Topic: KnC Miner : Security hacked - UPDATE with TOOL admin remove plz - page 6. (Read 25845 times)
December 31, 2013, 04:24:09 PM
No logs posted, just a troll. Post logs and everyone will be on your side. Take your pick!
December 31, 2013, 02:03:59 PM
what do you expect me to think?
That you should have some evidence beyond pure circumstance before slinging around legal threats?
Would you somehow have been better off if OP had been intimidated by legal liabilities into never discovering and posting this information?
P.S. If you don't want people "attacking" your gear through a public IP interface, simply configure it to not fulfill requests so promptly and politely. Is it that difficult?
first off I am not the op. i did not brute force 28 knc machines he did. now when he did the brute force on the 28 machines he did not tell us he had permission to do it. so stop defending him for doing something that is not legal.
did his brute force attack hurt this person?
https://bitcointalksearch.org/topic/m.4140767
maybe I do not know but time wise it matches. was he off line for 3 or 5 hours extra due to the password attack ? do not know. I ask you this. would you want someone coming to the front door of your home and testing your door knob to see if it opens easily ?
so to the op did you have permission to attack the 28 machines? yes or no? my apologies if you informed those miners. before you attacked them
December 31, 2013, 01:49:55 PM
what do you expect me to think?
That you should have some evidence beyond pure circumstance before slinging around legal threats?
Would you somehow have been better off if OP had been intimidated by legal liabilities into never discovering and posting this information?
P.S. If you don't want people "attacking" your gear through a public IP interface, simply configure it to not fulfill requests so promptly and politely. Is it that difficult?
December 31, 2013, 01:13:14 PM
I did think about it. I found it to be bad timing on your part to announce you did this and that the announcement matches very odd behaviour of our miners. What I would like to know is how many miners other then the two mention have this problem which is why I posted this here. You have admitted you viewed 1100 plus miners. if only the two I mention have this problem after being viewed by you then most likely this has nothing to do with your testing.
Holy shit the entitlement here!no not about entitlement. he admits to attacking passwords of 28 miners. and in no place does he say he had permission. the 2 miners I own 9.5 % of had a hashing issue during the time he was brute forcing miners.
if I go to a gym locker and try a 3 digit combo lock 20 times a day until it clicks open I am breaking the law in most counties. even if I push it locked again.
the op admits to doing this with knc passwords. so dude this is not about entitlement. this is about the op admitting to attacking passwords on valuable gear. I am not the op. I am a part owner of 2 machines that the op may have attacked. so 28/1100 = 2.5% chance but I have 2 machines so about 5% chance he tried on my gear. my gear had a loss unexplained loss of hash power. what do you expect me to think?
December 31, 2013, 01:09:34 PM
I did think about it. I found it to be bad timing on your part to announce you did this and that the announcement matches very odd behaviour of our miners. What I would like to know is how many miners other then the two mention have this problem which is why I posted this here. You have admitted you viewed 1100 plus miners. if only the two I mention have this problem after being viewed by you then most likely this has nothing to do with your testing.
Holy shit the entitlement here! December 31, 2013, 01:08:52 PM
I did think about it. I found it to be bad timing on your part to announce you did this and that the announcement matches very odd behaviour of our miners. What I would like to know is how many miners other then the two mention have this problem which is why I posted this here. You have admitted you viewed 1100 plus miners. if only the two I mention have this problem after being viewed by you then most likely this has nothing to do with your testing.
Well, just wait until the post goes public then! Hurry up and push KnC to patch up.
Can you imagine the horror once i post the full details?
For your information; the +1100 miners are public available on the net, everybody can scan and see them.
I bruteforced 28 logins, but i never actually logged in. Dont you know your KnC has a log? CHECK YOUR LOG BEFORE THROWING MUD!!!
So you attacked 28 logins of the 1100 plus miners and you were successful with them. your words not mine . you claim to own 2 machines so at best 26 miners are not yours. did you get permission to try them? so I do I know if one or both of the machines I own shares in were not damaged by you?
causing them to lose about .5btc each in hash. look If no one comes to the thread other then me then maybe the 28 machines you hacked were not injured in terms of hash power. but announcing to the world that you hacked /brute forced 28 machines puts you at risk for damages. Any one including me and my 9.5 percent share of 2 Jupiter's (about 100gh) can say your actions caused them harm. Frankly I am posting this here to say that brute forcing some ones password with out permission is not to clever in terms of liability .
Can you prove the 28 machines that were brute forced were not damaged? Can you prove you did not attack the machines I own a piece of? Most people do not realize that for civil damage the proof is not as high as it is for criminal damage. So I am not slinging any mud I am pointing out that you may have set yourself up for problems. you should have asked for 30 knc owners to be testers.
If you had permission to do a brute force attack on the 28 machines you should have told us that right up front.
December 31, 2013, 12:22:13 PM
Of course this kind of thing is a risk if you use a weak password and then forward the ports to allow incoming connections directly from the big bad internet. Duh. This goes for any device.
December 31, 2013, 12:02:00 PM
I did think about it. I found it to be bad timing on your part to announce you did this and that the announcement matches very odd behaviour of our miners. What I would like to know is how many miners other then the two mention have this problem which is why I posted this here. You have admitted you viewed 1100 plus miners. if only the two I mention have this problem after being viewed by you then most likely this has nothing to do with your testing.
Well, just wait until the post goes public then! Hurry up and push KnC to patch up.
Can you imagine the horror once i post the full details?
For your information; the +1100 miners are public available on the net, everybody can scan and see them.
I bruteforced 28 logins, but i never actually logged in. Dont you know your KnC has a log? CHECK YOUR LOG BEFORE THROWING MUD!!!
December 31, 2013, 11:56:54 AM
I did think about it. I found it to be bad timing on your part to announce you did this and that the announcement matches very odd behaviour of our miners. What I would like to know is how many miners other then the two mention have this problem which is why I posted this here. You have admitted you viewed 1100 plus miners. if only the two I mention have this problem after being viewed by you then most likely this has nothing to do with your testing.
December 31, 2013, 11:20:00 AM
Quite frankly after read this I think you owe coins to us on this thread:
https://bitcointalksearch.org/topic/dz-mc-round-5-6-knc-jupiters-please-move-s-and-discussions-here-334360
I believe you screwed up our 2 miners
we have a 2-3 day coin less gap
https://blockchain.info/address/19NAwha8LGpRFEBwRgjH5ZMB9YyXeqyY9V
https://blockchain.info/address/13fGQGmb6Xi576ppJTkeXk34yDDRmvxjm4
(Eleuthria )
this direct appeared on both out payout addresses and we lost coins.. the timing matches to your playing around with out 2 miners along with 1100 other miners.
Quote
I intend to do no harm. No miner has ever been in my control, or ever will be.
Why should i screw with 2 miners, while i have 6 jupiters standing here.
Also, why screw with miners who are pwd protected, while there are hundres of miners with default login.
And mostly, why would i post a topic after screwing with miners.
Think about it ;-)
December 31, 2013, 11:09:14 AM
December 31, 2013, 10:30:42 AM
No, the details are not public yet.
There is a significant difference in making a custom rom, and explaining how you can gain access to thousands of remote miners out there.
Custom ROM is intented to use on your own hardware.
My hack is intented to remotely control another miner, making it useless to the owner, since he can no longer login.
There is a significant difference in making a custom rom, and explaining how you can gain access to thousands of remote miners out there.
Custom ROM is intented to use on your own hardware.
My hack is intented to remotely control another miner, making it useless to the owner, since he can no longer login.
Ok.
But just wanted to check its different than brute-forcing the credentials of the remote miner
And loading your custom rom on it.
And would like to confirm that a true factory reset (not software - but the physical hold for 5 seconds to load image from rom, etc)
is unable to restore the miner to its default.
Code:
DESCRIPTION = "Daemon to monitor power button"
LICENSE = "GPL"
LIC_FILES_CHKSUM = "file://COPYING;md5=d41d8cd98f00b204e9800998ecf8427e"
SRC_URI = "file://monitor-pwbtn.c \
file://init \
file://factory_config_reset.sh \
file://COPYING \
"
S = "${WORKDIR}"
do_compile() {
make monitor-pwbtn
}
do_install() {
install -d ${D}${bindir}
install -m 0755 ${WORKDIR}/monitor-pwbtn ${D}${bindir}
install -m 0755 ${WORKDIR}/factory_config_reset.sh ${D}${bindir}
install -d ${D}${sysconfdir}/init.d
install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/monitor-pwbtn
update-rc.d -r ${D} monitor-pwbtn start 70 S .
}
A 'true' factory reset does exactly the same on sofware level then a 'software' factory reset
Just some minor details change, the miner connects to a server of KnC to get some info, that's it.
December 31, 2013, 10:23:15 AM
No, the details are not public yet.
There is a significant difference in making a custom rom, and explaining how you can gain access to thousands of remote miners out there.
Custom ROM is intented to use on your own hardware.
My hack is intented to remotely control another miner, making it useless to the owner, since he can no longer login.
There is a significant difference in making a custom rom, and explaining how you can gain access to thousands of remote miners out there.
Custom ROM is intented to use on your own hardware.
My hack is intented to remotely control another miner, making it useless to the owner, since he can no longer login.
Ok.
But just wanted to check its different than brute-forcing the credentials of the remote miner
And loading your custom rom on it.
And would like to confirm that a true factory reset (not software - but the physical hold for 5 seconds to load image from rom, etc)
is unable to restore the miner to its default.
December 31, 2013, 10:15:37 AM
No, the details are not public yet.
There is a significant difference in making a custom rom, and explaining how you can gain access to thousands of remote miners out there.
Custom ROM is intented to use on your own hardware.
My hack is intented to remotely control another miner, making it useless to the owner, since he can no longer login.
There is a significant difference in making a custom rom, and explaining how you can gain access to thousands of remote miners out there.
Custom ROM is intented to use on your own hardware.
My hack is intented to remotely control another miner, making it useless to the owner, since he can no longer login.
December 31, 2013, 09:53:16 AM
December 31, 2013, 05:52:39 AM
And everyone thought this was HashFast, well played OP!
http://eligius.st/~wizkid057/newstats/userstats.php/1Nbq2XZaRsKknf5fcT2wTXvBS31PaUWSeX
http://eligius.st/~wizkid057/newstats/userstats.php/1Nbq2XZaRsKknf5fcT2wTXvBS31PaUWSeX
LMFAO!!!
December 31, 2013, 04:44:32 AM
PLEASE USE A ROUTER INSTEAD OF DIRECT INTERNET ACCESS !!!
December 30, 2013, 05:45:31 PM
And everyone thought this was HashFast, well played OP!
http://eligius.st/~wizkid057/newstats/userstats.php/1Nbq2XZaRsKknf5fcT2wTXvBS31PaUWSeX
http://eligius.st/~wizkid057/newstats/userstats.php/1Nbq2XZaRsKknf5fcT2wTXvBS31PaUWSeX
December 30, 2013, 04:34:00 PM
... API ...
December 30, 2013, 04:30:43 PM
I don't have a KNC but thank you for the info. Other miners maybe vulnerable too and a really good password is a must. I'm not a network expert but hiding your miner hardware behind a router is a great idea IMHO. So thanks
Jump to: