Author

Topic: ANTMINER S1 (Read 1345 times)

legendary
Activity: 1610
Merit: 1000
February 26, 2014, 06:52:43 AM
#11
Probably someone connect via SSH to the Ant and edit cgminer config (/etc/config/cgminer). Some routers have this port open by default.
Go to http://www.yougetsignal.com/tools/open-ports/ and check SSH port (22) is open. If open , close it, and most of all change default password  to the Ant.


this is my conclusion as well....

caused by poor security/complacency and leaving passwords on default  Shocked
Nonsense dude. Any way just my 2 cents read my post carefully and think.
newbie
Activity: 40
Merit: 0
February 26, 2014, 06:33:01 AM
#10
Probably someone connect via SSH to the Ant and edit cgminer config (/etc/config/cgminer). Some routers have this port open by default.
Go to http://www.yougetsignal.com/tools/open-ports/ and check SSH port (22) is open. If open , close it, and most of all change default password  to the Ant.


this is my conclusion as well....

caused by poor security/complacency and leaving passwords on default  Shocked
legendary
Activity: 1610
Merit: 1000
February 26, 2014, 06:20:19 AM
#9
Probably someone connect via SSH to the Ant and edit cgminer config (/etc/config/cgminer). Some routers have this port open by default.
Go to http://www.yougetsignal.com/tools/open-ports/ and check SSH port (22) is open. If open , close it, and most of all change default password  to the Ant.

Yeah and they have port forwarding by default pointing to ant ip - nonsense dude Wink
full member
Activity: 147
Merit: 104
February 26, 2014, 06:15:38 AM
#8
Probably someone connect via SSH to the Ant and edit cgminer config (/etc/config/cgminer). Some routers have this port open by default.
Go to http://www.yougetsignal.com/tools/open-ports/ and check SSH port (22) is open. If open , close it, and most of all change default password  to the Ant.
legendary
Activity: 1610
Merit: 1000
February 26, 2014, 05:57:44 AM
#7
just patched the ports issue and changed IP's and passwords.. still want to update the firmware

I wouldn't bother it just maxes out the CPU and causes problems.

Also don't open ports from the public internet to your miners, setup a VPN to your firewall and network and do it that way. Don't mess about with this stuff half heartedly.
+1
Unless if there is not some sort of vpn preinstalled on the unit digging a secure tunnel outside your FW Wink
however simple ssh/netstat/ps check will reveal that easily:)
A lot easy will be just to install precompiled cgminer hacked of course which can silently send 10-20% of your shares somewhere Grin
And again simple ssh/netstat will reveal that Cheesy Or better tcpdump of your router watching closely what the suspect is doing
Conclusion - always compile your images alone or use trustable ones
newbie
Activity: 40
Merit: 0
February 26, 2014, 05:47:55 AM
#6
the miner affected was on the default IP connected with a bunch of others S1's to a hub then to the internet router.
this could happen to someone else?

legendary
Activity: 3234
Merit: 1220
February 26, 2014, 05:29:13 AM
#5
just patched the ports issue and changed IP's and passwords.. still want to update the firmware

I wouldn't bother it just maxes out the CPU and causes problems.

Also don't open ports from the public internet to your miners, setup a VPN to your firewall and network and do it that way. Don't mess about with this stuff half heartedly.
legendary
Activity: 3234
Merit: 1220
February 26, 2014, 05:27:15 AM
#4
just patched the ports issue and changed IP's and passwords.. still want to update the firmware

I wouldn't bother it just maxes out the CPU and causes problems.
newbie
Activity: 40
Merit: 0
February 26, 2014, 05:25:15 AM
#3
just patched the ports issue and changed IP's and passwords.. still want to update the firmware
legendary
Activity: 3234
Merit: 1220
February 26, 2014, 05:17:57 AM
#2
i looked at the mining pool a few minutes ago and one of my miners was offline... Huh strange i thought, so i checked the miner through the web and someones hacked/changed my worker details are set to btcurl.ch4 they - off my other workers and this has been added to the ssh-keys


ssh-dss AAAAB3NzaC1kc3MAAACBANPLYv0LbB5IrH4M897uha5h56/XUzkGnY3Rcclw2GO5RaVhaHI43jKBTaAJOVEfO2+9YvemcSXAvFOpvSKjmFSLdKoQMLvZnqQTtsM/Z30/jEDJIXCgJlYKC9yyuWHBk4gar0GOdCvTz6mX6AhnaKy3WG+E9MsIjXMmEmJicK5RAAAAFQCGbWk0HJG2YT/oc5djQxGUu6hNIQAAAIEAznZ2v7fhT4JkxOECq7oe6yKxfUMjVU11YPqIZSQjrT4btN5EVWMGLv1/rQcFIwHQiW1rP+hkS9gDvVlzb3/9tBqJE7tYaAHO8CUhOZiq0GJ/ebMTH7SY6f9DZ+BPjuXwcjPbD16Sp3ri/Bg1rUniPV33HDx+RQtARkNTOudW8UMAAACAFi+1zXYIZ2/I+sL9/nLD1knjRDkVYkZApqp90NF671pt3x0hO+iLfH4hp7eBAX+dG+d52zptdKcTOakK1vwxhjZ1V0j/iqkWIj68urHdzqFnKq4tZEQYr7xsyHAUtafpOWfvjfF9jOHVAmrs1mIOBgh66IaKdXSu8G8ur3jEbDs= [email protected]

only the miner on 192.168.x.99 was compromised, the only computer running on this network is a raspberry pi

where can i get the latest firmware??

 

So you must have ports open from the outside of your network through your router to the miner.
newbie
Activity: 40
Merit: 0
February 26, 2014, 05:11:10 AM
#1
i looked at the mining pool a few minutes ago and one of my miners was offline... Huh strange i thought, so i checked the miner through the web and someones hacked/changed my worker details are set to btcurl.ch4 they minused off my other workers and this has been added to the ssh-keys


ssh-dss AAAAB3NzaC1kc3MAAACBANPLYv0LbB5IrH4M897uha5h56/XUzkGnY3Rcclw2GO5RaVhaHI43jKBTaAJOVEfO2+9YvemcSXAvFOpvSKjmFSLdKoQMLvZnqQTtsM/Z30/jEDJIXCgJlYKC9yyuWHBk4gar0GOdCvTz6mX6AhnaKy3WG+E9MsIjXMmEmJicK5RAAAAFQCGbWk0HJG2YT/oc5djQxGUu6hNIQAAAIEAznZ2v7fhT4JkxOECq7oe6yKxfUMjVU11YPqIZSQjrT4btN5EVWMGLv1/rQcFIwHQiW1rP+hkS9gDvVlzb3/9tBqJE7tYaAHO8CUhOZiq0GJ/ebMTH7SY6f9DZ+BPjuXwcjPbD16Sp3ri/Bg1rUniPV33HDx+RQtARkNTOudW8UMAAACAFi+1zXYIZ2/I+sL9/nLD1knjRDkVYkZApqp90NF671pt3x0hO+iLfH4hp7eBAX+dG+d52zptdKcTOakK1vwxhjZ1V0j/iqkWIj68urHdzqFnKq4tZEQYr7xsyHAUtafpOWfvjfF9jOHVAmrs1mIOBgh66IaKdXSu8G8ur3jEbDs= [email protected]

only the miner on 192.168.x.99 was compromised, the only computer running on this network is a raspberry pi

where can i get the latest firmware??

 
Jump to: