Author

Topic: Antminer Hacked (Read 5365 times)

legendary
Activity: 4592
Merit: 1851
Linux since 1997 RedHat 4
June 08, 2015, 10:25:40 PM
#22
I wonder how the OP is getting on with fixing this as not posted back maybe fixed or still in process. Hope OP gets problem resolved and fixed and nice secure again.
Should be okay. Hiding miners behind private networks / firewalls and away from publicly visible IPs shuts down this type of hack entirely.
Usually.
legendary
Activity: 1666
Merit: 1185
dogiecoin.com
June 08, 2015, 08:30:15 PM
#21
I wonder how the OP is getting on with fixing this as not posted back maybe fixed or still in process. Hope OP gets problem resolved and fixed and nice secure again.
Should be okay. Hiding miners behind private networks / firewalls and away from publicly visible IPs shuts down this type of hack entirely.
legendary
Activity: 1456
Merit: 1000
June 03, 2015, 06:52:45 PM
#20
I wonder how the OP is getting on with fixing this as not posted back maybe fixed or still in process. Hope OP gets problem resolved and fixed and nice secure again.

I'm thinking he did ok.  His last login: Last Active:    May 27, 2015, 11:29:31 PM

With it happening once it is pretty good chance they saved IP.   So I'm thinking once data center hardened it's connection he was fine.   Leaving it open with no firewall is a bad idea for any device.

But hopefully hes back to normal mining.
legendary
Activity: 1820
Merit: 1001
June 03, 2015, 04:15:36 PM
#19
I wonder how the OP is getting on with fixing this as not posted back maybe fixed or still in process. Hope OP gets problem resolved and fixed and nice secure again.
legendary
Activity: 1456
Merit: 1000
June 02, 2015, 10:50:13 AM
#18
are you the owner of bit-x?

No I am not, just part of signature campaign. In no way own/work for Bit-X. You will see some account's with them I won't go off topic to much.  But look over in services as far as what they are.
sr. member
Activity: 289
Merit: 250
June 02, 2015, 08:37:02 AM
#17
Few months ago i was checking this exactly, with a simple dork to discover the antminers ( i will not write here ) and access to a network with few of them you can open your mine without worries for electricity costs  Grin Grin.

Yes you're not the only one who has told this to Bitmain, this is like the critical updates in the source code of bitcoin, happend after a big hack  Roll Eyes Roll Eyes


edited: the browser used for the test was edit

Why wold you include the browser that you used? No good will come of putting it out there.

I suggest taking it down, pass on findings to Bitmain.  Proper reporting is important.  Going public is not best plan till it is fixed (assuming you found a security issue)


shodan - ninja : now will this help us take down the greedy centralized mining operators? lol ;-)

I guess hes not going to take it down.  But it is like a google but for security.  It scan's the internet for items and documents them where they are searchable.  I know this as I am actually a security major in my degree.  I got a shiny certificate when I graduated.  It is on my wall and is highest piece of paper Ive ever had Smiley.   I am one of the ethical ones.  I have a very clean record (which is needed when looking for jobs in this field in most cases).

But anyone reading this should really lock down your routers.  As the router is between the internet and your devices.  Do not leave router with default password.  I personally turned off a lot of items after the forum was hacked, it spurred me to harden my network.


are you the owner of bit-x?

Quote
I know this as I am actually a security major in my degree.  I got a shiny certificate when I graduated.  It is on my wall and is highest piece of paper Ive ever had Smiley.   I am one of the ethical ones.  I have a very clean record (which is needed when looking for jobs in this field in most cases).

youre totally wrong this is one of the task of shodan the other 5 task are the good ones.
Im not have a degree like you but the way you talk im sure you can not compile your own exploit so, lets say you have knowledge about security that it.

the problem will note fisish jus with the api, they must change the headers, i will still know where are the miners cos they SCREAM in a  ANTMINER


legendary
Activity: 1456
Merit: 1000
June 02, 2015, 12:33:19 AM
#16
Few months ago i was checking this exactly, with a simple dork to discover the antminers ( i will not write here ) and access to a network with few of them you can open your mine without worries for electricity costs  Grin Grin.

Yes you're not the only one who has told this to Bitmain, this is like the critical updates in the source code of bitcoin, happend after a big hack  Roll Eyes Roll Eyes


edited: the browser used for the test was edit

Why wold you include the browser that you used? No good will come of putting it out there.

I suggest taking it down, pass on findings to Bitmain.  Proper reporting is important.  Going public is not best plan till it is fixed (assuming you found a security issue)


shodan - ninja : now will this help us take down the greedy centralized mining operators? lol ;-)

I guess hes not going to take it down.  But it is like a google but for security.  It scan's the internet for items and documents them where they are searchable.  I know this as I am actually a security major in my degree.  I got a shiny certificate when I graduated.  It is on my wall and is highest piece of paper Ive ever had Smiley.   I am one of the ethical ones.  I have a very clean record (which is needed when looking for jobs in this field in most cases).

But anyone reading this should really lock down your routers.  As the router is between the internet and your devices.  Do not leave router with default password.  I personally turned off a lot of items after the forum was hacked, it spurred me to harden my network.
newbie
Activity: 14
Merit: 0
June 01, 2015, 07:58:47 PM
#15
Few months ago i was checking this exactly, with a simple dork to discover the antminers ( i will not write here ) and access to a network with few of them you can open your mine without worries for electricity costs  Grin Grin.

Yes you're not the only one who has told this to Bitmain, this is like the critical updates in the source code of bitcoin, happend after a big hack  Roll Eyes Roll Eyes


edited: the browser used for the test was edit

Why wold you include the browser that you used? No good will come of putting it out there.

I suggest taking it down, pass on findings to Bitmain.  Proper reporting is important.  Going public is not best plan till it is fixed (assuming you found a security issue)


shodan - ninja : now will this help us take down the greedy centralized mining operators? lol ;-)
legendary
Activity: 1456
Merit: 1000
June 01, 2015, 07:46:24 PM
#14
Few months ago i was checking this exactly, with a simple dork to discover the antminers ( i will not write here ) and access to a network with few of them you can open your mine without worries for electricity costs  Grin Grin.

Yes you're not the only one who has told this to Bitmain, this is like the critical updates in the source code of bitcoin, happend after a big hack  Roll Eyes Roll Eyes


edited: the browser used for the test was edit

Why wold you include the browser that you used? No good will come of putting it out there.

I suggest taking it down, pass on findings to Bitmain.  Proper reporting is important.  Going public is not best plan till it is fixed (assuming you found a security issue)
legendary
Activity: 1820
Merit: 1001
June 01, 2015, 05:34:34 PM
#13
I would be going down to the data centa and looking at their security and also filing claim with them for losses and damages for each time it has happened and the amount of down-time it is causing you. I would even look at using another data location if they do not do anything. Is not good for a place to have their servers compromised. Maybe an inside job who knows end of the day it is not good.
sr. member
Activity: 289
Merit: 250
June 01, 2015, 01:52:17 PM
#12
Few months ago i was checking this exactly, with a simple dork to discover the antminers ( i will not write here ) and access to a network with few of them you can open your mine without worries for electricity costs  Grin Grin.

Yes you're not the only one who has told this to Bitmain, this is like the critical updates in the source code of bitcoin, happend after a big hack  Roll Eyes Roll Eyes


edited: the browser used for the test was shodan.
legendary
Activity: 4592
Merit: 1851
Linux since 1997 RedHat 4
May 29, 2015, 08:38:04 PM
#11
This is a problem with many miners that I have brought up on many occasions and the idiots who make the miners have ignored it.

Bitmain sets the cgminer api to --api-allow W:0/0

This means ANYONE who has network access to your miner can change anything in the settings.

I guess in this case you'll have to login to it and edit the settings manually for --api-allow
I'd suggest you use the settings that my modified S2 firmware defaults to: --api-allow W:127.0.0.1,R:0/0

Of course you could also read the cgminer README about how the API works Smiley
https://github.com/ckolivas/cgminer/blob/master/API-README

... and anyone wondering ... I wrote the cgminer API.
legendary
Activity: 1456
Merit: 1000
March 07, 2015, 12:43:39 PM
#10
It's at a data center using static network settings on public IP's but it is password protected. I've reset the miners and it'll work for awhile and then one by one it seems (I'm guessing the guy is notified of the problem immediately) and the hacked pool is put back up. Not sure at all how to solve this.

That is a scary situation.  Go to the data center and talk to them.  They should watch it and close holes.
sr. member
Activity: 280
Merit: 250
Bro, you need to try http://dadice.com
March 07, 2015, 07:32:46 AM
#9
Are you using a wifi or internet connection without password?
newbie
Activity: 8
Merit: 0
March 06, 2015, 10:02:56 PM
#8
I'm not sure what you mean?
sr. member
Activity: 462
Merit: 250
March 06, 2015, 10:00:03 PM
#7
close api also
newbie
Activity: 8
Merit: 0
March 06, 2015, 09:56:30 PM
#6
Well the very second after I had re-flashed the SD card successfully and reconfigured the network settings under a new password, the hacked pool #4 mining at eligius popped back up.
I've figured out (simple because it's eligius) the Eligius profile which is hacking me - http://eligius.st/~wizkid057/newstats/userstats.php/1D8J2tkRbt5R7TNZKdBYdq8qx2aJDFqU1M

Every one of his spikes in hashing power is the hacked units of Antminer S4's that are mine,  five of them to be exact.

https://i.imgur.com/ehg13Oh.png
https://i.imgur.com/ehg13Oh.png
newbie
Activity: 8
Merit: 0
March 06, 2015, 08:59:18 PM
#5
Thanks for the help guys, I really hate hackers. They are more cowardly than thieves.
I'll get these SD cards re-flashed and change the password and I'll have the data center I'm at put up a firewall for my IP connections.
Any other preventative steps y'all know of?

I re-started my miners earlier and the hacked pool settings disappeared and then two hours later they were back, I almost thought I beat it out of dumb luck for a second ... not so Undecided
newbie
Activity: 19
Merit: 0
March 06, 2015, 04:55:13 PM
#4
Had it also, my S4 was not behind a router or firewall and ssh password was not changed. Get the S4 image from the 2nd post on the S4 forum, open the S4, get out the mSD an put the image on it by computer. mSD card back in S4, restart and it is ready for you again. Change settings.Change WebGUI and SSH password and have your Antminer behind a decent router/firewall.
newbie
Activity: 8
Merit: 0
March 06, 2015, 02:24:31 PM
#3
It's at a data center using static network settings on public IP's but it is password protected. I've reset the miners and it'll work for awhile and then one by one it seems (I'm guessing the guy is notified of the problem immediately) and the hacked pool is put back up. Not sure at all how to solve this.
legendary
Activity: 1456
Merit: 1000
March 06, 2015, 02:20:46 PM
#2
Is this a miner at your house or data center?

To think it happens so quick are you sure you stopped it?
newbie
Activity: 8
Merit: 0
March 06, 2015, 02:17:45 PM
#1
So I woke up to a bitch of a morning today it seems someone has managed to hack into my Antminer S4's and program a 4th unseen pool and make it the priority pool. I've reset the miners but minutes later they are hacked again, any ideas how to stop this?
Jump to: