chasedg1 (OP)
Newbie
 Offline
Activity: 27
Merit: 0
|
 |
March 13, 2018, 02:07:00 AM |
|
Hi guys, I'm a little concerned some of my ASICs were compromised over the last few days. Here are the details..
I currently run close to 100 ASICs, 71 of which are housed under 1 roof/1 IP. I use Awesome Miner through VPN to gain access to my machines. About 3 days ago I noticed a D3 out. I restarted the machine remotely, still nothing. D3s are absolute garbage machines and so I thought it was a machine issue and it just needed a hard reboot (unplugging - sounds strange but again, garbage). The next day I had 2 more go out, and today 10 more. I started looking into the problem more closely and noticed that my pool configs were changed on all of my L3s and D3s but thankfully not on my S9s. The strange part here is that the pool that the settings were changed to was a BTC pool so the machines just weren't hashing. Another strange thing is that the machines were not immediately rebooted to change the settings so the pool configs didn't take effect until Awesome Miner rebooted them for one of my rules I had set in place. The pool that the machines were changed to is:
stratum+tcp://c11.mine.ahashpool.com:3573
Worker is left blank
Password: c=BTC
The good thing is that a firmware upgrade will allow me to change the pool settings back to my configuration. The unfortunate part is that even after the firmware upgrade, the machine will eventually revert back to stratum+tcp://c11.mine.ahashpool.com:3573 if a reboot is needed
Admittedly my miners were set to default passwords but my security at my offsite location was, imo, great.
Has anyone else experienced this? Could this be an AwesomeMiner security issue? I want to note that I love AwesomeMiner. It makes my life so much easier but this seems like the more likely scenario if this was indeed a hack.
How can I get control of my miners?
Thanks,
|
|
|
|
|
|
puwaha
|
|
March 13, 2018, 03:31:10 AM |
|
Do you use the web interface to Awesome Miner? If so, change the port and reset all passwords to very long tough passwords. Do you have multiple accounts in Awesome Miner?
Do you use the cloud service with Awesome Miner? Change the passwords there as well.
Now, the remote site... what kind of firewall do you have there protecting your machines from the internet? What ports do you have opened or forwarded?
|
|
|
|
|
edwardceng
Member
Offline
Activity: 266
Merit: 50
|
|
March 13, 2018, 06:15:49 AM |
|
Nothing is really safe when a hardware is connected to the internet always has the vulnerability.
can from Awesominer itself or the hacker doing access to the configuration page (ASIC) by a brute-force attack on the HTTP port or SSH port. |
|
|
|
|
szafa
|
|
March 13, 2018, 06:37:12 AM |
|
I think you did not do by yourself otherwise owner change conf awesominer.
|
|
|
|
|
chasedg1 (OP)
Newbie
Offline
Activity: 27
Merit: 0
|
|
March 13, 2018, 07:27:27 PM |
|
Do you use the web interface to Awesome Miner? If so, change the port and reset all passwords to very long tough passwords. Do you have multiple accounts in Awesome Miner?
Do you use the cloud service with Awesome Miner? Change the passwords there as well.
Now, the remote site... what kind of firewall do you have there protecting your machines from the internet? What ports do you have opened or forwarded?
I do not use the web interface. I only have 1 acct with awesome miner. I do not use cloud service. I do have a firewall in place. No open ports or forwarded ports. Further diagnosing. I reinstalled firmware on miners and changed the password to those 2 miners and this seems to have fixed the issue. Will update if anything changes. I now am fairly certain the vulnerability was through Awesome Miner as that program had full API access. |
|
|
|
|
|
Nexillus
|
|
March 14, 2018, 12:36:42 PM |
|
Do you use the web interface to Awesome Miner? If so, change the port and reset all passwords to very long tough passwords. Do you have multiple accounts in Awesome Miner?
Do you use the cloud service with Awesome Miner? Change the passwords there as well.
Now, the remote site... what kind of firewall do you have there protecting your machines from the internet? What ports do you have opened or forwarded?
