Wow, a new record has ben set, I've been hacked after just 30 mins. or so this time, after starting from scrath with a new flashed OS on the memory stick and changing absolutely every password, RIG IDs, stats passwords - everything new except my IP adress. But I did whitelist my own IP adress range, which I assume means that every other IP adress should be blacklisted, so how I can still be hacked is beyond me. 2FA activated for HiveOS as well.
I've already wasted too much time attempting to make this work. It seems there must be some security flaw here as all the precautions above still isn't enough. I really wanted to make this work as I love everything else about HiveOS, but getting hacked pretty much every day is intolerable.
Bye bye HiveOS.
bye I guess? but I've been running this for months and never been "hacked". my guess is you have your rig wide open to the internet, or some machines on your network are compromised and are using that as a jumping point to get to your rigs. even if you had compromised machines, just change the ssh password and remove any existing ssh keys from ~/.ssh/authorized_keys. and if you have your rigs open to the internet you need to get them behind a router/firewall that is properly configured and secured
Thanks cloudhax!
Believe me, I'd much rather stay with HiveOS rather than change, but I'm tearing my hear out ATM and I'm running out of ideas.
I really appreciate your feedback and suggested solutions, so please allow me to follow up with some questions below:
"my guess is you have your rig wide open to the internet, or some machines on your network are compromised and are using that as a jumping point to get to your rigs."
Could very well be, I have both Mac OS X and Win10 machines on the same LAN/WAN, so I can't rule out what you suggest. All those machines appear to be running like normal (but I realize they could still be compromised), and all have fairly recent OS updates installed with what I assume must be recent security updates.
"even if you had compromised machines, just change the ssh password and remove any existing ssh keys from ~/.ssh/authorized_keys."
I haven't used SSH on any of my machines, at least to my knowledge. (I'm also a linux noob, so this is above my level of technical competence ATM. I have dabbled in Mc OS X terminal and been able to follow detailed instructions describing command line solutions for stubborn OS X problems, but that's about it.)My Mac's have eternal sharing turned off in their Control Panels, which I believe is Apple's GUI name for SSH. I don't know anything about SSH on my HiveOS rigs, as they have been running at default, and I haven't tampered with SSH at all.
"and if you have your rigs open to the internet you need to get them behind a router/firewall that is properly configured and secured".
My rigs are left just as open as my ISP's default router will allow. What goes on in that closed box really isn't documented at all, it's the property of my ISP which is a cable TV company. My rigs are left at HiveOS default settings as far as "open to the internet" applies. So I guess a hardware router/firewall solution could be the answer, but I'm hesitant to throw more money at this problem unless somebody else have had the same problem and can verify that such a solution really fixed it - in which case I'd love to hear more about it in detail, including vendor model, setup details etc.
Advance thanks! :-)
Update: I have to eat humble pie and apologize for even the slightest insinuation that HiveOS could be insecure as per my earlier posts above. It turned out that my undocumented grey cable modem box from the ISP didn't contain even the slightest NAT or firewall functionality, contrary to popular belief in my neighborhood; thus exposing my entire network directly to hackers. After setting up an Asus RT-66U router with NAT and firewall, and after I finished tweaking the rig's OC settings my rigs have now been running without even the slightest hitch for a week, so I'm now in heaven!