Topic: HACKED !! (Read 1056 times)
full member
Activity: 378
Merit: 105
Active forum member, A+ poster, PM good sign camp.
MINING ON ETHOS
SETTINGS ON REMOTE CONFIG - DIGITAL OCEAN.
SO ALL THE SETTINGS OF POOL AND WALLET ARE SAVED IN ONE CONFIG FILE ON OCEAN AND EVERY RIG TAKES UP THAT SETTING.
NOW AT NIGHT MOSTLY BETWEEN 1-4 AM . SOMEONE USED TO ACCESS THE DROPLET AND CHANGE THE WALLET ADDRESS TO HIS OWN AND POOL TO EUROPE SERVERS AT ETHERMINE.ORG. BUT SOMEHOW THE RIGS NEVER MINED AND SHOWED 0 HASHRATE . AND CHANGING IT TO OLD CONFIG FILES AGAIN AFTER 4 AM AROUND
AS WE WERE MONITORING THE POOL ONLY, SO WE CONSULTED MANY PEOPLE THAT RIGS ARE MINING BUT ARE NOT SHOWING UP IN THE POOL. BUT OBVIOUSLY NO ONE AGREED.
SO TODAY HE CHANGED THE SERVERS TO INDIAN SERVER NEAREST TO OUR RIGS AND THEY MINED LIKE 4-5 MINUTES. I BECAME AWARE OF THE ISSUE AND CHECKED HIS WALLET ADDRESS ALL MACHINES WERE ONLINE.
BUT AS SOON AS I SHUT DOWN THE RIGS HE CHANGED THE CONFIG FILES TO ORIGINAL SETTINGS.
HERE IS THE WALLET ADDRESS : https://ethermine.org/miners/85b4203fff14f350b388f8d6f9b082ed184d4b69
AND WHY IN HIS WALLET ADDRESS, ONLY WHEN THE WORKERS ARE ACTIVE THEN ONLY WE CAN SEE THEM OTHERWISE THEY ARE REMOVED FROM POOL AT THAT TIME ONLY. USUALLY INACTIVE WORKERS STAYS ON THE POOL FOR A DAY AT LEAST.
TRIED CHANGING DIGITAL OCEAN PASSWORD TWICE.
DOES ANY ONE KNOWS THIS ? ANYONE EVER BEEN ATTACKED THE SAME WAY PREVIOUSLY ?
HERE ARE SOME SCREENSHOTS OF TODAY, YOU CAN CHECK OUT THE TIMINGS AT THE TOP LEFT FOR MORE CLARITY -
http://imgur.com/a/nvaMB - THESE TWO WHEN EVERY RIG WAS MINING AT HIS ADDRESS AT 2:52AM
http://imgur.com/a/wRHxN - THIS ONE OF THE MORNING AT 6:13 AM
KINDLY HELP AND GUIDE.
THANKS .
SETTINGS ON REMOTE CONFIG - DIGITAL OCEAN.
SO ALL THE SETTINGS OF POOL AND WALLET ARE SAVED IN ONE CONFIG FILE ON OCEAN AND EVERY RIG TAKES UP THAT SETTING.
NOW AT NIGHT MOSTLY BETWEEN 1-4 AM . SOMEONE USED TO ACCESS THE DROPLET AND CHANGE THE WALLET ADDRESS TO HIS OWN AND POOL TO EUROPE SERVERS AT ETHERMINE.ORG. BUT SOMEHOW THE RIGS NEVER MINED AND SHOWED 0 HASHRATE . AND CHANGING IT TO OLD CONFIG FILES AGAIN AFTER 4 AM AROUND
AS WE WERE MONITORING THE POOL ONLY, SO WE CONSULTED MANY PEOPLE THAT RIGS ARE MINING BUT ARE NOT SHOWING UP IN THE POOL. BUT OBVIOUSLY NO ONE AGREED.
SO TODAY HE CHANGED THE SERVERS TO INDIAN SERVER NEAREST TO OUR RIGS AND THEY MINED LIKE 4-5 MINUTES. I BECAME AWARE OF THE ISSUE AND CHECKED HIS WALLET ADDRESS ALL MACHINES WERE ONLINE.
