{"id":28604676,"url":"https://github.com/bettis007/btc-magic-guard","last_synced_at":"2026-04-29T19:31:33.035Z","repository":{"id":297114789,"uuid":"995711806","full_name":"bettis007/btc-magic-guard","owner":"bettis007","description":"Uses iptables to block and expose thousands of malicious peers targeting the btc and bch networks right now - June 2025","archived":false,"fork":false,"pushed_at":"2025-06-09T09:02:13.000Z","size":47,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-06-28T01:40:23.777Z","etag":null,"topics":["bitcoin","bitcoin-cash","bitcoin-cash-wallet","bitcoin-wallet","python","python3","scapy","security","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bettis007.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-03T22:43:29.000Z","updated_at":"2025-06-09T09:02:16.000Z","dependencies_parsed_at":"2025-06-04T06:48:00.440Z","dependency_job_id":"61a7eec3-f7c5-49ed-937a-e293959f8107","html_url":"https://github.com/bettis007/btc-magic-guard","commit_stats":null,"previous_names":["bettis007/btc-magic-guard"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/bettis007/btc-magic-guard","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bettis007%2Fbtc-magic-guard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bettis007%2Fbtc-magic-guard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bettis007%2Fbtc-magic-guard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bettis007%2Fbtc-magic-guard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bettis007","download_url":"https://codeload.github.com/bettis007/btc-magic-guard/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bettis007%2Fbtc-magic-guard/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32440845,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-29T18:12:22.909Z","status":"ssl_error","status_checked_at":"2026-04-29T18:11:33.322Z","response_time":110,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bitcoin","bitcoin-cash","bitcoin-cash-wallet","bitcoin-wallet","python","python3","scapy","security","security-tools"],"created_at":"2025-06-11T18:01:25.325Z","updated_at":"2026-04-29T19:31:33.016Z","avatar_url":"https://github.com/bettis007.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# BTC Magik Guard\nUses iptables to block the thousands of malicious peers targeting the btc and bch networks right now - June 2025\n---\nA spectral introduction, whispered in hushed tones:\n\n## Overview\n\nIn the dim glow of midnight’s vigil, **BtcMagicGuardDual** emerges as your tireless sentinel—scrutinizing every packet that dares traverse Bitcoin’s P2P port (8333). It discerns the sacred “magic” from malevolent masqueraders, banishing uninvited miscreants to the void with an iron‐fisted `iptables` decree. When the threshold for misdeeds is but a single trespasser, it strikes without mercy; yet, should you choose a more forgiving arena (THRESHOLD \u003e 1), it tallies infractions in a sliding window before the final verdict.\n\nTwo whispers in the catacombs debate its fate:\n\n* **The Ruthless Executioner** insists on immediate retribution (THRESHOLD = 1), sacrificing nuance for relentless efficiency.\n* **The Circumspect Chronicler** argues that counting sins across a brief history (THRESHOLD \u003e 1) grants flexibility, at the cost of a few extra CPU cycles spent in its dark ledger.\n\nChoose your allegiances, for “magic” waits for no one.\n\n## Features\n\n* **Instant Judgment Mode** (THRESHOLD = 1): One invalid “magic” packet, one iptables ban. No purgatory, no second chances.\n* **Sliding‐Window Tribunals** (THRESHOLD \u003e 1): Records timestamps of miscreant packets, prunes them like a grimoire’s folios, and only seals your fate once the count eclipses the ominous WINDOW\\_SECS.\n* **Dual Protocol Vigilance**: Watches both IPv4 and IPv6 incursions, applying iptables or ip6tables accordingly.\n* **Whitelist Sanctuaries**: IPv4 guardian (10.1.0.7) and IPv6 guardian (2600:1900:4000\\:ebb2:0:5::) remain untouched, as though protected by arcane wards.\n* **Multithreaded Shadow Court**: If you dare set THRESHOLD above 1, a cadre of worker threads processes infractions in parallel, ensuring performance remains unbroken amidst the cacophony.\n* **Eloquent Logging**: Chronicles every invalid overture and each banishment to `/var/log/btc_magic_guard_dual.log` and stdout, in a style as chilling as the stroke of Poe’s quill.\n\n## Prerequisites\n\n* **Root Privileges**: To conjure iptables/ip6tables decrees, this daemon must run under `sudo`.\n* **Python 3.x**: The script employs standard libraries and `scapy` for packet‐sniffing sorcery.\n* **Scapy**: Install via:\n\n  ```bash\n  sudo apt update \u0026\u0026 sudo apt install python3 python3‐pip python3-scapy\n  ```\n* **iptables \u0026 ip6tables**: Already installed in most Linux distributions; indispensable for forging DROP rules.