NomadGroup
|
|
February 13, 2020, 04:10:55 PM |
|
So I contacted the the ISP provider and they confirmed me that I was hacked by WiFi although I’m not sure how since the SSID was hidden.
Hiding an SSID is NOT a security feature. It just keeps the casual person from seeing your network easily. Clients still need to know the SSID and that information is passed in the clear over the air. So anyone sniffing for WiFi can easily see your SSID even though it is hidden. I seriously doubt that a hacker in China was connecting via your WiFi. Make sure your using, at least, WPA2 with a very good and complex key. Disable uPNP and Bonjour and reboot it. If your using a Ubiquity router make sure you disable Ubi Discovery. Os2Sam, I wanted to ask you. How can I check my network for the level of security? What type of software do I need to load up to be able to try to hack my own network even when the SSID is hidden? I thought that it makes it pretty safe when I hide the SSID What other modern safety measures people take these days to protect their network? Thanks! You can download wireshark to scan your network traffic. WPA/2/3 with, a good, high entropy key is important for wifi. uPNP and Bonjour allow apps in your network to open ports in your router, whether its wired or wifi, and gives you NO notification that that was done. Also you can check TCP hardness of your router by using ShieldsUp at grc.com and scanning "All Service Ports" and verifying that all ports are at least closed at best stealthed. Thanks for the information Sam! I will check all of the software that you’ve recommended to me although i barely ever use my laptop and am always on my ipad so Is there any easier way to protect the network like some of those $200 plug and play devices on Amazon such as this one: https://www.amazon.com/GRYPHON-Security-Protection-AI-Intrusion-Detection/dp/B078Z3PTJP/ref=sr_1_7?keywords=secure+network+device&qid=1581610085&sr=8-7Would it do any good to help me get more secured? Thanks!
|
|
|
|
Biffa
Legendary
Offline
Activity: 3234
Merit: 1220
|
|
February 13, 2020, 04:15:55 PM |
|
Just to confirm, Are native segwit bech32 addresses still invalid on KanoPool? Never got an answer, but i tried setting up one recently and it apparently works now. Can anybody else confirm using bech32 (bc1q+) addresses with this pool are working correctly and receiving payments? From Discord: "Anyone who wants to use a bech32 on their account as their payout address, that's now enabled i.e. a bc1 address. It follows the standard rules that it must be all UPPER or all lower case, but I store it in the DB in lowercase. However, you can't mine directly to a bc1 address." And from here: For those wanting this, you can now set a bech32/bc1 'address' as your account payout address. It has the usual rules on input of all UPPER or all lower case, but is stored internally and displayed as all lower case.
|
|
|
|
Biffa
Legendary
Offline
Activity: 3234
Merit: 1220
|
|
February 13, 2020, 04:18:40 PM |
|
So I contacted the the ISP provider and they confirmed me that I was hacked by WiFi although I’m not sure how since the SSID was hidden.
Hiding an SSID is NOT a security feature. It just keeps the casual person from seeing your network easily. Clients still need to know the SSID and that information is passed in the clear over the air. So anyone sniffing for WiFi can easily see your SSID even though it is hidden. I seriously doubt that a hacker in China was connecting via your WiFi. Make sure your using, at least, WPA2 with a very good and complex key. Disable uPNP and Bonjour and reboot it. If your using a Ubiquity router make sure you disable Ubi Discovery. Os2Sam, I wanted to ask you. How can I check my network for the level of security? What type of software do I need to load up to be able to try to hack my own network even when the SSID is hidden? I thought that it makes it pretty safe when I hide the SSID What other modern safety measures people take these days to protect their network? Thanks! You can download wireshark to scan your network traffic. WPA/2/3 with, a good, high entropy key is important for wifi. uPNP and Bonjour allow apps in your network to open ports in your router, whether its wired or wifi, and gives you NO notification that that was done. Also you can check TCP hardness of your router by using ShieldsUp at grc.com and scanning "All Service Ports" and verifying that all ports are at least closed at best stealthed. Thanks for the information Sam! I will check all of the software that you’ve recommended to me although i barely ever use my laptop and am always on my ipad so Is there any easier way to protect the network like some of those $200 plug and play devices on Amazon such as this one: https://www.amazon.com/GRYPHON-Security-Protection-AI-Intrusion-Detection/dp/B078Z3PTJP/ref=sr_1_7?keywords=secure+network+device&qid=1581610085&sr=8-7Would it do any good to help me get more secured? Thanks! You would need to replace your existing router with that for it to help.
