Bitcoin Forum
April 28, 2017, 12:35:02 PM *
News: Latest stable version of Bitcoin Core: 0.14.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 [46] 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 »
  Print  
Author Topic: BAMT version 0.5 - Easy USB based mining Linux with farm wide management tools  (Read 309242 times)
BitMinerN8
Hero Member
*****
Offline Offline

Activity: 626


Mining since May 2011.


View Profile
June 07, 2012, 06:41:15 PM
 #901

So someone was able to login to my box and create users.  I'm not sure how they did it as I have a rather long root password.  They made multiple users and then fetched a file "gosh.tgz" and extracted it in /tmp/ and /dev/shm/ and /home/<their user>/.bash_history/

The location was different for each user.  gosh contains some scripts and BNC, an IRC bouncer.  They also stuck an entry in root's cron to run a script in /dev/shm/ to clear the user's history.

I'm going to build a new BAMT key, but for now I just looked at the histories of all of the new users (except the one that replaced .bash_history with a folder) to figure out where they stuck files and then deleted all the new users (easy to identify in /etc/passwd) and then edited /etc/sshd_config to only allow root without-password, so now my miner can only be logged into with a key. 

How much of the system was exposed to the internet? Like all ports or were you doing some port forwarding?
1493382902
Hero Member
*
Offline Offline

Posts: 1493382902

View Profile Personal Message (Offline)

Ignore
1493382902
Reply with quote  #2

1493382902
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1493382902
Hero Member
*
Offline Offline

Posts: 1493382902

View Profile Personal Message (Offline)

Ignore
1493382902
Reply with quote  #2

1493382902
Report to moderator
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
June 07, 2012, 06:43:43 PM
 #902

So someone was able to login to my box and create users.  I'm not sure how they did it as I have a rather long root password.  They made multiple users and then fetched a file "gosh.tgz" and extracted it in /tmp/ and /dev/shm/ and /home/<their user>/.bash_history/

The location was different for each user.  gosh contains some scripts and BNC, an IRC bouncer.  They also stuck an entry in root's cron to run a script in /dev/shm/ to clear the user's history.

I'm going to build a new BAMT key, but for now I just looked at the histories of all of the new users (except the one that replaced .bash_history with a folder) to figure out where they stuck files and then deleted all the new users (easy to identify in /etc/passwd) and then edited /etc/sshd_config to only allow root without-password, so now my miner can only be logged into with a key.  

How much of the system was exposed to the internet? Like all ports or were you doing some port forwarding?
port 22 and 80 are all that are open. It's running ufw

I'm guessing they either cracked my root password or somehow broke in through munin.

It was clearly a person and not a script.  There were typos in .bash_history lol.  Things like ";s" instead of "ls"

lodcrappo
Hero Member
*****
Offline Offline

Activity: 602


View Profile WWW
June 07, 2012, 06:51:27 PM
 #903

So someone was able to login to my box and create users.  I'm not sure how they did it as I have a rather long root password.  They made multiple users and then fetched a file "gosh.tgz" and extracted it in /tmp/ and /dev/shm/ and /home/<their user>/.bash_history/

The location was different for each user.  gosh contains some scripts and BNC, an IRC bouncer.  They also stuck an entry in root's cron to run a script in /dev/shm/ to clear the user's history.

I'm going to build a new BAMT key, but for now I just looked at the histories of all of the new users (except the one that replaced .bash_history with a folder) to figure out where they stuck files and then deleted all the new users (easy to identify in /etc/passwd) and then edited /etc/sshd_config to only allow root without-password, so now my miner can only be logged into with a key.  

How much of the system was exposed to the internet? Like all ports or were you doing some port forwarding?
port 22 and 80 are all that are open. It's running ufw

I'm guessing they either cracked my root password or somehow broke in through munin.

It was clearly a person and not a script.  There were typos in .bash_history lol.  Things like ";s" instead of "ls"

Well the various scripts and whatnot are certainly not well audited for security flaws.  we don't have the budget for that type of thing Smiley

the good news is that short of disrupting your mining (which hopefully you would notice) there isn't really anything someone can do with a compromised box.  not like we store any actual btc or any credentials that matter on them.  bamt rigs are designed to be "disposable" not indestructible.

If you want to support further development of BAMT (http://bamter.org/):  1PoRYaGS56ksQmK7XXLurW3B2zwCAE8PRc
tosku
Sr. Member
****
Offline Offline

Activity: 368



View Profile WWW
June 08, 2012, 11:44:39 AM
 #904

I'm trying out BAMT right now. This far, it works great!

Skude.se/BTC - an easier way to request your daily free coins!
jamesg
VIP
Legendary
*
Offline Offline

Activity: 1330


AKA: gigavps


View Profile
June 08, 2012, 03:18:59 PM
 #905

Still looking for a proper fix to the networking thing, by proper I mean without reducing functionality.

Anyone that comes up with one, please let me know and we'll push out a fix.


I experienced the network issue for the last couple days. We fixed it by setting infinite leases for ip addresses. I know this doesn't fix the issue, but it at least keeps miners running.
lodcrappo
Hero Member
*****
Offline Offline

Activity: 602


View Profile WWW
June 08, 2012, 05:19:38 PM
 #906

Still looking for a proper fix to the networking thing, by proper I mean without reducing functionality.

Anyone that comes up with one, please let me know and we'll push out a fix.


I experienced the network issue for the last couple days. We fixed it by setting infinite leases for ip addresses. I know this doesn't fix the issue, but it at least keeps miners running.

well crap..  if i remove the network manager that seems to be causing this, the people with wireless devices will cry.  but atm thats the only "fix", besides setting static ips which sucks.

ps did anyone ever get a machine that does this that I can ssh into while it's broke (second nic that works)?



If you want to support further development of BAMT (http://bamter.org/):  1PoRYaGS56ksQmK7XXLurW3B2zwCAE8PRc
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
June 08, 2012, 05:28:58 PM
 #907

So someone was able to login to my box and create users.  I'm not sure how they did it as I have a rather long root password.  They made multiple users and then fetched a file "gosh.tgz" and extracted it in /tmp/ and /dev/shm/ and /home/<their user>/.bash_history/

The location was different for each user.  gosh contains some scripts and BNC, an IRC bouncer.  They also stuck an entry in root's cron to run a script in /dev/shm/ to clear the user's history.

I'm going to build a new BAMT key, but for now I just looked at the histories of all of the new users (except the one that replaced .bash_history with a folder) to figure out where they stuck files and then deleted all the new users (easy to identify in /etc/passwd) and then edited /etc/sshd_config to only allow root without-password, so now my miner can only be logged into with a key.  

How much of the system was exposed to the internet? Like all ports or were you doing some port forwarding?
port 22 and 80 are all that are open. It's running ufw

I'm guessing they either cracked my root password or somehow broke in through munin.

It was clearly a person and not a script.  There were typos in .bash_history lol.  Things like ";s" instead of "ls"

Well the various scripts and whatnot are certainly not well audited for security flaws.  we don't have the budget for that type of thing Smiley

the good news is that short of disrupting your mining (which hopefully you would notice) there isn't really anything someone can do with a compromised box.  not like we store any actual btc or any credentials that matter on them.  bamt rigs are designed to be "disposable" not indestructible.

A new BAMT key is really easy to build, and from now on I'll limit access to root with a key only and not worry about it.  Should have done that for any internet facing box anyways.

I'm thinking the firewall was blocking his BNC bouncer, and that is why he kept trying with new user accounts. 

rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
June 08, 2012, 05:30:05 PM
 #908

A new BAMT key is really easy to build, and from now on I'll limit access to root with a key only and not worry about it.  Should have done that for any internet facing box anyways.

I'm thinking the firewall was blocking his BNC bouncer, and that is why he kept trying with new user accounts. 
Are you going to pastebin his skiddie skripts for our enjoyment?

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
June 08, 2012, 05:54:49 PM
 #909

A new BAMT key is really easy to build, and from now on I'll limit access to root with a key only and not worry about it.  Should have done that for any internet facing box anyways.

I'm thinking the firewall was blocking his BNC bouncer, and that is why he kept trying with new user accounts. 
Are you going to pastebin his skiddie skripts for our enjoyment?
You can just google search "gosh.tgz" Smiley  Nothing fancy (sadly)

Transisto
Donator
Legendary
*
Offline Offline

Activity: 1652



View Profile WWW
June 09, 2012, 11:07:14 PM
 #910

Sorry if repeating the obvious , How can such a simple network connection exist in an enterprise ready OS ?

What is the best way to set a static IP via CLI ?
Inaba
Legendary
*
Offline Offline

Activity: 1260



View Profile WWW
June 10, 2012, 02:14:18 AM
 #911

edit /etc/networking files... or ifconfig them

If you're searching these lines for a point, you've probably missed it.  There was never anything there in the first place.
ZPK
Legendary
*
Offline Offline

Activity: 1302



View Profile
June 10, 2012, 10:47:09 AM
 #912

when version of bamt with support 7 series ?

Novacoin POS mining only now
Inaba
Legendary
*
Offline Offline

Activity: 1260



View Profile WWW
June 10, 2012, 01:25:33 PM
 #913

Version none.

If you're searching these lines for a point, you've probably missed it.  There was never anything there in the first place.
Joshwaa
Hero Member
*****
Offline Offline

Activity: 491



View Profile
June 10, 2012, 03:57:43 PM
 #914

We have a donation pool going to get a 64-bit release that supports the 7-Series cards. Please donate!

Like what I said : 1JosHWaA2GywdZo9pmGLNJ5XSt8j7nzNiF
Don't like what I said : 1FuckU1u89U9nBKQu4rCHz16uF4RhpSTV
Don't Like BFL's Project Management : 1FuckbFLZpmWLuyHyFJw1RGkWm3yRM1L5D
BitMinerN8
Hero Member
*****
Offline Offline

Activity: 626


Mining since May 2011.


View Profile
June 10, 2012, 04:06:37 PM
 #915

Can anyone comment on the benefits of manually upgrading cgminer to version 2.4.2 vs. just sticking with 2.3.1 which I believe was the last official BAMT fix/updated version. I have BFL's and they are working, I'm just checking to see if there are any noticeable performance gains or fixes worth moving to 2.4.2. Thanks.
asdlsd
Member
**
Offline Offline

Activity: 69


View Profile
June 10, 2012, 04:31:50 PM
 #916

Can anyone comment on the benefits of manually upgrading cgminer to version 2.4.2 vs. just sticking with 2.3.1 which I believe was the last official BAMT fix/updated version. I have BFL's and they are working, I'm just checking to see if there are any noticeable performance gains or fixes worth moving to 2.4.2. Thanks.

https://bitcointalk.org/index.php?topic=65915.msg873655#msg873655
Inaba
Legendary
*
Offline Offline

Activity: 1260



View Profile WWW
June 10, 2012, 05:55:52 PM
 #917

I sent a cgminer update script to be included in bamt, did it never make it in?

If you're searching these lines for a point, you've probably missed it.  There was never anything there in the first place.
lodcrappo
Hero Member
*****
Offline Offline

Activity: 602


View Profile WWW
June 11, 2012, 12:02:15 AM
 #918

I sent a cgminer update script to be included in bamt, did it never make it in?

no, i was travelling for a few weeks.  back now, will look at some BAMT things in the next week, including that.

If you want to support further development of BAMT (http://bamter.org/):  1PoRYaGS56ksQmK7XXLurW3B2zwCAE8PRc
lodcrappo
Hero Member
*****
Offline Offline

Activity: 602


View Profile WWW
June 11, 2012, 12:03:46 AM
 #919

We have a donation pool going to get a 64-bit release that supports the 7-Series cards. Please donate!

To be clear, 64 bit and 7 series are two different issues.  Assuming the committed donations come through, we have enough donations for me to purchase a 7 series card, so I'll work on that next.

If you want to support further development of BAMT (http://bamter.org/):  1PoRYaGS56ksQmK7XXLurW3B2zwCAE8PRc
Joshwaa
Hero Member
*****
Offline Offline

Activity: 491



View Profile
June 11, 2012, 12:10:50 AM
 #920

Thanks for the clarification. Also if you have 80 BTC in the fund. I will trade for a New Daimond HD7970 Reference if you can not find one cheap(Ill cover shipping if in US). I get deals on them from time to time. Thats why I have 9 of them with more on the way. Just an offer to help out.

Like what I said : 1JosHWaA2GywdZo9pmGLNJ5XSt8j7nzNiF
Don't like what I said : 1FuckU1u89U9nBKQu4rCHz16uF4RhpSTV
Don't Like BFL's Project Management : 1FuckbFLZpmWLuyHyFJw1RGkWm3yRM1L5D
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 [46] 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!