Bitcoin Forum
November 23, 2017, 05:42:18 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 [46] 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 »
  Print  
Author Topic: BAMT version 0.5 - Easy USB based mining Linux with farm wide management tools  (Read 322306 times)
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
June 07, 2012, 06:43:43 PM
 #901

So someone was able to login to my box and create users.  I'm not sure how they did it as I have a rather long root password.  They made multiple users and then fetched a file "gosh.tgz" and extracted it in /tmp/ and /dev/shm/ and /home/<their user>/.bash_history/

The location was different for each user.  gosh contains some scripts and BNC, an IRC bouncer.  They also stuck an entry in root's cron to run a script in /dev/shm/ to clear the user's history.

I'm going to build a new BAMT key, but for now I just looked at the histories of all of the new users (except the one that replaced .bash_history with a folder) to figure out where they stuck files and then deleted all the new users (easy to identify in /etc/passwd) and then edited /etc/sshd_config to only allow root without-password, so now my miner can only be logged into with a key.  

How much of the system was exposed to the internet? Like all ports or were you doing some port forwarding?
port 22 and 80 are all that are open. It's running ufw

I'm guessing they either cracked my root password or somehow broke in through munin.

It was clearly a person and not a script.  There were typos in .bash_history lol.  Things like ";s" instead of "ls"

1511458938
Hero Member
*
Offline Offline

Posts: 1511458938

View Profile Personal Message (Offline)

Ignore
1511458938
Reply with quote  #2

1511458938
Report to moderator
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511458938
Hero Member
*
Offline Offline

Posts: 1511458938

View Profile Personal Message (Offline)

Ignore
1511458938
Reply with quote  #2

1511458938
Report to moderator
1511458938
Hero Member
*
Offline Offline

Posts: 1511458938

View Profile Personal Message (Offline)

Ignore
1511458938
Reply with quote  #2

1511458938
Report to moderator
1511458938
Hero Member
*
Offline Offline

Posts: 1511458938

View Profile Personal Message (Offline)

Ignore
1511458938
Reply with quote  #2

1511458938
Report to moderator
lodcrappo
Hero Member
*****
Offline Offline

Activity: 616


View Profile
June 07, 2012, 06:51:27 PM
 #902

So someone was able to login to my box and create users.  I'm not sure how they did it as I have a rather long root password.  They made multiple users and then fetched a file "gosh.tgz" and extracted it in /tmp/ and /dev/shm/ and /home/<their user>/.bash_history/

The location was different for each user.  gosh contains some scripts and BNC, an IRC bouncer.  They also stuck an entry in root's cron to run a script in /dev/shm/ to clear the user's history.

I'm going to build a new BAMT key, but for now I just looked at the histories of all of the new users (except the one that replaced .bash_history with a folder) to figure out where they stuck files and then deleted all the new users (easy to identify in /etc/passwd) and then edited /etc/sshd_config to only allow root without-password, so now my miner can only be logged into with a key.  

How much of the system was exposed to the internet? Like all ports or were you doing some port forwarding?
port 22 and 80 are all that are open. It's running ufw

I'm guessing they either cracked my root password or somehow broke in through munin.

It was clearly a person and not a script.  There were typos in .bash_history lol.  Things like ";s" instead of "ls"

Well the various scripts and whatnot are certainly not well audited for security flaws.  we don't have the budget for that type of thing Smiley

the good news is that short of disrupting your mining (which hopefully you would notice) there isn't really anything someone can do with a compromised box.  not like we store any actual btc or any credentials that matter on them.  bamt rigs are designed to be "disposable" not indestructible.
tosku
Sr. Member
****
Offline Offline

Activity: 368



View Profile WWW
June 08, 2012, 11:44:39 AM
 #903

I'm trying out BAMT right now. This far, it works great!

Skude.se/BTC - an easier way to request your daily free coins!
jamesg
VIP
Legendary
*
Offline Offline

Activity: 1358


AKA: gigavps


View Profile
June 08, 2012, 03:18:59 PM
 #904

Still looking for a proper fix to the networking thing, by proper I mean without reducing functionality.

