ANTMINER S1

[boggle]

i looked at the mining pool a few minutes ago and one of my miners was offline... strange i thought, so i checked the miner through the web and someones hacked/changed my worker details are set to btcurl.ch4 they minused off my other workers and this has been added to the ssh-keys


ssh-dss AAAAB3NzaC1kc3MAAACBANPLYv0LbB5IrH4M897uha5h56/XUzkGnY3Rcclw2GO5RaVhaHI43jKBTaAJOVEfO2+9YvemcSXAvFOpvSKjmFSLdKoQMLvZnqQTtsM/Z30/jEDJIXCgJlYKC9yyuWHBk4gar0GOdCvTz6mX6AhnaKy3WG+E9MsIjXMmEmJicK5RAAAAFQCGbWk0HJG2YT/oc5djQxGUu6hNIQAAAIEAznZ2v7fhT4JkxOECq7oe6yKxfUMjVU11YPqIZSQjrT4btN5EVWMGLv1/rQcFIwHQiW1rP+hkS9gDvVlzb3/9tBqJE7tYaAHO8CUhOZiq0GJ/ebMTH7SY6f9DZ+BPjuXwcjPbD16Sp3ri/Bg1rUniPV33HDx+RQtARkNTOudW8UMAAACAFi+1zXYIZ2/I+sL9/nLD1knjRDkVYkZApqp90NF671pt3x0hO+iLfH4hp7eBAX+dG+d52zptdKcTOakK1vwxhjZ1V0j/iqkWIj68urHdzqFnKq4tZEQYr7xsyHAUtafpOWfvjfF9jOHVAmrs1mIOBgh66IaKdXSu8G8ur3jEbDs= btcurl0987@vm-0.btcurl0987.koding.kd.io

only the miner on 192.168.x.99 was compromised, the only computer running on this network is a raspberry pi

where can i get the latest firmware??

 

[Biffa]

i looked at the mining pool a few minutes ago and one of my miners was offline... strange i thought, so i checked the miner through the web and someones hacked/changed my worker details are set to btcurl.ch4 they - off my other workers and this has been added to the ssh-keys


ssh-dss AAAAB3NzaC1kc3MAAACBANPLYv0LbB5IrH4M897uha5h56/XUzkGnY3Rcclw2GO5RaVhaHI43jKBTaAJOVEfO2+9YvemcSXAvFOpvSKjmFSLdKoQMLvZnqQTtsM/Z30/jEDJIXCgJlYKC9yyuWHBk4gar0GOdCvTz6mX6AhnaKy3WG+E9MsIjXMmEmJicK5RAAAAFQCGbWk0HJG2YT/oc5djQxGUu6hNIQAAAIEAznZ2v7fhT4JkxOECq7oe6yKxfUMjVU11YPqIZSQjrT4btN5EVWMGLv1/rQcFIwHQiW1rP+hkS9gDvVlzb3/9tBqJE7tYaAHO8CUhOZiq0GJ/ebMTH7SY6f9DZ+BPjuXwcjPbD16Sp3ri/Bg1rUniPV33HDx+RQtARkNTOudW8UMAAACAFi+1zXYIZ2/I+sL9/nLD1knjRDkVYkZApqp90NF671pt3x0hO+iLfH4hp7eBAX+dG+d52zptdKcTOakK1vwxhjZ1V0j/iqkWIj68urHdzqFnKq4tZEQYr7xsyHAUtafpOWfvjfF9jOHVAmrs1mIOBgh66IaKdXSu8G8ur3jEbDs= btcurl0987@vm-0.btcurl0987.koding.kd.io

only the miner on 192.168.x.99 was compromised, the only computer running on this network is a raspberry pi

where can i get the latest firmware??

 

So you must have ports open from the outside of your network through your router to the miner.

[boggle]

just patched the ports issue and changed IP's and passwords.. still want to update the firmware

[Biffa]

just patched the ports issue and changed IP's and passwords.. still want to update the firmware

I wouldn't bother it just maxes out the CPU and causes problems.

[Biffa]

just patched the ports issue and changed IP's and passwords.. still want to update the firmware

I wouldn't bother it just maxes out the CPU and causes problems.

Also don't open ports from the public internet to your miners, setup a VPN to your firewall and network and do it that way. Don't mess about with this stuff half heartedly.

[boggle]

the miner affected was on the default IP connected with a bunch of others S1's to a hub then to the internet router.
this could happen to someone else?

[loshia]

just patched the ports issue and changed IP's and passwords.. still want to update the firmware

I wouldn't bother it just maxes out the CPU and causes problems.

Also don't open ports from the public internet to your miners, setup a VPN to your firewall and network and do it that way. Don't mess about with this stuff half heartedly.

+1
Unless if there is not some sort of vpn preinstalled on the unit digging a secure tunnel outside your FW
however simple ssh/netstat/ps check will reveal that easily:)
A lot easy will be just to install precompiled cgminer hacked of course which can silently send 10-20% of your shares somewhere
And again simple ssh/netstat will reveal that Or better tcpdump of your router watching closely what the suspect is doing
Conclusion - always compile your images alone or use trustable ones

[slastar]

Probably someone connect via SSH to the Ant and edit cgminer config (/etc/config/cgminer). Some routers have this port open by default.
Go to http://www.yougetsignal.com/tools/open-ports/ and check SSH port (22) is open. If open , close it, and most of all change default password  to the Ant.

[loshia]

Probably someone connect via SSH to the Ant and edit cgminer config (/etc/config/cgminer). Some routers have this port open by default.
Go to http://www.yougetsignal.com/tools/open-ports/ and check SSH port (22) is open. If open , close it, and most of all change default password  to the Ant.

Yeah and they have port forwarding by default pointing to ant ip - nonsense dude

[boggle]

Probably someone connect via SSH to the Ant and edit cgminer config (/etc/config/cgminer). Some routers have this port open by default.
Go to http://www.yougetsignal.com/tools/open-ports/ and check SSH port (22) is open. If open , close it, and most of all change default password  to the Ant.

this is my conclusion as well....

caused by poor security/complacency and leaving passwords on default 

[loshia]

Probably someone connect via SSH to the Ant and edit cgminer config (/etc/config/cgminer). Some routers have this port open by default.
Go to http://www.yougetsignal.com/tools/open-ports/ and check SSH port (22) is open. If open , close it, and most of all change default password  to the Ant.

this is my conclusion as well....

caused by poor security/complacency and leaving passwords on default  

Nonsense dude. Any way just my 2 cents read my post carefully and think.