OS
Pool
ASIC Firmware
ASIC Hub
More
blog
Blog
News and Articles
forum
Forum
Top discussions, announcements, help
Show all articles
Referral Program
referral
Increase your income with Hive. Invite your friends and earn real cryptocurrency!
Get your referral link

Need help remote reinstalling Hive OS ( unable to use firstrun -f ) rigs compromised

OS setup and Linux
#1

I have about 20 rigs that’s in a remote data center, being a total idiot, I did not change the default SSH cress. Long story short 10 out of 20 rigs are currently being used by someone else to mine their own account.

I was wondering if there was a way I can remote wipe / re-install Hive OS as if it was a fresh install, and this time around I will change the SSH / Open VPN passwords so I hopefully don’t run into this issue again.

I have access via a KVM so I can have direct interaction with the rigs as if I’m physically connected to it. I tried using firstrun -f ( not sure if this is the right command ), but I got something like file not found. Im suspecting something happened with the settings of the rig.

Any help to point me towards the right commands to remote reinstall Hive OS is greatly appreciated.

#2

Image 12-19-21 at 6.18 PM

If you still have access to root.

Hope you can get them back quickly.

KVM ability to reboot and get access to the BIOS? Any other alternative boot processes?

#3

yes, Im able to have access to root and get access to BIOS. I’ve set them to boot from the SSD only, and not allow any booting over ethernet.

I’ll try the command and hopefully that’ll get things resolved.

#4

under root, I just tried running the firstrun -f, but I get the result command not found.

This leads me to think they’re trying to prevent me from fixing the rig. Is there any way I can regain the firstrun -f process?

thanks

#5

Have tried hive-replace -y —stable

That should reload the OS and set password to default. Then let you change the password with commands listed.

#6

Witaj w poście wyglądało jakbyś nie dał spacji po poleceniu firstrun .
Polecenie wygląda tak
firstrun -f
firstrun(spacja)-f
I oczywiście wszystko z małych liter.
Wydaje się śmieszne lecz czlowiek popełnia najczęściej najprostsze błędy .
Pozdrawiam . Mam nadzieję że chodź trochę pomoglem

#7

The easiest way is to flash the hive image again. Otherwise, you need to change the SSH password, and then remove all compromised files.

If it is the exploit from earlier this year, remove these:

* /usr/bin/a.sh
* /lib/systemd/system/as.service
* /etc/rc.local
* dw
* /hive-config/wallet.conf
#8

Yep, I tried it with space, I get the reply " command not found "

#9

This seems to be what Im looking fow. Re install the Hive OS again, but this time around change all the ssh pw with " hive-passwd yournewsecurepass . " and " passwd user "

Hopefully this will fix things once and for all.

thank you for pointing me towards the right direction.

#10

I tried looking for those files, and didn’t see any. but either way a fresh re-flash is most likely the easiest way to fix.

thanks for the suggestions.

#11

This topic was automatically closed 416 days after the last reply. New replies are no longer allowed.