BUT AS SOON AS I SHUT DOWN THE RIGS HE CHANGED THE CONFIG FILES TO ORIGINAL SETTINGS.
HERE IS THE WALLET ADDRESS : https://ethermine.org/miners/85b4203fff14f350b388f8d6f9b082ed184d4b69
AND WHY IN HIS WALLET ADDRESS, ONLY WHEN THE WORKERS ARE ACTIVE THEN ONLY WE CAN SEE THEM OTHERWISE THEY ARE REMOVED FROM POOL AT THAT TIME ONLY. USUALLY INACTIVE WORKERS STAYS ON THE POOL FOR A DAY AT LEAST.
TRIED CHANGING DIGITAL OCEAN PASSWORD TWICE.
DOES ANY ONE KNOWS THIS ? ANYONE EVER BEEN ATTACKED THE SAME WAY PREVIOUSLY ?
HERE ARE SOME SCREENSHOTS OF TODAY, YOU CAN CHECK OUT THE TIMINGS AT THE TOP LEFT FOR MORE CLARITY -
http://imgur.com/a/nvaMB - THESE TWO WHEN EVERY RIG WAS MINING AT HIS ADDRESS AT 2:52AM
http://imgur.com/a/wRHxN - THIS ONE OF THE MORNING AT 6:13 AM
KINDLY HELP AND GUIDE.
THANKS .
Now, do you use SSH or another method to access the cloud, that might be the point of hacking also. Lastly, without more info it is hard to say what you should do, but there is a site called miningrigrental.com and you can rent out your mining rig by pointing it at that site...blah, blah. We used to use the site because you can point the site at your mining sites so that when it is not being rented it is mining for you and with multiple rigs it is easier to change those settings online than using SSH or another method like that. Just a thought for an added line of security.
This often happens when you use a pre configured copy/paste settings to mine cryptos on ubuntu, you will need to look into the codes but the best thing to do is to personally write the codes from the scratch and do not copy paste into the droplet like safe screen stuffs.
Yeah. Droplet was also totally fucked up. And lack of security even after password changing and mailing digital ocean.
That's a pretty big company and they should have a decent security set up for you to use. The only draw back is that mining may be against their terms, so be quiet about that.
I assume the setup is this....you are renting a VPS from DIgital Ocean, or a cloud piece, whatever and using that to mine on the pool you have images of. If that is the case, then the point of attack is your digital ocean access. IF so, I do not use them, but you need to change your access details, let digital ocean know and use 2FA or whatever equivalent they have.
This often happens when you use a pre configured copy/paste settings to mine cryptos on ubuntu, you will need to look into the codes but the best thing to do is to personally write the codes from the scratch and do not copy paste into the droplet like safe screen stuffs.
Yeah. Droplet was also totally fucked up. And lack of security even after password changing and mailing digital ocean.
MINING ON ETHOS
SETTINGS ON REMOTE CONFIG - DIGITAL OCEAN.
SO ALL THE SETTINGS OF POOL AND WALLET ARE SAVED IN ONE CONFIG FILE ON OCEAN AND EVERY RIG TAKES UP THAT SETTING.
NOW AT NIGHT MOSTLY BETWEEN 1-4 AM . SOMEONE USED TO ACCESS THE DROPLET AND CHANGE THE WALLET ADDRESS TO HIS OWN AND POOL TO EUROPE SERVERS AT ETHERMINE.ORG. BUT SOMEHOW THE RIGS NEVER MINED AND SHOWED 0 HASHRATE . AND CHANGING IT TO OLD CONFIG FILES AGAIN AFTER 4 AM AROUND
AS WE WERE MONITORING THE POOL ONLY, SO WE CONSULTED MANY PEOPLE THAT RIGS ARE MINING BUT ARE NOT SHOWING UP IN THE POOL. BUT OBVIOUSLY NO ONE AGREED.
SO TODAY HE CHANGED THE SERVERS TO INDIAN SERVER NEAREST TO OUR RIGS AND THEY MINED LIKE 4-5 MINUTES. I BECAME AWARE OF THE ISSUE AND CHECKED HIS WALLET ADDRESS ALL MACHINES WERE ONLINE.
