Bitcoin Forum
November 15, 2024, 06:57:13 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Antminer Hacked  (Read 5360 times)
Rovernelson (OP)
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
March 06, 2015, 07:17:45 PM
 #1

So I woke up to a bitch of a morning today it seems someone has managed to hack into my Antminer S4's and program a 4th unseen pool and make it the priority pool. I've reset the miners but minutes later they are hacked again, any ideas how to stop this?
notlist3d
Legendary
*
Offline Offline

Activity: 1456
Merit: 1000



View Profile
March 06, 2015, 07:20:46 PM
 #2

Is this a miner at your house or data center?

To think it happens so quick are you sure you stopped it?
Rovernelson (OP)
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
March 06, 2015, 07:24:31 PM
 #3

It's at a data center using static network settings on public IP's but it is password protected. I've reset the miners and it'll work for awhile and then one by one it seems (I'm guessing the guy is notified of the problem immediately) and the hacked pool is put back up. Not sure at all how to solve this.
Bazeman
Newbie
*
Offline Offline

Activity: 19
Merit: 0


View Profile
March 06, 2015, 09:55:13 PM
 #4

Had it also, my S4 was not behind a router or firewall and ssh password was not changed. Get the S4 image from the 2nd post on the S4 forum, open the S4, get out the mSD an put the image on it by computer. mSD card back in S4, restart and it is ready for you again. Change settings.Change WebGUI and SSH password and have your Antminer behind a decent router/firewall.
Rovernelson (OP)
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
March 07, 2015, 01:59:18 AM
 #5

Thanks for the help guys, I really hate hackers. They are more cowardly than thieves.
I'll get these SD cards re-flashed and change the password and I'll have the data center I'm at put up a firewall for my IP connections.
Any other preventative steps y'all know of?

I re-started my miners earlier and the hacked pool settings disappeared and then two hours later they were back, I almost thought I beat it out of dumb luck for a second ... not so Undecided
Rovernelson (OP)
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
March 07, 2015, 02:56:30 AM
 #6

Well the very second after I had re-flashed the SD card successfully and reconfigured the network settings under a new password, the hacked pool #4 mining at eligius popped back up.
I've figured out (simple because it's eligius) the Eligius profile which is hacking me - http://eligius.st/~wizkid057/newstats/userstats.php/1D8J2tkRbt5R7TNZKdBYdq8qx2aJDFqU1M

Every one of his spikes in hashing power is the hacked units of Antminer S4's that are mine,  five of them to be exact.

https://i.imgur.com/ehg13Oh.png
https://i.imgur.com/ehg13Oh.png
MinerFTW
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250



View Profile
March 07, 2015, 03:00:03 AM
 #7

close api also

▄▄▄████████▄▄▄
▄▄██████████████████▄▄
▄████████████████████████▄
▄████████████████████████████▄
███████████████████████  █████
██
▓███████████████  █  ████████████▓
█████████  ██           ██  ███████
▄█████  ████████  ██████  ███████████▄
████████    ████  ██████  ██  ████████
████████████████  ███ ██  ███         
██████     ████     ████████████████
████████████████  ███ ██████   ██     
▀███████    ████  ███████████████████▀
█████  ████████  ████████████  █████
████████  ██      ████████████████
██████████████████████████  ████
▀████████████████████████████▀
▀██████████████████  ████▀
▀▀██████████████████▀▀
 ▀▀▀████████▀▀▀
FRELDO
Token sales
[ WP ]
Rovernelson (OP)
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
March 07, 2015, 03:02:56 AM
 #8

I'm not sure what you mean?
josef2000
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250


Bro, you need to try http://dadice.com


View Profile WWW
March 07, 2015, 12:32:46 PM
 #9

Are you using a wifi or internet connection without password?

███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
█   ⚂⚄⚀⚃⚅⚁    ██  d a d i c e  ██    Next Generation Dice Game
• Low 1% house edge. • Provably Fair.  
███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
notlist3d
Legendary
*
Offline Offline

Activity: 1456
Merit: 1000



View Profile
March 07, 2015, 05:43:39 PM
 #10

It's at a data center using static network settings on public IP's but it is password protected. I've reset the miners and it'll work for awhile and then one by one it seems (I'm guessing the guy is notified of the problem immediately) and the hacked pool is put back up. Not sure at all how to solve this.

That is a scary situation.  Go to the data center and talk to them.  They should watch it and close holes.
kano
Legendary
*
Offline Offline

Activity: 4620
Merit: 1851


Linux since 1997 RedHat 4


View Profile
May 30, 2015, 01:38:04 AM
 #11

This is a problem with many miners that I have brought up on many occasions and the idiots who make the miners have ignored it.

Bitmain sets the cgminer api to --api-allow W:0/0

This means ANYONE who has network access to your miner can change anything in the settings.

I guess in this case you'll have to login to it and edit the settings manually for --api-allow
I'd suggest you use the settings that my modified S2 firmware defaults to: --api-allow W:127.0.0.1,R:0/0

Of course you could also read the cgminer README about how the API works Smiley
https://github.com/ckolivas/cgminer/blob/master/API-README

... and anyone wondering ... I wrote the cgminer API.

Pool: https://kano.is - low 0.5% fee PPLNS 3 Days - Most reliable Solo with ONLY 0.5% fee   Bitcointalk thread: Forum
Discord support invite at https://kano.is/ Majority developer of the ckpool code - k for kano
The ONLY active original developer of cgminer. Original master git: https://github.com/kanoi/cgminer
n3rvi0zz0
Sr. Member
****
Offline Offline

Activity: 289
Merit: 250


View Profile
June 01, 2015, 06:52:17 PM
 #12

Few months ago i was checking this exactly, with a simple dork to discover the antminers ( i will not write here ) and access to a network with few of them you can open your mine without worries for electricity costs  Grin Grin.

Yes you're not the only one who has told this to Bitmain, this is like the critical updates in the source code of bitcoin, happend after a big hack  Roll Eyes Roll Eyes


edited: the browser used for the test was shodan.

https://bizzilion.com/?ref=n3rvi0zz0

Earn up to 1.5% daily investing in the best platform of internet
crazyearner
Legendary
*
Offline Offline

Activity: 1820
Merit: 1001



View Profile
June 01, 2015, 10:34:34 PM
 #13

I would be going down to the data centa and looking at their security and also filing claim with them for losses and damages for each time it has happened and the amount of down-time it is causing you. I would even look at using another data location if they do not do anything. Is not good for a place to have their servers compromised. Maybe an inside job who knows end of the day it is not good.

=
  R E B E L L I O U S 
  ▄▀▀▀▀▀▄▄                           ▄▄▀▀▀▀▀▄
▄▀        █▄▄                     ▄▄█        ▀▄
█            █████████████████████            █
█▄          ██       ██ ██       ██          ▄█
█        █            █            █        █
  █    █               █               █    █
   █ ██               █ █               ██ █
    █ █               █ █               █ █
    █ ███▄  █████▄   ██ ██   ▄█████  ▄███ █
    █     ███     █         █     ███     █
     █   █   ▀███ █  █   █  █ ███▀   █   █
     █   █      █ █  █   █  █ █      █   █
     █   █      ██  █     █  ██      █   █
      █  █     ██  █       █  ██     █  █
      █  █    ██  █ ███████ █  ██    █  █
      █ ███   ██  █         █  ██   ███ █
       █   ▀███      █   █      ███▀   █
        █     ██       █       ██     █
         █      █   ▄▄███▄▄   █      █
          ███   ███▀       ▀███   ███
             █████           █████
                  ███████████
  ▄▀▀▀▀▀▄▄                           ▄▄▀▀▀▀▀▄
▄▀        █▄▄                     ▄▄█        ▀▄
█            █████████████████████            █
█▄          ██       ██ ██       ██          ▄█
█        █            █            █        █
  █    █               █               █    █
   █ ██               █ █               ██ █
    █ █               █ █               █ █
    █ ███▄  █████▄   ██ ██   ▄█████  ▄███ █
    █     ███     █         █     ███     █
     █   █   ▀███ █  █   █  █ ███▀   █   █
     █   █      █ █  █   █  █ █      █   █
     █   █      ██  █     █  ██      █   █
      █  █     ██  █       █  ██     █  █
      █  █    ██  █ ███████ █  ██    █  █
      █ ███   ██  █         █  ██   ███ █
       █   ▀███      █   █      ███▀   █
        █     ██       █       ██     █
         █      █   ▄▄███▄▄   █      █
          ███   ███▀       ▀███   ███
             █████           █████
                  ███████████
  R E B E L L I O U S
notlist3d
Legendary
*
Offline Offline

Activity: 1456
Merit: 1000



View Profile
June 02, 2015, 12:46:24 AM
 #14

Few months ago i was checking this exactly, with a simple dork to discover the antminers ( i will not write here ) and access to a network with few of them you can open your mine without worries for electricity costs  Grin Grin.

