Rovernelson (OP)
Newbie
Offline
Activity: 8
Merit: 0
|
|
March 06, 2015, 07:17:45 PM |
|
So I woke up to a bitch of a morning today it seems someone has managed to hack into my Antminer S4's and program a 4th unseen pool and make it the priority pool. I've reset the miners but minutes later they are hacked again, any ideas how to stop this?
|
|
|
|
notlist3d
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
March 06, 2015, 07:20:46 PM |
|
Is this a miner at your house or data center?
To think it happens so quick are you sure you stopped it?
|
|
|
|
Rovernelson (OP)
Newbie
Offline
Activity: 8
Merit: 0
|
|
March 06, 2015, 07:24:31 PM |
|
It's at a data center using static network settings on public IP's but it is password protected. I've reset the miners and it'll work for awhile and then one by one it seems (I'm guessing the guy is notified of the problem immediately) and the hacked pool is put back up. Not sure at all how to solve this.
|
|
|
|
Bazeman
Newbie
Offline
Activity: 19
Merit: 0
|
|
March 06, 2015, 09:55:13 PM |
|
Had it also, my S4 was not behind a router or firewall and ssh password was not changed. Get the S4 image from the 2nd post on the S4 forum, open the S4, get out the mSD an put the image on it by computer. mSD card back in S4, restart and it is ready for you again. Change settings.Change WebGUI and SSH password and have your Antminer behind a decent router/firewall.
|
|
|
|
Rovernelson (OP)
Newbie
Offline
Activity: 8
Merit: 0
|
|
March 07, 2015, 01:59:18 AM |
|
Thanks for the help guys, I really hate hackers. They are more cowardly than thieves. I'll get these SD cards re-flashed and change the password and I'll have the data center I'm at put up a firewall for my IP connections. Any other preventative steps y'all know of? I re-started my miners earlier and the hacked pool settings disappeared and then two hours later they were back, I almost thought I beat it out of dumb luck for a second ... not so
|
|
|
|
|
MinerFTW
|
|
March 07, 2015, 03:00:03 AM |
|
close api also
|
|
|
|
Rovernelson (OP)
Newbie
Offline
Activity: 8
Merit: 0
|
|
March 07, 2015, 03:02:56 AM |
|
I'm not sure what you mean?
|
|
|
|
josef2000
|
|
March 07, 2015, 12:32:46 PM |
|
Are you using a wifi or internet connection without password?
|
██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
|
|
|
notlist3d
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
March 07, 2015, 05:43:39 PM |
|
It's at a data center using static network settings on public IP's but it is password protected. I've reset the miners and it'll work for awhile and then one by one it seems (I'm guessing the guy is notified of the problem immediately) and the hacked pool is put back up. Not sure at all how to solve this.
That is a scary situation. Go to the data center and talk to them. They should watch it and close holes.
|
|
|
|
kano
Legendary
Offline
Activity: 4620
Merit: 1851
Linux since 1997 RedHat 4
|
|
May 30, 2015, 01:38:04 AM |
|
This is a problem with many miners that I have brought up on many occasions and the idiots who make the miners have ignored it. Bitmain sets the cgminer api to --api-allow W:0/0 This means ANYONE who has network access to your miner can change anything in the settings. I guess in this case you'll have to login to it and edit the settings manually for --api-allow I'd suggest you use the settings that my modified S2 firmware defaults to: --api-allow W:127.0.0.1,R:0/0 Of course you could also read the cgminer README about how the API works https://github.com/ckolivas/cgminer/blob/master/API-README... and anyone wondering ... I wrote the cgminer API.
|
|
|
|
n3rvi0zz0
|
|
June 01, 2015, 06:52:17 PM |
|
Few months ago i was checking this exactly, with a simple dork to discover the antminers ( i will not write here ) and access to a network with few of them you can open your mine without worries for electricity costs . Yes you're not the only one who has told this to Bitmain, this is like the critical updates in the source code of bitcoin, happend after a big hack edited: the browser used for the test was shodan.
|
|
|
|
crazyearner
Legendary
Offline
Activity: 1820
Merit: 1001
|
|
June 01, 2015, 10:34:34 PM |
|
I would be going down to the data centa and looking at their security and also filing claim with them for losses and damages for each time it has happened and the amount of down-time it is causing you. I would even look at using another data location if they do not do anything. Is not good for a place to have their servers compromised. Maybe an inside job who knows end of the day it is not good.
|
|
|
|
notlist3d
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
June 02, 2015, 12:46:24 AM |
|
Few months ago i was checking this exactly, with a simple dork to discover the antminers ( i will not write here ) and access to a network with few of them you can open your mine without worries for electricity costs . Yes you're not the only one who has told this to Bitmain, this is like the critical updates in the source code of bitcoin, happend after a big hack edited: the browser used for the test was edit Why wold you include the browser that you used? No good will come of putting it out there. I suggest taking it down, pass on findings to Bitmain. Proper reporting is important. Going public is not best plan till it is fixed (assuming you found a security issue)
|
|
|
|
BTI4LIFE
Newbie
Offline
Activity: 14
Merit: 0
|
|
June 02, 2015, 12:58:47 AM |
|
Few months ago i was checking this exactly, with a simple dork to discover the antminers ( i will not write here ) and access to a network with few of them you can open your mine without worries for electricity costs . Yes you're not the only one who has told this to Bitmain, this is like the critical updates in the source code of bitcoin, happend after a big hack edited: the browser used for the test was edit Why wold you include the browser that you used? No good will come of putting it out there. I suggest taking it down, pass on findings to Bitmain. Proper reporting is important. Going public is not best plan till it is fixed (assuming you found a security issue) shodan - ninja : now will this help us take down the greedy centralized mining operators? lol ;-)
|
|
|
|
notlist3d
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
June 02, 2015, 05:33:19 AM |
|
Few months ago i was checking this exactly, with a simple dork to discover the antminers ( i will not write here ) and access to a network with few of them you can open your mine without worries for electricity costs . Yes you're not the only one who has told this to Bitmain, this is like the critical updates in the source code of bitcoin, happend after a big hack edited: the browser used for the test was edit Why wold you include the browser that you used? No good will come of putting it out there. I suggest taking it down, pass on findings to Bitmain. Proper reporting is important. Going public is not best plan till it is fixed (assuming you found a security issue) shodan - ninja : now will this help us take down the greedy centralized mining operators? lol ;-) I guess hes not going to take it down. But it is like a google but for security. It scan's the internet for items and documents them where they are searchable. I know this as I am actually a security major in my degree. I got a shiny certificate when I graduated. It is on my wall and is highest piece of paper Ive ever had . I am one of the ethical ones. I have a very clean record (which is needed when looking for jobs in this field in most cases). But anyone reading this should really lock down your routers. As the router is between the internet and your devices. Do not leave router with default password. I personally turned off a lot of items after the forum was hacked, it spurred me to harden my network.
|
|
|
|
n3rvi0zz0
|
|
June 02, 2015, 01:37:02 PM |
|
Few months ago i was checking this exactly, with a simple dork to discover the antminers ( i will not write here ) and access to a network with few of them you can open your mine without worries for electricity costs . Yes you're not the only one who has told this to Bitmain, this is like the critical updates in the source code of bitcoin, happend after a big hack edited: the browser used for the test was edit Why wold you include the browser that you used? No good will come of putting it out there. I suggest taking it down, pass on findings to Bitmain. Proper reporting is important. Going public is not best plan till it is fixed (assuming you found a security issue) shodan - ninja : now will this help us take down the greedy centralized mining operators? lol ;-) I guess hes not going to take it down. But it is like a google but for security. It scan's the internet for items and documents them where they are searchable. I know this as I am actually a security major in my degree. I got a shiny certificate when I graduated. It is on my wall and is highest piece of paper Ive ever had . I am one of the ethical ones. I have a very clean record (which is needed when looking for jobs in this field in most cases). But anyone reading this should really lock down your routers. As the router is between the internet and your devices. Do not leave router with default password. I personally turned off a lot of items after the forum was hacked, it spurred me to harden my network. are you the owner of bit-x? I know this as I am actually a security major in my degree. I got a shiny certificate when I graduated. It is on my wall and is highest piece of paper Ive ever had . I am one of the ethical ones. I have a very clean record (which is needed when looking for jobs in this field in most cases). youre totally wrong this is one of the task of shodan the other 5 task are the good ones. Im not have a degree like you but the way you talk im sure you can not compile your own exploit so, lets say you have knowledge about security that it. the problem will note fisish jus with the api, they must change the headers, i will still know where are the miners cos they SCREAM in a ANTMINER
|
|
|
|
notlist3d
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
June 02, 2015, 03:50:13 PM |
|
are you the owner of bit-x?
No I am not, just part of signature campaign. In no way own/work for Bit-X. You will see some account's with them I won't go off topic to much. But look over in services as far as what they are.
|
|
|
|
crazyearner
Legendary
Offline
Activity: 1820
Merit: 1001
|
|
June 03, 2015, 09:15:36 PM |
|
I wonder how the OP is getting on with fixing this as not posted back maybe fixed or still in process. Hope OP gets problem resolved and fixed and nice secure again.
|
|
|
|
notlist3d
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
June 03, 2015, 11:52:45 PM |
|
I wonder how the OP is getting on with fixing this as not posted back maybe fixed or still in process. Hope OP gets problem resolved and fixed and nice secure again.
I'm thinking he did ok. His last login: Last Active: May 27, 2015, 11:29:31 PM With it happening once it is pretty good chance they saved IP. So I'm thinking once data center hardened it's connection he was fine. Leaving it open with no firewall is a bad idea for any device. But hopefully hes back to normal mining.
|
|
|
|
|