Anyone that comes up with one, please let me know and we'll push out a fix.


I experienced the network issue for the last couple days. We fixed it by setting infinite leases for ip addresses. I know this doesn't fix the issue, but it at least keeps miners running.
lodcrappo
Hero Member
*****
Offline Offline

Activity: 616


View Profile
June 08, 2012, 05:19:38 PM
 #905

Still looking for a proper fix to the networking thing, by proper I mean without reducing functionality.

Anyone that comes up with one, please let me know and we'll push out a fix.


I experienced the network issue for the last couple days. We fixed it by setting infinite leases for ip addresses. I know this doesn't fix the issue, but it at least keeps miners running.

well crap..  if i remove the network manager that seems to be causing this, the people with wireless devices will cry.  but atm thats the only "fix", besides setting static ips which sucks.

ps did anyone ever get a machine that does this that I can ssh into while it's broke (second nic that works)?


Red Emerald
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
June 08, 2012, 05:28:58 PM
 #906

So someone was able to login to my box and create users.  I'm not sure how they did it as I have a rather long root password.  They made multiple users and then fetched a file "gosh.tgz" and extracted it in /tmp/ and /dev/shm/ and /home/<their user>/.bash_history/

The location was different for each user.  gosh contains some scripts and BNC, an IRC bouncer.  They also stuck an entry in root's cron to run a script in /dev/shm/ to clear the user's history.

I'm going to build a new BAMT key, but for now I just looked at the histories of all of the new users (except the one that replaced .bash_history with a folder) to figure out where they stuck files and then deleted all the new users (easy to identify in /etc/passwd) and then edited /etc/sshd_config to only allow root without-password, so now my miner can only be logged into with a key.  

How much of the system was exposed to the internet? Like all ports or were you doing some port forwarding?
port 22 and 80 are all that are open. It's running ufw

I'm guessing they either cracked my root password or somehow broke in through munin.

It was clearly a person and not a script.  There were typos in .bash_history lol.  Things like ";s" instead of "ls"

Well the various scripts and whatnot are certainly not well audited for security flaws.  we don't have the budget for that type of thing Smiley

the good news is that short of disrupting your mining (which hopefully you would notice) there isn't really anything someone can do with a compromised box.  not like we store any actual btc or any credentials that matter on them.  bamt rigs are designed to be "disposable" not indestructible.

A new BAMT key is really easy to build, and from now on I'll limit access to root with a key only and not worry about it.  Should have done that for any internet facing box anyways.

I'm thinking the firewall was blocking his BNC bouncer, and that is why he kept trying with new user accounts. 

rjk
Sr. Member
****
Offline Offline

Activity: 434


1ngldh


View Profile
June 08, 2012, 05:30:05 PM
 #907

A new BAMT key is really easy to build, and from now on I'll limit access to root with a key only and not worry about it.  Should have done that for any internet facing box anyways.

I'm thinking the firewall was blocking his BNC bouncer, and that is why he kept trying with new user accounts. 
Are you going to pastebin his skiddie skripts for our enjoyment?

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
June 08, 2012, 05:54:49 PM
 #908

A new BAMT key is really easy to build, and from now on I'll limit access to root with a key only and not worry about it.  Should have done that for any internet facing box anyways.

I'm thinking the firewall was blocking his BNC bouncer, and that is why he kept trying with new user accounts. 
Are you going to pastebin his skiddie skripts for our enjoyment?
You can just google search "gosh.tgz" Smiley  Nothing fancy (sadly)

Transisto
Donator
Legendary
*
Offline Offline

Activity: 1731



View Profile WWW
June 09, 2012, 11:07:14 PM
 #909

Sorry if repeating the obvious , How can such a simple network connection exist in an enterprise ready OS ?

What is the best way to set a static IP via CLI ?
Inaba
Legendary
*
Offline Offline

Activity: 1260



View Profile WWW
June 10, 2012, 02:14:18 AM
 #910

edit /etc/networking files... or ifconfig them

If you're searching these lines for a point, you've probably missed it.  There was never anything there in the first place.
ZPK
Legendary
*
Offline Offline

Activity: 1302



View Profile
June 10, 2012, 10:47:09 AM
 #911

when version of bamt with support 7 series ?

