Topic: KanoPool kano.is lowest 0.9% fee 🐈 since 2014 - Worldwide - 2432 blocks - page 25. (Read 5352067 times)

Thanks for the information Sam!  I will check all of the software that you’ve recommended to me although i barely ever use my laptop and am always on my ipad so Is there any easier way to protect the network like some of those $200 plug and play devices on Amazon such as this one:

  https://www.amazon.com/GRYPHON-Security-Protection-AI-Intrusion-Detection/dp/B078Z3PTJP/ref=sr_1_7?keywords=secure+network+device&qid=1581610085&sr=8-7

Would it do any good to help me get more secured?

Thanks!

With that cleared out lets move into something else:

Never got an answer, but i tried setting up one recently and it apparently works now. Can anybody else confirm using bech32 (bc1q+) addresses with this pool are working correctly and receiving payments?

These IP addresses are internal to your network. The 102 address is a machine on your network, the 255 address is the broadcast address of your internal network (the address that something scanning your network for vulnerable hosts would use)

What machine on your internal network has the IP address 192.168.1.102

You can download wireshark to scan your network traffic.  WPA/2/3 with, a good, high entropy key is important for wifi.  uPNP and Bonjour allow apps in your network to open ports in your router, whether its wired or wifi, and gives you NO notification that that was done.

Also you can check TCP hardness of your router by using ShieldsUp at grc.com and scanning "All Service Ports" and verifying that all ports are at least closed at best stealthed.

Os2Sam,  I wanted to ask you.  How can I check my network for the level of security?  What type of software do I need to load up to be able to try to hack my own network even when the SSID is hidden?  I thought that it makes it pretty safe when I hide the SSID

What other modern safety measures people take these days to protect their network?  Thanks!

I’m not sure if it’s the same problem I was having because I could not find the IP address that he mentioned in his post but sounded like a simular problem.

Thanks for the information!

By the time frame that these attacks were done I’m pretty sure that It was done in another time zone.  Is there any other way how they could have hacked my modem, by not actually physically being in the radius of its reach?

Or that is the only way someone could have hacked it?  Because if that’s the case then I even have a local, love to hack people’s wifi suspect around here!

And ok, I will try to find and disable what you have told me.  After the reset so far no intrusions have been made this night and the log is clean.

Also Bitmain have answered to me and send me instructions on how to flash the controllers with their newest firmware by the means of an SD card and then they told me to upload some antivirus which they have send me as well.

I’m praying that this will work for me, will start to work on all of the hacked miners today!

Thanks for the output!

is this the problem you were having? if so, I think they detail how to fix it - https://bitcointalksearch.org/topic/antbleed-virus-clone-5224777

Hiding an SSID is NOT a security feature.  It just keeps the casual person from seeing your network easily.  Clients still need to know the SSID and that information is passed in the clear over the air.  So anyone sniffing for WiFi can easily see your SSID even though it is hidden.

I seriously doubt that a hacker in China was connecting via your WiFi.

Make sure your using, at least, WPA2 with a very good and complex key.  Disable uPNP and Bonjour and reboot it.  If your using a Ubiquity router make sure you disable Ubi Discovery.

Biffa and Artemis3 and all of you guys, thank you again for taking your time trying to help me this problem!!! Just want you to know that I really appreciate it! 

I’m sure anyone can become an easy target like me and this is just wrong to do that to people!  Especially if they ruin the hardware!

If I won’t be able to fix these machines in the next few days, I will go ahead and buy at least 10 of the 17TH machines that bitmain has in stock so I can partly compensate for the damage done by this hacker, and have my TH somewhat higher than now.

All I can say for sure is that he isn’t getting anything from the miners that he has hacked anymore and that makes me feel a little better!

Mine on Comrades!

Thanks a lot for the information you provided!  I really appreciate it!  And yes I’ve had one of the worst days in BTC mining this morning when I woke up I found out that the hacker was able to ruin 14 more S9’s!!!!!  14 machines gone in a minute!  Apparently he works somewhere in China in the day time when it is night here and I wake up to a surprise!  Today’s surprise was SHOCKING!

I have already contacted Bitmain for an advice on what to do and if there is a way that I can repair the controllers by uploading a newer firmware because these machines were from 2017-2018.  So I will be waiting for their reply as soon as they start their workday.

At first he hacked 3 so I just disconnected the router connected to my modem thinking that it was causing the problem, since the SSID wasn’t hidden unlike my modem SSID.  But when I realized that 14 more are mining for him this morning I started to dig in the log of the modem itself and found about 22 of these Dos Smurf attacks!!! From February second to today’s morning!

2020-02-04 09:00:49 [Error][Alarm-Log] AlarmID:303500,AlarmLevel:Error,DoS attack. Type: smurf. Source IP address: 192.168.1.102. Destination IP address: 192.168.1.255. Source MAC address:


So I contacted the the ISP provider and they confirmed me that I was hacked by WiFi although I’m not sure how since the SSID was hidden.  Remotely they have reset everything and I’ve changed all of the passwords.  Even on the miners themselves!  But I did that yesterday and apparently that didn’t help.  Also the modem  had a specific check box for preventing these Dos smurf attacks but apparently that didn’t work.

I’m closely monitoring the network tonight to see if there will be any more attacks on my modem, because now I just have a few miners running 

Maybe someone had clicked a wrong link from one of the devices who knows.

And I did noticed that the only ones that he wasn’t able to hack (so far) are the last ones that I got so they must have had a newer firmware protecting them from being hacked like that.

All my hope is on Bitmain now and that they answer soon and maybe be able to find a solution for me.  Start them with a preloaded firmware on a sd card or just try to upload it through my network on them, I really don’t know but I am afraid to even turn the power on the ones that have been compromised now, thinking that if it was hacked then maybe he can hack my whole new reseted network again and I will loose the rest of the miners?  Do you think it is safe to connect one of them to my fresh network or I shouldn’t even try?  Or what do you think?

If the Bitmain won’t be able to help me with a firmware upgrade then I really don’t care what I have to load on a Sd card and where it will mine as long as they just don’t sit around like furniture.  Now 17-18 have been ruined! 

Please let me know your thoughts guys I’d really appreciate if someone with the knowledge be able to give an advice   

The wording is VERY clear:

"Only use firmware provided by the miner manufacturer."

^^ Posted to Discord for him to pop in on it. He has talked about this several times there.

No matter what given that all claim to have many many users, why is it so hard for someone - anyone - that uses 3rd party firmware to post proof it has found a BTC block? Most GUI's have a spot for it and a record of blocks found since last reboot  is part of the API so can be checked even outside of the miner GUI.

On the pool side of things, when shares are sent/received information about the miner is provided as well to let the pool/miner work together. Plus when a block is found the block header generated includes information about the actual individual miner that found it. That info is more than just 'running cgminer vxxx'' and is easily logged by a pool if they care to keep detailed logs, for a start is part of the header from the block I found on Dec 16. From what Kano has said, a pool operator can extract more information as well if they care to. It should be common sense to link together miner data with block header info to track performance metrics.

Since Slush is behind the bOS projects, why not provide simple, verifiable proof the stuff finds blocks? They certainly have a large enough data set to see what miners (or, ahem, large proxy) find blocks and compare that against expected finds vs hashrate. So, if responsible pool operators want verifiable proof firmware works - give it to them.

Oh, their Stratum redeux freely gives a pool, sorry - they call it 'Service' -that info and knowing in-depth what a miner is running and can do is a large part of what it relies on to do the voodoo they plan on it doing.

Then there is #xnsub being part of it... While not an issue per se #xnsub opens up a rather large security hole and exists (so far) only for the benefit of Nicehash and DevFee firmware. It is how NH is able to change work done w/o having to restart a miner. It is also used by DevFee firmware to mine at their payment pools in the background without the miner needing to change pools & restart. Yes a lot of miners support #xnsub and yes BM had to reinstate support for it again after folks bitched about not being able to use their newest miners on NH. That still does not make it a good thing...

Then it wouldn't apply to bOS since the source is available and you could test it yourself. For this reason i don't believe it unless Kano himself says so.