Yes you're not the only one who has told this to Bitmain, this is like the critical updates in the source code of bitcoin, happend after a big hack  Roll Eyes Roll Eyes


edited: the browser used for the test was edit

Why wold you include the browser that you used? No good will come of putting it out there.

I suggest taking it down, pass on findings to Bitmain.  Proper reporting is important.  Going public is not best plan till it is fixed (assuming you found a security issue)
BTI4LIFE
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
June 02, 2015, 12:58:47 AM
 #15

Few months ago i was checking this exactly, with a simple dork to discover the antminers ( i will not write here ) and access to a network with few of them you can open your mine without worries for electricity costs  Grin Grin.

Yes you're not the only one who has told this to Bitmain, this is like the critical updates in the source code of bitcoin, happend after a big hack  Roll Eyes Roll Eyes


edited: the browser used for the test was edit

Why wold you include the browser that you used? No good will come of putting it out there.

I suggest taking it down, pass on findings to Bitmain.  Proper reporting is important.  Going public is not best plan till it is fixed (assuming you found a security issue)


shodan - ninja : now will this help us take down the greedy centralized mining operators? lol ;-)
notlist3d
Legendary
*
Offline Offline

Activity: 1456
Merit: 1000



View Profile
June 02, 2015, 05:33:19 AM
 #16

Few months ago i was checking this exactly, with a simple dork to discover the antminers ( i will not write here ) and access to a network with few of them you can open your mine without worries for electricity costs  Grin Grin.

Yes you're not the only one who has told this to Bitmain, this is like the critical updates in the source code of bitcoin, happend after a big hack  Roll Eyes Roll Eyes


edited: the browser used for the test was edit

Why wold you include the browser that you used? No good will come of putting it out there.

I suggest taking it down, pass on findings to Bitmain.  Proper reporting is important.  Going public is not best plan till it is fixed (assuming you found a security issue)


shodan - ninja : now will this help us take down the greedy centralized mining operators? lol ;-)

I guess hes not going to take it down.  But it is like a google but for security.  It scan's the internet for items and documents them where they are searchable.  I know this as I am actually a security major in my degree.  I got a shiny certificate when I graduated.  It is on my wall and is highest piece of paper Ive ever had Smiley.   I am one of the ethical ones.  I have a very clean record (which is needed when looking for jobs in this field in most cases).

But anyone reading this should really lock down your routers.  As the router is between the internet and your devices.  Do not leave router with default password.  I personally turned off a lot of items after the forum was hacked, it spurred me to harden my network.
n3rvi0zz0
Sr. Member
****
Offline Offline

Activity: 289
Merit: 250


View Profile
June 02, 2015, 01:37:02 PM
 #17

Few months ago i was checking this exactly, with a simple dork to discover the antminers ( i will not write here ) and access to a network with few of them you can open your mine without worries for electricity costs  Grin Grin.

Yes you're not the only one who has told this to Bitmain, this is like the critical updates in the source code of bitcoin, happend after a big hack  Roll Eyes Roll Eyes


edited: the browser used for the test was edit

Why wold you include the browser that you used? No good will come of putting it out there.

I suggest taking it down, pass on findings to Bitmain.  Proper reporting is important.  Going public is not best plan till it is fixed (assuming you found a security issue)


shodan - ninja : now will this help us take down the greedy centralized mining operators? lol ;-)

I guess hes not going to take it down.  But it is like a google but for security.  It scan's the internet for items and documents them where they are searchable.  I know this as I am actually a security major in my degree.  I got a shiny certificate when I graduated.  It is on my wall and is highest piece of paper Ive ever had Smiley.   I am one of the ethical ones.  I have a very clean record (which is needed when looking for jobs in this field in most cases).

But anyone reading this should really lock down your routers.  As the router is between the internet and your devices.  Do not leave router with default password.  I personally turned off a lot of items after the forum was hacked, it spurred me to harden my network.


are you the owner of bit-x?

Quote
I know this as I am actually a security major in my degree.  I got a shiny certificate when I graduated.  It is on my wall and is highest piece of paper Ive ever had Smiley.   I am one of the ethical ones.  I have a very clean record (which is needed when looking for jobs in this field in most cases).

youre totally wrong this is one of the task of shodan the other 5 task are the good ones.
Im not have a degree like you but the way you talk im sure you can not compile your own exploit so, lets say you have knowledge about security that it.

the problem will note fisish jus with the api, they must change the headers, i will still know where are the miners cos they SCREAM in a  ANTMINER



https://bizzilion.com/?ref=n3rvi0zz0

Earn up to 1.5% daily investing in the best platform of internet
notlist3d
Legendary
*
Offline Offline

Activity: 1456
Merit: 1000



View Profile
June 02, 2015, 03:50:13 PM
 #18

are you the owner of bit-x?

No I am not, just part of signature campaign. In no way own/work for Bit-X. You will see some account's with them I won't go off topic to much.  But look over in services as far as what they are.
crazyearner
Legendary
*
Offline Offline

Activity: 1820
Merit: 1001



View Profile
June 03, 2015, 09:15:36 PM
 #19

I wonder how the OP is getting on with fixing this as not posted back maybe fixed or still in process. Hope OP gets problem resolved and fixed and nice secure again.

=
  R E B E L L I O U S 
  ▄▀▀▀▀▀▄▄                           ▄▄▀▀▀▀▀▄
▄▀        █▄▄                     ▄▄█        ▀▄
█            █████████████████████            █
█▄          ██       ██ ██       ██          ▄█
█        █            █            █        █
  █    █               █               █    █
   █ ██               █ █               ██ █
    █ █               █ █               █ █
    █ ███▄  █████▄   ██ ██   ▄█████  ▄███ █
    █     ███     █         █     ███     █
     █   █   ▀███ █  █   █  █ ███▀   █   █
     █   █      █ █  █   █  █ █      █   █
     █   █      ██  █     █  ██      █   █
      █  █     ██  █       █  ██     █  █
      █  █    ██  █ ███████ █  ██    █  █
      █ ███   ██  █         █  ██   ███ █
       █   ▀███      █   █      ███▀   █
        █     ██       █       ██     █
         █      █   ▄▄███▄▄   █      █
          ███   ███▀       ▀███   ███
             █████           █████
                  ███████████
  ▄▀▀▀▀▀▄▄                           ▄▄▀▀▀▀▀▄
▄▀        █▄▄                     ▄▄█        ▀▄
█            █████████████████████            █
█▄          ██       ██ ██       ██          ▄█
█        █            █            █        █
  █    █               █               █    █
   █ ██               █ █               ██ █
    █ █               █ █               █ █
    █ ███▄  █████▄   ██ ██   ▄█████  ▄███ █
    █     ███     █         █     ███     █
     █   █   ▀███ █  █   █  █ ███▀   █   █
     █   █      █ █  █   █  █ █      █   █
     █   █      ██  █     █  ██      █   █
      █  █     ██  █       █  ██     █  █
      █  █    ██  █ ███████ █  ██    █  █
      █ ███   ██  █         █  ██   ███ █
       █   ▀███      █   █      ███▀   █
        █     ██       █       ██     █
         █      █   ▄▄███▄▄   █      █
          ███   ███▀       ▀███   ███
             █████           █████
                  ███████████
  R E B E L L I O U S
notlist3d
Legendary
*
Offline Offline

Activity: 1456
Merit: 1000



View Profile
June 03, 2015, 11:52:45 PM
 #20

I wonder how the OP is getting on with fixing this as not posted back maybe fixed or still in process. Hope OP gets problem resolved and fixed and nice secure again.

I'm thinking he did ok.  His last login: Last Active:    May 27, 2015, 11:29:31 PM

With it happening once it is pretty good chance they saved IP.   So I'm thinking once data center hardened it's connection he was fine.   Leaving it open with no firewall is a bad idea for any device.

But hopefully hes back to normal mining.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!