Security Setup / DONE
Attention: Our team is not responsible for any losses incurred as a result of hacking. Therefore, we strongly recommend using cold wallets and avoiding storing all your funds with an exchange service to prevent significant losses.
Security Recommendations
Do not install third-party software on your device (from which you access the admin panel), even if it is from an app store. The application must have a good reputation.
Use IP access restrictions for accessing the admin panel. If you have a dynamic IP, set up your personal VPN with a stable IP.
Check the reputation of service providers! Never send funds first to providers who are unfamiliar to you. Using a guarantee service (only trusted guarantor services) is better. Also, feel free to ask us for advice or assistance with transactions — this is free.
An individual admin account should be created for each administrator/operator.
Specific roles should be created for operators and administrators (if there are several), so that operators have limited access to the functions of the admin panel.
Enable 2FA security for admin panel access.
Follow the instructions outlined in the Server Security Setup section.
Regularly update your software to promptly receive our security updates.
Do not use a password for admin access that you use for other services, and do not store your password with third-party services that you cannot fully trust with sensitive data (for example, we consider 1Password to be a secure service for storing your passwords, but we cannot guarantee the safety of third-party services).
Do not execute code in the developer console without sufficient knowledge of what you are doing—this could expose your authentication data to fraudsters.
Do not install third-party browser plugins.
Do not install third-party scripts into the exchanger-admin-web repository.
Do not open ports for MongoDB, Redis, SSH, FTP, or API for external access. It is better to use an SSH tunnel to access service data.
Additionally, for SSH, use UFW or similar rules to restrict server access only from your IP.
Do not share your admin panel login details with third parties. Our support team will never contact you asking for login details.
Only set up automatic payouts for payment directions you are confident in.
Last updated