I do not use the web interface. I only have 1 acct with awesome miner. I do not use cloud service. I do have a firewall in place. No open ports or forwarded ports. Further diagnosing. I reinstalled firmware on miners and changed the password to those 2 miners and this seems to have fixed the issue. Will update if anything changes. I now am fairly certain the vulnerability was through Awesome Miner as that program had full API access. Are you using Awesome miner from the remote location to control the D3, L3 and S9s ? As with my setup for my farm, I have a controller PC on site that uses Awesomeminer so no API calls leaves the internal LAN and I VPN into the laptop to make changes to any of my rigs. In this setup I fully control traffic in and out via my edge router for security. |
|
|
|
|
chasedg1 (OP)
Newbie
Offline
Activity: 27
Merit: 0
|
|
March 14, 2018, 01:55:22 PM
Last edit: March 15, 2018, 01:53:31 PM by chasedg1 |
|
I'm using the exact same set up with EdgeRouter X. I do use a robust VPN password certificates (more than 20 characters) but not sure if that matters in this situation.
Upon further investigation I allowed Awesome Miner to reconfigure API access to the machines that I reinstalled firmware and changed the root password (keep in mind these 3 miners have been running flawlessly for 24 hours). As soon as I allowed the program access, the miner reconfigured to stratum+tcp://c11.mine.ahashpool.com3573
It's my opinion that the security vulnerability lies in Awesome Miner. I'm going to reach out to the company today. I will post if there are any developments.
|
|
|
|
|
|
Nexillus
|
|
March 14, 2018, 02:57:29 PM |
|
I'm using the exact same set up with EdgeRouter X. I do use a robust VPN password (more than 20 characters) but not sure if that matters in this situation.
Upon further investigation I allowed Awesome Miner to reconfigure API access to the machines that I reinstalled firmware and changed the root password (keep in mind these 3 miners have been running flawlessly for 24 hours). As soon as I allowed the program access, the miner reconfigured to stratum+tcp://c11.mine.ahashpool.com3573
It's my opinion that the security vulnerability lies in Awesome Miner. I'm going to reach out to the company today. I will post if there are any developments.
Please keep us appraised of what you find, I am quite interested. |
|
|
|
|
jbuk1
Newbie
Offline
Activity: 13
Merit: 0
|
|
March 15, 2018, 10:50:20 AM |
|
I'm using the exact same set up with EdgeRouter X. I do use a robust VPN password (more than 20 characters) but not sure if that matters in this situation.
Upon further investigation I allowed Awesome Miner to reconfigure API access to the machines that I reinstalled firmware and changed the root password (keep in mind these 3 miners have been running flawlessly for 24 hours). As soon as I allowed the program access, the miner reconfigured to stratum+tcp://c11.mine.ahashpool.com3573
It's my opinion that the security vulnerability lies in Awesome Miner. I'm going to reach out to the company today. I will post if there are any developments.
Please keep us appraised of what you find, I am quite interested. You have a password to your VPN? Certificates dude. Certificates. |
|
|
|
|
jadefalke
Legendary
Offline
Activity: 1457
Merit: 1014
|
|
March 15, 2018, 02:00:32 PM |
|
I'm using the exact same set up with EdgeRouter X. I do use a robust VPN password (more than 20 characters) but not sure if that matters in this situation.
Upon further investigation I allowed Awesome Miner to reconfigure API access to the machines that I reinstalled firmware and changed the root password (keep in mind these 3 miners have been running flawlessly for 24 hours). As soon as I allowed the program access, the miner reconfigured to stratum+tcp://c11.mine.ahashpool.com3573
It's my opinion that the security vulnerability lies in Awesome Miner. I'm going to reach out to the company today. I will post if there are any developments.
Please keep us appraised of what you find, I am quite interested. You have a password to your VPN? Certificates dude. Certificates. even better is to have more then one Factor for authentication, password+Cert |
|
|
|
|
chasedg1 (OP)
Newbie
Offline
Activity: 27
Merit: 0
|
|
March 15, 2018, 02:01:53 PM |
|
I'm using the exact same set up with EdgeRouter X. I do use a robust VPN password (more than 20 characters) but not sure if that matters in this situation.
Upon further investigation I allowed Awesome Miner to reconfigure API access to the machines that I reinstalled firmware and changed the root password (keep in mind these 3 miners have been running flawlessly for 24 hours). As soon as I allowed the program access, the miner reconfigured to stratum+tcp://c11.mine.ahashpool.com3573
It's my opinion that the security vulnerability lies in Awesome Miner. I'm going to reach out to the company today. I will post if there are any developments.
Please keep us appraised of what you find, I am quite interested. You have a password to your VPN? Certificates dude. Certificates. Thank you for your input.. very helpful. I've made sure to go back and edit my previous reply to note I made a mistake. |
|
|
|
|
|