BUT AS SOON AS I SHUT DOWN THE RIGS HE CHANGED THE CONFIG FILES TO ORIGINAL SETTINGS.
HERE IS THE WALLET ADDRESS : https://ethermine.org/miners/85b4203fff14f350b388f8d6f9b082ed184d4b69
AND WHY IN HIS WALLET ADDRESS, ONLY WHEN THE WORKERS ARE ACTIVE THEN ONLY WE CAN SEE THEM OTHERWISE THEY ARE REMOVED FROM POOL AT THAT TIME ONLY. USUALLY INACTIVE WORKERS STAYS ON THE POOL FOR A DAY AT LEAST.
TRIED CHANGING DIGITAL OCEAN PASSWORD TWICE.
DOES ANY ONE KNOWS THIS ? ANYONE EVER BEEN ATTACKED THE SAME WAY PREVIOUSLY ?
HERE ARE SOME SCREENSHOTS OF TODAY, YOU CAN CHECK OUT THE TIMINGS AT THE TOP LEFT FOR MORE CLARITY -
http://imgur.com/a/nvaMB - THESE TWO WHEN EVERY RIG WAS MINING AT HIS ADDRESS AT 2:52AM
http://imgur.com/a/wRHxN - THIS ONE OF THE MORNING AT 6:13 AM
KINDLY HELP AND GUIDE.
THANKS .
SETTINGS ON REMOTE CONFIG - DIGITAL OCEAN.
SO ALL THE SETTINGS OF POOL AND WALLET ARE SAVED IN ONE CONFIG FILE ON OCEAN AND EVERY RIG TAKES UP THAT SETTING.
NOW AT NIGHT MOSTLY BETWEEN 1-4 AM . SOMEONE USED TO ACCESS THE DROPLET AND CHANGE THE WALLET ADDRESS TO HIS OWN AND POOL TO EUROPE SERVERS AT ETHERMINE.ORG. BUT SOMEHOW THE RIGS NEVER MINED AND SHOWED 0 HASHRATE . AND CHANGING IT TO OLD CONFIG FILES AGAIN AFTER 4 AM AROUND
AS WE WERE MONITORING THE POOL ONLY, SO WE CONSULTED MANY PEOPLE THAT RIGS ARE MINING BUT ARE NOT SHOWING UP IN THE POOL. BUT OBVIOUSLY NO ONE AGREED.
SO TODAY HE CHANGED THE SERVERS TO INDIAN SERVER NEAREST TO OUR RIGS AND THEY MINED LIKE 4-5 MINUTES. I BECAME AWARE OF THE ISSUE AND CHECKED HIS WALLET ADDRESS ALL MACHINES WERE ONLINE.
BUT AS SOON AS I SHUT DOWN THE RIGS HE CHANGED THE CONFIG FILES TO ORIGINAL SETTINGS.
HERE IS THE WALLET ADDRESS : https://ethermine.org/miners/85b4203fff14f350b388f8d6f9b082ed184d4b69
AND WHY IN HIS WALLET ADDRESS, ONLY WHEN THE WORKERS ARE ACTIVE THEN ONLY WE CAN SEE THEM OTHERWISE THEY ARE REMOVED FROM POOL AT THAT TIME ONLY. USUALLY INACTIVE WORKERS STAYS ON THE POOL FOR A DAY AT LEAST.
TRIED CHANGING DIGITAL OCEAN PASSWORD TWICE.
DOES ANY ONE KNOWS THIS ? ANYONE EVER BEEN ATTACKED THE SAME WAY PREVIOUSLY ?
HERE ARE SOME SCREENSHOTS OF TODAY, YOU CAN CHECK OUT THE TIMINGS AT THE TOP LEFT FOR MORE CLARITY -
http://imgur.com/a/nvaMB - THESE TWO WHEN EVERY RIG WAS MINING AT HIS ADDRESS AT 2:52AM
http://imgur.com/a/wRHxN - THIS ONE OF THE MORNING AT 6:13 AM
KINDLY HELP AND GUIDE.
