Bitcoin Forum
November 14, 2024, 12:27:54 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 [46] 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 »
  Print  
Author Topic: BAMT version 0.5 - Easy USB based mining Linux with farm wide management tools  (Read 324175 times)
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile WWW
June 07, 2012, 06:43:43 PM
 #901

So someone was able to login to my box and create users.  I'm not sure how they did it as I have a rather long root password.  They made multiple users and then fetched a file "gosh.tgz" and extracted it in /tmp/ and /dev/shm/ and /home/<their user>/.bash_history/

The location was different for each user.  gosh contains some scripts and BNC, an IRC bouncer.  They also stuck an entry in root's cron to run a script in /dev/shm/ to clear the user's history.

I'm going to build a new BAMT key, but for now I just looked at the histories of all of the new users (except the one that replaced .bash_history with a folder) to figure out where they stuck files and then deleted all the new users (easy to identify in /etc/passwd) and then edited /etc/sshd_config to only allow root without-password, so now my miner can only be logged into with a key.  

How much of the system was exposed to the internet? Like all ports or were you doing some port forwarding?
port 22 and 80 are all that are open. It's running ufw

I'm guessing they either cracked my root password or somehow broke in through munin.

It was clearly a person and not a script.  There were typos in .bash_history lol.  Things like ";s" instead of "ls"

lodcrappo (OP)
Hero Member
*****
Offline Offline

Activity: 616
Merit: 506


View Profile
June 07, 2012, 06:51:27 PM
 #902

So someone was able to login to my box and create users.  I'm not sure how they did it as I have a rather long root password.  They made multiple users and then fetched a file "gosh.tgz" and extracted it in /tmp/ and /dev/shm/ and /home/<their user>/.bash_history/

The location was different for each user.  gosh contains some scripts and BNC, an IRC bouncer.  They also stuck an entry in root's cron to run a script in /dev/shm/ to clear the user's history.

I'm going to build a new BAMT key, but for now I just looked at the histories of all of the new users (except the one that replaced .bash_history with a folder) to figure out where they stuck files and then deleted all the new users (easy to identify in /etc/passwd) and then edited /etc/sshd_config to only allow root without-password, so now my miner can only be logged into with a key.  

How much of the system was exposed to the internet? Like all ports or were you doing some port forwarding?
port 22 and 80 are all that are open. It's running ufw

I'm guessing they either cracked my root password or somehow broke in through munin.

It was clearly a person and not a script.  There were typos in .bash_history lol.  Things like ";s" instead of "ls"

Well the various scripts and whatnot are certainly not well audited for security flaws.  we don't have the budget for that type of thing Smiley

the good news is that short of disrupting your mining (which hopefully you would notice) there isn't really anything someone can do with a compromised box.  not like we store any actual btc or any credentials that matter on them.  bamt rigs are designed to be "disposable" not indestructible.
tosku
Sr. Member
****
Offline Offline

Activity: 367
Merit: 250



View Profile WWW
June 08, 2012, 11:44:39 AM
 #903

I'm trying out BAMT right now. This far, it works great!

Skude.se/BTC - an easier way to request your daily free coins!
jamesg
VIP
Legendary
*
Offline Offline

Activity: 1358
Merit: 1000


AKA: gigavps


View Profile
June 08, 2012, 03:18:59 PM
 #904

Still looking for a proper fix to the networking thing, by proper I mean without reducing functionality.

Anyone that comes up with one, please let me know and we'll push out a fix.


I experienced the network issue for the last couple days. We fixed it by setting infinite leases for ip addresses. I know this doesn't fix the issue, but it at least keeps miners running.
lodcrappo (OP)
Hero Member
*****
Offline Offline

Activity: 616
Merit: 506


View Profile
June 08, 2012, 05:19:38 PM
 #905

Still looking for a proper fix to the networking thing, by proper I mean without reducing functionality.

Anyone that comes up with one, please let me know and we'll push out a fix.


I experienced the network issue for the last couple days. We fixed it by setting infinite leases for ip addresses. I know this doesn't fix the issue, but it at least keeps miners running.

well crap..  if i remove the network manager that seems to be causing this, the people with wireless devices will cry.  but atm thats the only "fix", besides setting static ips which sucks.

ps did anyone ever get a machine that does this that I can ssh into while it's broke (second nic that works)?


Red Emerald
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile WWW
June 08, 2012, 05:28:58 PM
 #906

So someone was able to login to my box and create users.  I'm not sure how they did it as I have a rather long root password.  They made multiple users and then fetched a file "gosh.tgz" and extracted it in /tmp/ and /dev/shm/ and /home/<their user>/.bash_history/

The location was different for each user.  gosh contains some scripts and BNC, an IRC bouncer.  They also stuck an entry in root's cron to run a script in /dev/shm/ to clear the user's history.

I'm going to build a new BAMT key, but for now I just looked at the histories of all of the new users (except the one that replaced .bash_history with a folder) to figure out where they stuck files and then deleted all the new users (easy to identify in /etc/passwd) and then edited /etc/sshd_config to only allow root without-password, so now my miner can only be logged into with a key.  

How much of the system was exposed to the internet? Like all ports or were you doing some port forwarding?
port 22 and 80 are all that are open. It's running ufw

I'm guessing they either cracked my root password or somehow broke in through munin.

It was clearly a person and not a script.  There were typos in .bash_history lol.  Things like ";s" instead of "ls"

Well the various scripts and whatnot are certainly not well audited for security flaws.  we don't have the budget for that type of thing Smiley

the good news is that short of disrupting your mining (which hopefully you would notice) there isn't really anything someone can do with a compromised box.  not like we store any actual btc or any credentials that matter on them.  bamt rigs are designed to be "disposable" not indestructible.

A new BAMT key is really easy to build, and from now on I'll limit access to root with a key only and not worry about it.  Should have done that for any internet facing box anyways.

I'm thinking the firewall was blocking his BNC bouncer, and that is why he kept trying with new user accounts. 

rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
June 08, 2012, 05:30:05 PM
 #907

A new BAMT key is really easy to build, and from now on I'll limit access to root with a key only and not worry about it.  Should have done that for any internet facing box anyways.

I'm thinking the firewall was blocking his BNC bouncer, and that is why he kept trying with new user accounts. 
Are you going to pastebin his skiddie skripts for our enjoyment?

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile WWW
June 08, 2012, 05:54:49 PM
 #908

A new BAMT key is really easy to build, and from now on I'll limit access to root with a key only and not worry about it.  Should have done that for any internet facing box anyways.

I'm thinking the firewall was blocking his BNC bouncer, and that is why he kept trying with new user accounts. 
Are you going to pastebin his skiddie skripts for our enjoyment?
You can just google search "gosh.tgz" Smiley  Nothing fancy (sadly)

Transisto
Donator
Legendary
*
Offline Offline

Activity: 1731
Merit: 1008



View Profile WWW
June 09, 2012, 11:07:14 PM
 #909

Sorry if repeating the obvious , How can such a simple network connection exist in an enterprise ready OS ?

What is the best way to set a static IP via CLI ?
Inaba
Legendary
*
Offline Offline

Activity: 1260
Merit: 1000



View Profile WWW
June 10, 2012, 02:14:18 AM
 #910

edit /etc/networking files... or ifconfig them

If you're searching these lines for a point, you've probably missed it.  There was never anything there in the first place.
ZPK
Legendary
*
Offline Offline

Activity: 1302
Merit: 1021



View Profile
June 10, 2012, 10:47:09 AM
 #911

when version of bamt with support 7 series ?

Novacoin POS mining only now
Inaba
Legendary
*
Offline Offline

Activity: 1260
Merit: 1000



View Profile WWW
June 10, 2012, 01:25:33 PM
 #912

Version none.

If you're searching these lines for a point, you've probably missed it.  There was never anything there in the first place.
Joshwaa
Hero Member
*****
Offline Offline

Activity: 497
Merit: 500



View Profile
June 10, 2012, 03:57:43 PM
 #913

We have a donation pool going to get a 64-bit release that supports the 7-Series cards. Please donate!
BitMinerN8
Hero Member
*****
Offline Offline

Activity: 626
Merit: 500


Mining since May 2011.


View Profile
June 10, 2012, 04:06:37 PM
 #914

Can anyone comment on the benefits of manually upgrading cgminer to version 2.4.2 vs. just sticking with 2.3.1 which I believe was the last official BAMT fix/updated version. I have BFL's and they are working, I'm just checking to see if there are any noticeable performance gains or fixes worth moving to 2.4.2. Thanks.
asdlsd
Member
**
Offline Offline

Activity: 69
Merit: 10


View Profile
June 10, 2012, 04:31:50 PM
 #915

Can anyone comment on the benefits of manually upgrading cgminer to version 2.4.2 vs. just sticking with 2.3.1 which I believe was the last official BAMT fix/updated version. I have BFL's and they are working, I'm just checking to see if there are any noticeable performance gains or fixes worth moving to 2.4.2. Thanks.

https://bitcointalk.org/index.php?topic=65915.msg873655#msg873655
Inaba
Legendary
*
Offline Offline

Activity: 1260
Merit: 1000



View Profile WWW
June 10, 2012, 05:55:52 PM
 #916

I sent a cgminer update script to be included in bamt, did it never make it in?

If you're searching these lines for a point, you've probably missed it.  There was never anything there in the first place.
lodcrappo (OP)
Hero Member
*****
Offline Offline

Activity: 616
Merit: 506


View Profile
June 11, 2012, 12:02:15 AM
 #917

I sent a cgminer update script to be included in bamt, did it never make it in?

no, i was travelling for a few weeks.  back now, will look at some BAMT things in the next week, including that.
lodcrappo (OP)
Hero Member
*****
Offline Offline

Activity: 616
Merit: 506


View Profile
June 11, 2012, 12:03:46 AM
 #918

We have a donation pool going to get a 64-bit release that supports the 7-Series cards. Please donate!

To be clear, 64 bit and 7 series are two different issues.  Assuming the committed donations come through, we have enough donations for me to purchase a 7 series card, so I'll work on that next.
Joshwaa
Hero Member
*****
Offline Offline

Activity: 497
Merit: 500



View Profile
June 11, 2012, 12:10:50 AM
 #919

Thanks for the clarification. Also if you have 80 BTC in the fund. I will trade for a New Daimond HD7970 Reference if you can not find one cheap(Ill cover shipping if in US). I get deals on them from time to time. Thats why I have 9 of them with more on the way. Just an offer to help out.
lodcrappo (OP)
Hero Member
*****
Offline Offline

Activity: 616
Merit: 506


View Profile
June 11, 2012, 12:13:32 AM
 #920

Thanks for the clarification. Also if you have 80 BTC in the fund. I will trade for a New Daimond HD7970 Reference if you can not find one cheap(Ill cover shipping if in US). I get deals on them from time to time. Thats why I have 9 of them with more on the way. Just an offer to help out.

Sounds good to me.  we should have 80 soon.  anything we can save on the card i'll put towards the next goal.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 [46] 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!