Hi,
I understand that in order to farm more effectively, our farming machine’s router need to open the port / port forward on 8444.
I’m not very tech savvy, but isn’t port forwarding, especially on an announced port number would open yourself to security concerns?
I saw another topic asking about an unknown wallet connecting to their node the other day but I couldn’t seem to find the topic / forgot what the title was.
Thanks in advance.
When you use the internet, devices are connecting to your computer all the time via different ports.
What you need to do is make sure the security of your devices is up to date. Make sure you update your OS and software regularly.
You can read more here: security - How safe is port forwarding in general? - Super User
Thank you for this.
So basically for it to be safer, I need to isolate the network my farming systems are on to reduce security risks, and not use the network that is widely in use by everyone in the house and my IoT devices.
Now it’s back to the safety of the chia farming systems themselves, apparently using a linux box for farming is going to be far safer than something with tons of vulnerability like windows.
Or… god forbid, someone found a vulnerability in the chia farming program and hacked that through the obvious port 8444 
I do think I’m being too paranoid here to think that someone could try and deliberately do stuff like this, my few friends that are also starting to plot and farm, don’t even want to open their ports because of these kinds of worries
Thinking this way is a good thing! I’m glad you are asking these questions. They are very important.
What you can do is set up a VLAN if your router allows it. This way you can segment your network so that your computers using Chia can’t talk to any other devices on your network.
Thank you for the kind words, I hope the topic is helpful for anyone else having the same question
I didn’t knew about VLAN, that’s interesting, it’s just that my router is pretty closed for configuration since somehow (probably from the ISP) it doesn’t allow any secondary routers and only supported bridging.
My plan was to subscribe to another cheap, unmetered connection just for the farming needs and leave it at that.
I guess the worst the attackers can do is steal my private key? or are there any precaution I can do for that?
I personally do not feel opening a single, random port to a single machine on your network is a particularly big risk – but I guess it depends if there are any exploits in the chia farmer GUI. They built it as an Electron (web-based) app in a memory safe language (Python) from my understanding. That is considerably safer than a random C or C++ program, for example.
See
Alright that confirms it, I feel much safer now, thanks ppl!
I have made a second “offline” wallet. I put my XCH there. If the private key of the farmer is exposed, then only the last farmed XCH are on it.
I am too paranoid?
I just don’t feel comfortable to have all my XCH on one machine that is also connected to the net 24/7 and tells the whole world with the open port 8444: “Here are XCH”.
Hi, thank you for the reply, how do you do this? Do you create a new one in the windows GUI, write Down the mnemonics and then remove it from the pc used to create it?
Later then move the winning xch there?
That’s exactly how I did it. I did not delete the private key until I saw that the XCH had arrived.
Thanks a lot, that’s more good ideas for the paranoid people 