Novacoin POS mining only now
Inaba
Legendary
*
Offline Offline

Activity: 1260



View Profile WWW
June 10, 2012, 01:25:33 PM
 #912

Version none.

If you're searching these lines for a point, you've probably missed it.  There was never anything there in the first place.
Joshwaa
Hero Member
*****
Offline Offline

Activity: 452



View Profile
June 10, 2012, 03:57:43 PM
 #913

We have a donation pool going to get a 64-bit release that supports the 7-Series cards. Please donate!

Like what I said : 1JosHWaA2GywdZo9pmGLNJ5XSt8j7nzNiF
Don't like what I said : 1FuckU1u89U9nBKQu4rCHz16uF4RhpSTV
Don't Like BFL's Project Management : 1FuckbFLZpmWLuyHyFJw1RGkWm3yRM1L5D
BitMinerN8
Hero Member
*****
Offline Offline

Activity: 584


Mining since May 2011.


View Profile
June 10, 2012, 04:06:37 PM
 #914

Can anyone comment on the benefits of manually upgrading cgminer to version 2.4.2 vs. just sticking with 2.3.1 which I believe was the last official BAMT fix/updated version. I have BFL's and they are working, I'm just checking to see if there are any noticeable performance gains or fixes worth moving to 2.4.2. Thanks.
asdlsd
Member
**
Offline Offline

Activity: 69


View Profile
June 10, 2012, 04:31:50 PM
 #915

Can anyone comment on the benefits of manually upgrading cgminer to version 2.4.2 vs. just sticking with 2.3.1 which I believe was the last official BAMT fix/updated version. I have BFL's and they are working, I'm just checking to see if there are any noticeable performance gains or fixes worth moving to 2.4.2. Thanks.

https://bitcointalk.org/index.php?topic=65915.msg873655#msg873655
Inaba
Legendary
*
Offline Offline

Activity: 1260



View Profile WWW
June 10, 2012, 05:55:52 PM
 #916

I sent a cgminer update script to be included in bamt, did it never make it in?

If you're searching these lines for a point, you've probably missed it.  There was never anything there in the first place.
lodcrappo
Hero Member
*****
Offline Offline

Activity: 616


View Profile
June 11, 2012, 12:02:15 AM
 #917

I sent a cgminer update script to be included in bamt, did it never make it in?

no, i was travelling for a few weeks.  back now, will look at some BAMT things in the next week, including that.
lodcrappo
Hero Member
*****
Offline Offline

Activity: 616


View Profile
June 11, 2012, 12:03:46 AM
 #918

We have a donation pool going to get a 64-bit release that supports the 7-Series cards. Please donate!

To be clear, 64 bit and 7 series are two different issues.  Assuming the committed donations come through, we have enough donations for me to purchase a 7 series card, so I'll work on that next.
Joshwaa
Hero Member
*****
Offline Offline

Activity: 452



View Profile
June 11, 2012, 12:10:50 AM
 #919

Thanks for the clarification. Also if you have 80 BTC in the fund. I will trade for a New Daimond HD7970 Reference if you can not find one cheap(Ill cover shipping if in US). I get deals on them from time to time. Thats why I have 9 of them with more on the way. Just an offer to help out.

Like what I said : 1JosHWaA2GywdZo9pmGLNJ5XSt8j7nzNiF
Don't like what I said : 1FuckU1u89U9nBKQu4rCHz16uF4RhpSTV
Don't Like BFL's Project Management : 1FuckbFLZpmWLuyHyFJw1RGkWm3yRM1L5D
lodcrappo
Hero Member
*****
Offline Offline

Activity: 616


View Profile
June 11, 2012, 12:13:32 AM
 #920

Thanks for the clarification. Also if you have 80 BTC in the fund. I will trade for a New Daimond HD7970 Reference if you can not find one cheap(Ill cover shipping if in US). I get deals on them from time to time. Thats why I have 9 of them with more on the way. Just an offer to help out.

Sounds good to me.  we should have 80 soon.  anything we can save on the card i'll put towards the next goal.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 [46] 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!