THANKS .
I am totally confused. Is this person changing the settings on a website or your rig? Are you renting from digital ocean or mining from home?
Yup using digital ocean and ssh login via mobaxterm. Plus he was accessing the config file of the droplet directly.
This often happens when you use a pre configured copy/paste settings to mine cryptos on ubuntu, you will need to look into the codes but the best thing to do is to personally write the codes from the scratch and do not copy paste into the droplet like safe screen stuffs.
MINING ON ETHOS
SETTINGS ON REMOTE CONFIG - DIGITAL OCEAN.
SO ALL THE SETTINGS OF POOL AND WALLET ARE SAVED IN ONE CONFIG FILE ON OCEAN AND EVERY RIG TAKES UP THAT SETTING.
NOW AT NIGHT MOSTLY BETWEEN 1-4 AM . SOMEONE USED TO ACCESS THE DROPLET AND CHANGE THE WALLET ADDRESS TO HIS OWN AND POOL TO EUROPE SERVERS AT ETHERMINE.ORG. BUT SOMEHOW THE RIGS NEVER MINED AND SHOWED 0 HASHRATE . AND CHANGING IT TO OLD CONFIG FILES AGAIN AFTER 4 AM AROUND
AS WE WERE MONITORING THE POOL ONLY, SO WE CONSULTED MANY PEOPLE THAT RIGS ARE MINING BUT ARE NOT SHOWING UP IN THE POOL. BUT OBVIOUSLY NO ONE AGREED.
SO TODAY HE CHANGED THE SERVERS TO INDIAN SERVER NEAREST TO OUR RIGS AND THEY MINED LIKE 4-5 MINUTES. I BECAME AWARE OF THE ISSUE AND CHECKED HIS WALLET ADDRESS ALL MACHINES WERE ONLINE.
BUT AS SOON AS I SHUT DOWN THE RIGS HE CHANGED THE CONFIG FILES TO ORIGINAL SETTINGS.
HERE IS THE WALLET ADDRESS : https://ethermine.org/miners/85b4203fff14f350b388f8d6f9b082ed184d4b69
AND WHY IN HIS WALLET ADDRESS, ONLY WHEN THE WORKERS ARE ACTIVE THEN ONLY WE CAN SEE THEM OTHERWISE THEY ARE REMOVED FROM POOL AT THAT TIME ONLY. USUALLY INACTIVE WORKERS STAYS ON THE POOL FOR A DAY AT LEAST.
TRIED CHANGING DIGITAL OCEAN PASSWORD TWICE.
DOES ANY ONE KNOWS THIS ? ANYONE EVER BEEN ATTACKED THE SAME WAY PREVIOUSLY ?
HERE ARE SOME SCREENSHOTS OF TODAY, YOU CAN CHECK OUT THE TIMINGS AT THE TOP LEFT FOR MORE CLARITY -
http://imgur.com/a/nvaMB - THESE TWO WHEN EVERY RIG WAS MINING AT HIS ADDRESS AT 2:52AM
http://imgur.com/a/wRHxN - THIS ONE OF THE MORNING AT 6:13 AM
KINDLY HELP AND GUIDE.
THANKS .
SETTINGS ON REMOTE CONFIG - DIGITAL OCEAN.
SO ALL THE SETTINGS OF POOL AND WALLET ARE SAVED IN ONE CONFIG FILE ON OCEAN AND EVERY RIG TAKES UP THAT SETTING.
NOW AT NIGHT MOSTLY BETWEEN 1-4 AM . SOMEONE USED TO ACCESS THE DROPLET AND CHANGE THE WALLET ADDRESS TO HIS OWN AND POOL TO EUROPE SERVERS AT ETHERMINE.ORG. BUT SOMEHOW THE RIGS NEVER MINED AND SHOWED 0 HASHRATE . AND CHANGING IT TO OLD CONFIG FILES AGAIN AFTER 4 AM AROUND
AS WE WERE MONITORING THE POOL ONLY, SO WE CONSULTED MANY PEOPLE THAT RIGS ARE MINING BUT ARE NOT SHOWING UP IN THE POOL. BUT OBVIOUSLY NO ONE AGREED.
