Hi,my first post here since a couple years lurking around. Time to give back as much as I can.
This might be just related to CGminerMobileAdapter as I didnt't try MobileMiner with another miner.
https://github.com/Axadiw/CGMinerMobileAdapterI have noticed unusual bandwith usage on all my rigs since I built my last bamt image. I've found an https connection to this suspicious, kind of ghost site, mstheater.org, with a considerable bandwith:
168.62.48.183
Hostname: mstheater.org
MAC Address: a0:f3:c1:8a:d6:a8
Last seen: 2014-03-13 02:31:53 UTC+0000 (7 secs ago)
In: 842,967
Out: 2,049,992
Total: 2,892,959
TCP ports
(1-1 of 1)
Port Service In Out Total SYNs
443 https 842,967 2,049,992 2,892,959 365
UDP ports
The table is empty.
IP protocols
(1-1 of 1)
# Protocol In Out Total
6 tcp 842,967 2,049,992 2,892,959
Looking for the process it cames from, I found PID 3671:
002:~# netstat -tnp | grep 168.62.48.183:443
tcp 0 1 192.168.1.2:35996 168.62.48.183:443 LAST_ACK -
tcp 0 1 192.168.1.2:35999 168.62.48.183:443 LAST_ACK -
tcp 0 1 192.168.1.2:36011 168.62.48.183:443 LAST_ACK -
tcp 0 1 192.168.1.2:36014 168.62.48.183:443 LAST_ACK -
tcp 0 0 192.168.1.2:36068 168.62.48.183:443 CLOSE_WAIT 3671/python
tcp 0 1 192.168.1.2:35969 168.62.48.183:443 LAST_ACK -
tcp 0 1 192.168.1.2:36023 168.62.48.183:443 LAST_ACK -
tcp 0 1 192.168.1.2:35972 168.62.48.183:443 LAST_ACK -
tcp 0 0 192.168.1.2:36069 168.62.48.183:443 ESTABLISHED 3671/python
tcp 0 1 192.168.1.2:36056 168.62.48.183:443 LAST_ACK -
ps aux gives:
root 3671 0.0 0.2 10280 7524 pts/2 Ss+ Mar10 2:13 python /opt/CGMinerMobileAdapter/CGMinerMobileAdapter.py
Strangest thing is I didn't find not even one human written search result referring to this mstheater.org site. WTF?
Maybe the devs or some python or packet inspection ninja can bring us some light?
