Author

Topic: PSA *Urgent* Secure your Claymore ETH mining rigs NOW (Read 339 times)

hero member
Activity: 687
Merit: 511
Awesome.  I'm shocked that someone who was foolish enough not to change the defaults on Claymore would be competent enough to configure their router to port map to it.  Wink  Maybe this botnet should create a bounty for Claymore to add UPnP support - that would definitely help them get a few more machines.

Really this only must affect very small users, unless they mapped each of their rigs to different ports, and I highly doubt the botnet is portscanning a target, but instead just looking for open machines.  I would also suspect this is targeted more to people colo'ing at traditional datacenters where they have a static IP and their box exposed to the world (as a miner-specific colo is going to presumably have them behind a router/firewall).
hero member
Activity: 1274
Merit: 556
If you have opened port 3333 on your modem\router and not set a password you deserve it. NO ports should be open to your mining rig, you should VPN to your router or another machine then connect to mining rig
This is how I understand it too, right?
So the firewall on my router should block any traffic into any port that I haven't specifically opened/forwarded (even using uPnP), correct?

This would affect people having specifically opened and forwarded port 3333 and not set a password in Claymore settings?
legendary
Activity: 3808
Merit: 1723
This started happening probably about a year ago.

By default Claymore config makes changing settings disabled to prevent this from happening.
hero member
Activity: 630
Merit: 502
Code:
masscan -p 3333 --max-rate 99999 -oX botnet.xml 0.0.0.0/0
sr. member
Activity: 847
Merit: 383
If you have opened port 3333 on your modem\router and not set a password you deserve it. NO ports should be open to your mining rig, you should VPN to your router or another machine then connect to mining rig

Truth
sr. member
Activity: 306
Merit: 251
If you have opened port 3333 on your modem\router and not set a password you deserve it. NO ports should be open to your mining rig, you should VPN to your router or another machine then connect to mining rig
full member
Activity: 251
Merit: 100
There is a botnet that is capable of compromising Claymore ETH mining rigs at default settings. It will change the wallet address to the hacker's.

Please take action to secure your mining rig now. It can be done through the use of a simple command line switch.

https://www.cryptoinfomag.com/2018/01/18/satori-botnet-attack-hijacks-ethereum-from-mining-rigs/
Jump to: