instance's balance. If it detects deviations between the two up to a certain margin, it will disable all payments until you turn it off again. Please note that we have disabled this feature for now and will enable it shortly after rigorous testing."

Other changes
  • Updates for Wallet UI.
  • Improves Extension manager.
  • Improves testing on regtest.
  • Hides super_user ID to prevent leaks.
  • Precommit checks for developers.

New Contributors
Full Changelog: 0.10.8...0.10.9
GitHub Repo
Source
write
preview
related posts
3 sats \ 0 replies \ @kenn_b 4 Jul 2023
excellent. well done team
reply
0 sats \ 0 replies \ @heidi 5 Jul 2023
Love the security panel.
reply
0 sats \ 0 replies \ @zeRealSchlausKwab 5 Jul 2023
Nice, security features like rate limiters are super important when you are exposing invoices/withdrawals to the web. I had to learn this the hard way.
Can somebody point me to a repo that uses the lnbits api to do internal transactions (eg. 1000 sats from wallet A of user B to wallet C of user D).
reply
0 sats \ 0 replies \ @SovranSystems 5 Jul 2023
Great job!
reply