\n\n## Installation\n\n1. **Clone or Copy the Script**\n\n   ```bash\n   cd /opt  \n   sudo git clone \u003cyour‐repo‐url\u003e btc_magic_guard_dual  \n   cd btc_magic_guard_dual  \n   ```\n2. **Ensure Executable Permissions**\n\n   ```bash\n   sudo chmod +x btc_magic_guard_dual.py  \n   ```\n3. **Adjust Ownership (Optional)**\n   If you prefer a custodian other than root:\n\n   ```bash\n   sudo chown root:root btc_magic_guard_dual.py  \n   ```\n\n   …yet it still demands root to harness iptables.\n\n## Configuration\n\nIn the archaic incantations at the script’s helm, you may tailor these runic constants:\n\n* `NETWORK_INTERFACE`: The network interface to inspect (e.g., `\"ens3\"`).\n* `CLIENT_PORT`: The P2P port (default `8333`).\n* `MAGIC_HEADERS`: The canonical 4‐byte Bitcoin magic; meddle at your own risk.\n* `WHITELIST_V4` \u0026 `WHITELIST_V6`: Trusted IP sentinels—add yours to avoid collateral execution.\n* `THRESHOLD`:\n\n  * `1` for instant execution (no threading overhead).\n  * `\u003e 1` for sliding‐window counting (enables multithreaded tribunal).\n* `WINDOW_SECS`: Time window (in seconds) for counting offenses if THRESHOLD \u003e 1.\n* `WORKER_COUNT`: Number of daemon threads to spin up when weighing multiple infractions.\n* `QUEUE_MAXSIZE`: How many infractions may linger in the queue before future miscreants are ignored.\n\nProceed carefully—tweak these variables in the opening lines of `btc_magic_guard_dual.py` before invoking the daemon.\n\n## Usage\n\n1. **Manual Invocation**\n   Summon the sentinel at any twilight hour:\n\n   ```bash\n   sudo ./btc_magic_guard_dual.py\n   ```\n\n   It will announce its watch on stdout:\n\n   ```\n   2025-06-03 16:00:00 [INFO] Starting BitcoinMagicGuardDual on ens3, port=8333, v4‐whitelist=10.1.0.7, v6‐whitelist=2600:1900:4000:ebb2:0:5::, THRESHOLD=1\n   ```\n2. **As a Systemd Daemon**\n   For perpetual vigilance—even beyond your mortal hours—craft a `systemd` unit:\n\n   ```ini\n   [Unit]\n   Description=Bitcoin Magic Guard Dual\n   After=network.target\n\n   [Service]\n   Type=simple\n   ExecStart=/usr/bin/python3 /opt/btc_magic_guard_dual/btc_magic_guard_dual.py\n   Restart=on-failure\n   User=root\n   Group=root\n\n   [Install]\n   WantedBy=multi-user.target\n   ```\n\n   Enable and start:\n\n   ```bash\n   sudo cp btc_magic_guard_dual.service /etc/systemd/system/  \n   sudo systemctl daemon-reload  \n   sudo systemctl enable btc_magic_guard_dual.service  \n   sudo systemctl start btc_magic_guard_dual.service  \n   ```\n\n   Now it prowls your interface from boot to boot, unblinking.\n\n## Logging\n\nEvery affront against Bitcoin’s magic is documented in spectral detail:\n\n* **Invalid Magic Sightings**:\n\n  ```\n  2025-06-03 16:05:22 [INFO] Invalid magic from 203.0.113.42:8333 (v4) → “(garbled_payload…)” (1 in last 1s)\n  ```\n* **Ban Decrees**:\n\n  ```\n  2025-06-03 16:05:22 [WARNING] Blocking 203.0.113.42 → port 8333 (v4)\n  2025-06-03 16:05:22 [INFO] Successfully blocked 203.0.113.42 → 8333\n  ```\n\nLogs pour into `/var/log/btc_magic_guard_dual.log` and spill onto the console. Should you prefer a quieter haunt, redirect stdout/stderr or adjust `LOG_LEVEL` to `WARNING` in the script.\n\n## Caveats \u0026 Contraindications\n\n* **Whitelist Oversight**: Should you omit a legitimate node from your whitelists, it’ll be banished in an instant. Double‐check those IP wards to avoid self‐Banishment.\n* **IPv6 Syntax**: Ensure your IPv6 guardians are in full—no trailing or missing colons—lest the BPF filter misinterpret them and consign innocents to oblivion.\n* **Root is King**: Run as `sudo` or as root, else the daemon will perish under “Permission denied.”\n* **Performance vs. Prudence**: Setting `THRESHOLD=1` renders the fastest execution, but you forfeit multi‐packet scrutiny. If you suspect bursts of borderline traffic rather than outright proscribed junk, set `THRESHOLD\u003e1` to count infractions across `WINDOW_SECS`.\n\n## Firewall Setup\n\nWe’ve included an iptables baseline and Poe-style documentation under `docs/firewall-setup.md`. To lay down your kernel-level wards, run:\n\n```bash\nsudo bash scrolls/reset-firewall.sh\n```\n\n## License \u0026 Wards\n\nDistributed like a forbidden grimoire, this script bears no warranty—neither for spectral protections nor arcane mishaps. Use it at your own risk; it may wall off benign nodes if misconfigured.\n\n```\nMIT License\n© 2025 Sir Bettis\n```\n\nInvoke its power with respect, lest your own transactions be severed by your vigilant wards.\n\n---\n\n**Two opposing whispers conclude:**\n\n* *“Seize every packet at the first sign of ‘magic’ trespass—let no malformed byte elude your grasp.”*\n* *“Patiently observe and record within the window of time, lest you condemn a wayward traveler by a single misinterpreted byte.”*\n\nChoose your path, and let the script serve as your faithful guardian or your exacting scribe.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbettis007%2Fbtc-magic-guard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbettis007%2Fbtc-magic-guard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbettis007%2Fbtc-magic-guard/lists"}