|
|
|
|
NomadGroup
|
|
February 13, 2020, 04:20:20 PM |
|
2020-02-04 09:00:49 [Error][Alarm-Log] AlarmID:303500,AlarmLevel:Error,DoS attack. Type: smurf. Source IP address: 192.168.1.102. Destination IP address: 192.168.1.255. Source MAC address:
These IP addresses are internal to your network. The 102 address is a machine on your network, the 255 address is the broadcast address of your internal network (the address that something scanning your network for vulnerable hosts would use) What machine on your internal network has the IP address 192.168.1.102 Biffa, since the whole network has been reseted I’m not sure which device it was on 102 but I have some screenshots from the network analyzer by technet app and it had the following letters beside it, green W, red B, purple 6 and a green P. 4 in total. To tell you the truth I’m clueless to what is the meaning of them but even my modem only has 3 at this moment as well as my ipad from which I control everything on the network. And I just use this paid App Network Analyzer to find the miners on my network which have only 2 green letters beside them which is a lightened green color W and a darker color P.
|
|
|
|
NomadGroup
|
|
February 13, 2020, 04:23:07 PM |
|
So I contacted the the ISP provider and they confirmed me that I was hacked by WiFi although I’m not sure how since the SSID was hidden.
Hiding an SSID is NOT a security feature. It just keeps the casual person from seeing your network easily. Clients still need to know the SSID and that information is passed in the clear over the air. So anyone sniffing for WiFi can easily see your SSID even though it is hidden. I seriously doubt that a hacker in China was connecting via your WiFi. Make sure your using, at least, WPA2 with a very good and complex key. Disable uPNP and Bonjour and reboot it. If your using a Ubiquity router make sure you disable Ubi Discovery. Os2Sam, I wanted to ask you. How can I check my network for the level of security? What type of software do I need to load up to be able to try to hack my own network even when the SSID is hidden? I thought that it makes it pretty safe when I hide the SSID What other modern safety measures people take these days to protect their network? Thanks! You can download wireshark to scan your network traffic. WPA/2/3 with, a good, high entropy key is important for wifi. uPNP and Bonjour allow apps in your network to open ports in your router, whether its wired or wifi, and gives you NO notification that that was done. Also you can check TCP hardness of your router by using ShieldsUp at grc.com and scanning "All Service Ports" and verifying that all ports are at least closed at best stealthed. Thanks for the information Sam! I will check all of the software that you’ve recommended to me although i barely ever use my laptop and am always on my ipad so Is there any easier way to protect the network like some of those $200 plug and play devices on Amazon such as this one: https://www.amazon.com/GRYPHON-Security-Protection-AI-Intrusion-Detection/dp/B078Z3PTJP/ref=sr_1_7?keywords=secure+network+device&qid=1581610085&sr=8-7Would it do any good to help me get more secured? Thanks! You would need to replace your existing router with that for it to help. Well you see, I have an optical Huawei Modem and it is a Router all in one. So you think if I connect this device between my modem and the miners I will be safer? Thanks!
|
|
|
|
NomadGroup
|
|
February 13, 2020, 04:25:24 PM |
|
So I contacted the the ISP provider and they confirmed me that I was hacked by WiFi although I’m not sure how since the SSID was hidden.
Hiding an SSID is NOT a security feature. It just keeps the casual person from seeing your network easily. Clients still need to know the SSID and that information is passed in the clear over the air. So anyone sniffing for WiFi can easily see your SSID even though it is hidden. I seriously doubt that a hacker in China was connecting via your WiFi. Make sure your using, at least, WPA2 with a very good and complex key. Disable uPNP and Bonjour and reboot it. If your using a Ubiquity router make sure you disable Ubi Discovery. Os2Sam, I wanted to ask you. How can I check my network for the level of security? What type of software do I need to load up to be able to try to hack my own network even when the SSID is hidden? I thought that it makes it pretty safe when I hide the SSID What other modern safety measures people take these days to protect their network? Thanks! You can download wireshark to scan your network traffic. WPA/2/3 with, a good, high entropy key is important for wifi. uPNP and Bonjour allow apps in your network to open ports in your router, whether its wired or wifi, and gives you NO notification that that was done. Also you can check TCP hardness of your router by using ShieldsUp at grc.com and scanning "All Service Ports" and verifying that all ports are at least closed at best stealthed. Thanks for the information Sam! I will check all of the software that you’ve recommended to me although i barely ever use my laptop and am always on my ipad so Is there any easier way to protect the network like some of those $200 plug and play devices on Amazon such as this one: https://www.amazon.com/GRYPHON-Security-Protection-AI-Intrusion-Detection/dp/B078Z3PTJP/ref=sr_1_7?keywords=secure+network+device&qid=1581610085&sr=8-7Would it do any good to help me get more secured? Thanks! You would need to replace your existing router with that for it to help. Well you see, I have an optical Huawei Modem and it is a Router all in one. So you think if I connect this device between my modem and the miners I will be safer? Thanks! Because I cannot replace the modem which the ISP provided me. All I can do is to bash this one against the wall and tell them ip that it broke by accident and they will bring me a new one for free, that way I will have a new MAC address on i it if that would help.
|
|
|
|
Biffa
Legendary
Offline
Activity: 3234
Merit: 1220
|
|
February 13, 2020, 05:36:37 PM |
|
@Nomadgroup maybe we should take this converstation to the discord chat
|
|
|
|
NotFuzzyWarm
Legendary
Offline
Activity: 3808
Merit: 2698
Evil beware: We have waffles!
|
|
February 13, 2020, 06:31:45 PM |
|
@Nomadgroup maybe we should take this converstation to the discord chat
Ja or at least continue it here in the existing thread about it. It has become seriously OT.
|
|
|
|
MoparMiningLLC
aka Stryfe
Legendary
Online
Activity: 2254
Merit: 2412
EIN: 82-3893490
|
|
February 13, 2020, 07:12:25 PM |
|
agreed - I posted the same link about 10 or so posts back.
|
|
|
|
NomadGroup
|
|
February 13, 2020, 11:40:30 PM |
|
Hey at least there is something to discuss . And I don’t have discord and have no idea how to use it
|
|
|
|
NomadGroup
|
|
February 13, 2020, 11:51:25 PM |
|
Guys anyone got any Bitmain coupons left?
|
|
|
|
NomadGroup
|
|
February 14, 2020, 12:00:05 AM |
|
All right bro, will do.
|
|
|
|
Artemis3
Legendary
Offline
Activity: 2030
Merit: 1573
CLEAN non GPL infringing code made in Rust lang
|
|
February 14, 2020, 04:37:33 AM |
|
Thanks a lot for the information you provided! I really appreciate it! And yes I’ve had one of the worst days in BTC mining this morning when I woke up I found out that the hacker was able to ruin 14 more S9’s!!!!! 14 machines gone in a minute! Apparently he works somewhere in China in the day time when it is night here and I wake up to a surprise! Today’s surprise was SHOCKING! I have already contacted Bitmain for an advice on what to do and if there is a way that I can repair the controllers by uploading a newer firmware because these machines were from 2017-2018. So I will be waiting for their reply as soon as they start their workday. At first he hacked 3 so I just disconnected the router connected to my modem thinking that it was causing the problem, since the SSID wasn’t hidden unlike my modem SSID. But when I realized that 14 more are mining for him this morning I started to dig in the log of the modem itself and found about 22 of these Dos Smurf attacks!!! From February second to today’s morning! 2020-02-04 09:00:49 [Error][Alarm-Log] AlarmID:303500,AlarmLevel:Error,DoS attack. Type: smurf. Source IP address: 192.168.1.102. Destination IP address: 192.168.1.255. Source MAC address: So I contacted the the ISP provider and they confirmed me that I was hacked by WiFi although I’m not sure how since the SSID was hidden. Remotely they have reset everything and I’ve changed all of the passwords. Even on the miners themselves! But I did that yesterday and apparently that didn’t help. Also the modem had a specific check box for preventing these Dos smurf attacks but apparently that didn’t work. I’m closely monitoring the network tonight to see if there will be any more attacks on my modem, because now I just have a few miners running Maybe someone had clicked a wrong link from one of the devices who knows. And I did noticed that the only ones that he wasn’t able to hack (so far) are the last ones that I got so they must have had a newer firmware protecting them from being hacked like that. All my hope is on Bitmain now and that they answer soon and maybe be able to find a solution for me. Start them with a preloaded firmware on a sd card or just try to upload it through my network on them, I really don’t know but I am afraid to even turn the power on the ones that have been compromised now, thinking that if it was hacked then maybe he can hack my whole new reseted network again and I will loose the rest of the miners? Do you think it is safe to connect one of them to my fresh network or I shouldn’t even try? Or what do you think? If the Bitmain won’t be able to help me with a firmware upgrade then I really don’t care what I have to load on a Sd card and where it will mine as long as they just don’t sit around like furniture. Now 17-18 have been ruined! Please let me know your thoughts guys I’d really appreciate if someone with the knowledge be able to give an advice Oh i see they got in using your wifi. I'm sorry to tell you this, maybe its not common knowledge? hiding the SSID (not broadcasting its name), or using the wifi's mac address whitelist doesn't stop people from getting in. Only a good password and WPA2 (now WPA3) helps. I for example use a random generated 63 char (the max wpa2 takes) and make a qrcode of that. Well i guess people normally never try the security tools involved but let me tell you if your wifi is ON it can be picked up by anything in range (and range can be improved with directional antennas). Never use simple passwords anywhere, go ahead and try a password manager (that is, a Free and Open Source program such as KeePassXC to manage your passwords, NOT any sort of online site or service). Bitmain should point you to their SD recovery procedure and if that doesn't work you would have to purchase controllers or switch pools (if the bOS thing worked, sometimes the controller also refuses to boot from SD (jumper jp4). I would guess you never changed your SSH password on these (2017/18) and they used the default (root or admin). Definitely isolate your miners from your family network.
|
█████████████████████████ ██████████████████████████ ██████████████████████████ ███████████████████████████ | BRAIINS OS+| | AUTOTUNING MINING FIRMWARE| | Increase hashrate on your Bitcoin ASICs, improve efficiency as much as 25%, and get 0% pool fees on Braiins Pool | |
|
|
|
vickersja
Member
Offline
Activity: 210
Merit: 34
To be the man, you gotta beat the man...... WOOOOO
|
|
February 14, 2020, 01:37:19 PM |
|
Hopefully we can discuss the block we find soon. I am new here but 1430 hours seems like quite the dry spell.
|
|
|
|
MoparMiningLLC
aka Stryfe
Legendary
Online
Activity: 2254
Merit: 2412
EIN: 82-3893490
|
|
February 14, 2020, 01:42:43 PM |
|
Hopefully we can discuss the block we find soon. I am new here but 1430 hours seems like quite the dry spell.
if you look at the https://kano.is/index.php?k=blocks page - you will see our luck is a little higher than 100% for the past 5 but for any other count, we are under 100% and overall (like 2500 blocks) the pool is at 101% so that is pretty good. that said, I do hope it is soon lol
|
|
|
|
NomadGroup
|
|
February 17, 2020, 02:02:44 PM |
|
Just so you know guys, I was able to repair all of the miners affected by the virus. Apparently it was a poisoned controller that I got from a friend which bought a bunch of them on the EBay from some guy that was selling bunch of them. Thanks all for support!!! Mine on Comrades!
|
|
|
|
clgrissom3
Legendary
Offline
Activity: 1722
Merit: 1032
Carl, aka Sonny :)
|
|
February 18, 2020, 05:33:17 PM |
|
Just so you know guys, I was able to repair all of the miners affected by the virus. Apparently it was a poisoned controller that I got from a friend which bought a bunch of them on the EBay from some guy that was selling bunch of them. Thanks all for support!!! Mine on Comrades! Good job! That had to be a PIA to deal with...
|
|
|
|
NotFuzzyWarm
Legendary
Offline
Activity: 3808
Merit: 2698
Evil beware: We have waffles!
|
|
February 18, 2020, 06:16:06 PM |
|
I do hope that your friend who bought the miners reported the issue with them to the seller and eBay (though the seller may have been who intentionally did the infection).
|
|
|
|
NomadGroup
|
|
February 20, 2020, 05:10:02 AM |
|
I do hope that your friend who bought the miners reported the issue with them to the seller and eBay (though the seller may have been who intentionally did the infection).
Actually he tried to get his money back because he bought 50 hashing cards and not a single one worked as well as 10 controllers out of which only like 2 units were working and the one that he gave me was the infected one. And no it wasn’t my friend, if you’re wondering, he I clueless of these kind of things and just has like 15 s9’s running. But he wasn’t able to check the cards for like 3 months and when he finally did it was too late to ask EBay for any help. $1200 thrown away! He is still pissed and he wanted to do something to take this guy off the EBay. It’s some guy from Canada, he sells them by 10 units now before he was selling by 50. You think EBay would really listen if he was to report this seller and actually do something? I doubt it to tell you the truth. The sellers name is “mrinjenari”. Stay away from him!
|
|
|
|
PassThePopcorn
|
|
February 20, 2020, 02:13:48 PM |
|
I do hope that your friend who bought the miners reported the issue with them to the seller and eBay (though the seller may have been who intentionally did the infection).
Actually he tried to get his money back because he bought 50 hashing cards and not a single one worked as well as 10 controllers out of which only like 2 units were working and the one that he gave me was the infected one. And no it wasn’t my friend, if you’re wondering, he I clueless of these kind of things and just has like 15 s9’s running. But he wasn’t able to check the cards for like 3 months and when he finally did it was too late to ask EBay for any help. $1200 thrown away! He is still pissed and he wanted to do something to take this guy off the EBay. It’s some guy from Canada, he sells them by 10 units now before he was selling by 50. You think EBay would really listen if he was to report this seller and actually do something? I doubt it to tell you the truth. The sellers name is “mrinjenari”. Stay away from him! Well he admitted it was his fault eBay did nothing. If you expect to order something let it sit for 3 months then think let me test this and expect the seller to honor a DOA unit months past the delivery date you are crazy. Yes odds are the seller was trying to scam but it should have been tested the day it arrived.
|
|
|
|
|