SO TODAY HE CHANGED THE SERVERS TO INDIAN SERVER NEAREST TO OUR RIGS AND THEY MINED LIKE 4-5 MINUTES. I BECAME AWARE OF THE ISSUE AND CHECKED HIS WALLET ADDRESS ALL MACHINES WERE ONLINE.
BUT AS SOON AS I SHUT DOWN THE RIGS HE CHANGED THE CONFIG FILES TO ORIGINAL SETTINGS.
HERE IS THE WALLET ADDRESS : https://ethermine.org/miners/85b4203fff14f350b388f8d6f9b082ed184d4b69
AND WHY IN HIS WALLET ADDRESS, ONLY WHEN THE WORKERS ARE ACTIVE THEN ONLY WE CAN SEE THEM OTHERWISE THEY ARE REMOVED FROM POOL AT THAT TIME ONLY. USUALLY INACTIVE WORKERS STAYS ON THE POOL FOR A DAY AT LEAST.
TRIED CHANGING DIGITAL OCEAN PASSWORD TWICE.
DOES ANY ONE KNOWS THIS ? ANYONE EVER BEEN ATTACKED THE SAME WAY PREVIOUSLY ?
HERE ARE SOME SCREENSHOTS OF TODAY, YOU CAN CHECK OUT THE TIMINGS AT THE TOP LEFT FOR MORE CLARITY -
http://imgur.com/a/nvaMB - THESE TWO WHEN EVERY RIG WAS MINING AT HIS ADDRESS AT 2:52AM
http://imgur.com/a/wRHxN - THIS ONE OF THE MORNING AT 6:13 AM
KINDLY HELP AND GUIDE.
THANKS .
I am totally confused. Is this person changing the settings on a website or your rig? Are you renting from digital ocean or mining from home?
I'd reinstall ethos, creat a brand new account for your config or just use config maker. Change ethos ssh and root passwords.
Yes Sir . Maybe I can try this. Done with SSH and root passwords changing.
The safest way is to reinstall everything, set it up with new passwords, and make sure not needed ports are close on the machine (not familiar with EthOS but I guess it is a Linux).
If the machine is already infected with some kind of trojan horse, then changing the passwords won't help you...
format and re-install everything from scratch, and never use same passwords again (or similar ones)
I'd reinstall ethos, creat a brand new account for your config or just use config maker. Change ethos ssh and root passwords.
Yes Sir . Maybe I can try this. Done with SSH and root passwords changing.
I'd reinstall ethos, creat a brand new account for your config or just use config maker. Change ethos ssh and root passwords.
Looks like the hacker froze the Caps lock on your keyboard. You expect someone to read that? LOL
MINING ON ETHOS
SETTINGS ON REMOTE CONFIG - DIGITAL OCEAN.
SO ALL THE SETTINGS OF POOL AND WALLET ARE SAVED IN ONE CONFIG FILE ON OCEAN AND EVERY RIG TAKES UP THAT SETTING.
NOW AT NIGHT MOSTLY BETWEEN 1-4 AM . SOMEONE USED TO ACCESS THE DROPLET AND CHANGE THE WALLET ADDRESS TO HIS OWN AND POOL TO EUROPE SERVERS AT ETHERMINE.ORG. BUT SOMEHOW THE RIGS NEVER MINED AND SHOWED 0 HASHRATE . AND CHANGING IT TO OLD CONFIG FILES AGAIN AFTER 4 AM AROUND
AS WE WERE MONITORING THE POOL ONLY, SO WE CONSULTED MANY PEOPLE THAT RIGS ARE MINING BUT ARE NOT SHOWING UP IN THE POOL. BUT OBVIOUSLY NO ONE AGREED.
SO TODAY HE CHANGED THE SERVERS TO INDIAN SERVER NEAREST TO OUR RIGS AND THEY MINED LIKE 4-5 MINUTES. I BECAME AWARE OF THE ISSUE AND CHECKED HIS WALLET ADDRESS ALL MACHINES WERE ONLINE.
BUT AS SOON AS I SHUT DOWN THE RIGS HE CHANGED THE CONFIG FILES TO ORIGINAL SETTINGS.
HERE IS THE WALLET ADDRESS : https://ethermine.org/miners/85b4203fff14f350b388f8d6f9b082ed184d4b69
AND WHY IN HIS WALLET ADDRESS, ONLY WHEN THE WORKERS ARE ACTIVE THEN ONLY WE CAN SEE THEM OTHERWISE THEY ARE REMOVED FROM POOL AT THAT TIME ONLY. USUALLY INACTIVE WORKERS STAYS ON THE POOL FOR A DAY AT LEAST.
TRIED CHANGING DIGITAL OCEAN PASSWORD TWICE.
DOES ANY ONE KNOWS THIS ? ANYONE EVER BEEN ATTACKED THE SAME WAY PREVIOUSLY ?
HERE ARE SOME SCREENSHOTS OF TODAY, YOU CAN CHECK OUT THE TIMINGS AT THE TOP LEFT FOR MORE CLARITY -
http://imgur.com/a/nvaMB - THESE TWO WHEN EVERY RIG WAS MINING AT HIS ADDRESS AT 2:52AM
http://imgur.com/a/wRHxN - THIS ONE OF THE MORNING AT 6:13 AM
KINDLY HELP AND GUIDE.
THANKS .
SETTINGS ON REMOTE CONFIG - DIGITAL OCEAN.
SO ALL THE SETTINGS OF POOL AND WALLET ARE SAVED IN ONE CONFIG FILE ON OCEAN AND EVERY RIG TAKES UP THAT SETTING.
NOW AT NIGHT MOSTLY BETWEEN 1-4 AM . SOMEONE USED TO ACCESS THE DROPLET AND CHANGE THE WALLET ADDRESS TO HIS OWN AND POOL TO EUROPE SERVERS AT ETHERMINE.ORG. BUT SOMEHOW THE RIGS NEVER MINED AND SHOWED 0 HASHRATE . AND CHANGING IT TO OLD CONFIG FILES AGAIN AFTER 4 AM AROUND
AS WE WERE MONITORING THE POOL ONLY, SO WE CONSULTED MANY PEOPLE THAT RIGS ARE MINING BUT ARE NOT SHOWING UP IN THE POOL. BUT OBVIOUSLY NO ONE AGREED.
SO TODAY HE CHANGED THE SERVERS TO INDIAN SERVER NEAREST TO OUR RIGS AND THEY MINED LIKE 4-5 MINUTES. I BECAME AWARE OF THE ISSUE AND CHECKED HIS WALLET ADDRESS ALL MACHINES WERE ONLINE.
BUT AS SOON AS I SHUT DOWN THE RIGS HE CHANGED THE CONFIG FILES TO ORIGINAL SETTINGS.
HERE IS THE WALLET ADDRESS : https://ethermine.org/miners/85b4203fff14f350b388f8d6f9b082ed184d4b69
AND WHY IN HIS WALLET ADDRESS, ONLY WHEN THE WORKERS ARE ACTIVE THEN ONLY WE CAN SEE THEM OTHERWISE THEY ARE REMOVED FROM POOL AT THAT TIME ONLY. USUALLY INACTIVE WORKERS STAYS ON THE POOL FOR A DAY AT LEAST.
TRIED CHANGING DIGITAL OCEAN PASSWORD TWICE.
DOES ANY ONE KNOWS THIS ? ANYONE EVER BEEN ATTACKED THE SAME WAY PREVIOUSLY ?
HERE ARE SOME SCREENSHOTS OF TODAY, YOU CAN CHECK OUT THE TIMINGS AT THE TOP LEFT FOR MORE CLARITY -
http://imgur.com/a/nvaMB - THESE TWO WHEN EVERY RIG WAS MINING AT HIS ADDRESS AT 2:52AM
http://imgur.com/a/wRHxN - THIS ONE OF THE MORNING AT 6:13 AM
KINDLY HELP AND GUIDE.
THANKS .
Jump to: