Bitcoin Forum
September 25, 2022, 01:32:41 PM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: PSA *Urgent* Secure your Claymore ETH mining rigs NOW  (Read 290 times)
beachbummer (OP)
Full Member
***
Offline Offline

Activity: 252
Merit: 100


View Profile
January 19, 2018, 05:24:51 AM
 #1

There is a botnet that is capable of compromising Claymore ETH mining rigs at default settings. It will change the wallet address to the hacker's.

Please take action to secure your mining rig now. It can be done through the use of a simple command line switch.

https://www.cryptoinfomag.com/2018/01/18/satori-botnet-attack-hijacks-ethereum-from-mining-rigs/
1664112761
Hero Member
*
Offline Offline

Posts: 1664112761

View Profile Personal Message (Offline)

Ignore
1664112761
Reply with quote  #2

1664112761
Report to moderator
1664112761
Hero Member
*
Offline Offline

Posts: 1664112761

View Profile Personal Message (Offline)

Ignore
1664112761
Reply with quote  #2

1664112761
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1664112761
Hero Member
*
Offline Offline

Posts: 1664112761

View Profile Personal Message (Offline)

Ignore
1664112761
Reply with quote  #2

1664112761
Report to moderator
1664112761
Hero Member
*
Offline Offline

Posts: 1664112761

View Profile Personal Message (Offline)

Ignore
1664112761
Reply with quote  #2

1664112761
Report to moderator
1664112761
Hero Member
*
Offline Offline

Posts: 1664112761

View Profile Personal Message (Offline)

Ignore
1664112761
Reply with quote  #2

1664112761
Report to moderator
Gunna01
Sr. Member
****
Offline Offline

Activity: 307
Merit: 251


View Profile
January 19, 2018, 06:22:50 AM
 #2

If you have opened port 3333 on your modem\router and not set a password you deserve it. NO ports should be open to your mining rig, you should VPN to your router or another machine then connect to mining rig
dagarair
Sr. Member
****
Offline Offline

Activity: 853
Merit: 374



View Profile WWW
January 19, 2018, 08:22:56 AM
 #3

If you have opened port 3333 on your modem\router and not set a password you deserve it. NO ports should be open to your mining rig, you should VPN to your router or another machine then connect to mining rig

Truth

4MW Data Center - I BUILT Tongue  - Full story below:
https://bitcointalk.org/index.php?topic=4789787.msg43227027#msg43227027
NameTaken
Hero Member
*****
Offline Offline

Activity: 630
Merit: 502


View Profile
January 19, 2018, 08:41:49 AM
 #4

Code:
masscan -p 3333 --max-rate 99999 -oX botnet.xml 0.0.0.0/0
adaseb
Legendary
*
Offline Offline

Activity: 3164
Merit: 1511



View Profile
January 19, 2018, 08:45:09 AM
 #5

This started happening probably about a year ago.

By default Claymore config makes changing settings disabled to prevent this from happening.

.BEST..CHANGE.███████████████
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
███████████████
..BUY/ SELL CRYPTO..
dragonmike
Hero Member
*****
Offline Offline

Activity: 1274
Merit: 556



View Profile
January 19, 2018, 12:38:32 PM
 #6

If you have opened port 3333 on your modem\router and not set a password you deserve it. NO ports should be open to your mining rig, you should VPN to your router or another machine then connect to mining rig
This is how I understand it too, right?
So the firewall on my router should block any traffic into any port that I haven't specifically opened/forwarded (even using uPnP), correct?

This would affect people having specifically opened and forwarded port 3333 and not set a password in Claymore settings?
MarkAz
Hero Member
*****
Offline Offline

Activity: 687
Merit: 511



View Profile
January 19, 2018, 02:08:43 PM
 #7

Awesome.  I'm shocked that someone who was foolish enough not to change the defaults on Claymore would be competent enough to configure their router to port map to it.  Wink  Maybe this botnet should create a bounty for Claymore to add UPnP support - that would definitely help them get a few more machines.

Really this only must affect very small users, unless they mapped each of their rigs to different ports, and I highly doubt the botnet is portscanning a target, but instead just looking for open machines.  I would also suspect this is targeted more to people colo'ing at traditional datacenters where they have a static IP and their box exposed to the world (as a miner-specific colo is going to presumably have them behind a router/firewall).
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!