Hi
Thanks, so its working so far.
I hope it will stay working, when is this password required as I changed it and i dont ever see Hiveos asking for this password, not even when i start a shell , thanks
Through shellinabox
My shellinabox never works… anything i need to do? it says network error
I also noticed a different IP, a 129.xxx IP that logged into my hiveos few days back… this could be the hacker, can i block or report this IP?
Shellinabox requires you to be on the same local network as your rig.
Could be outside access, but some folks are also accessing their rigs from mobile devices, remote work places, etc., and until you eliminate those as “known”, you may not be able to conclude such.
Who would you like to report the IP address to? The Police?
Oky, so how does the hacker access it if he is not on the local network? I can only access through the shell
Have not seen an answer to this question. Did I miss it?
im not sure how to check this
top of this picture, see the IP address? 192.x.x.x is a “non-routable” address of the rig itself. Similar would be 10.x.x.x
At the very bottom, you can see remote IP masked with all x.x.x.x’s.
That is what HiveOS believes is your internet facing address in my situation. Yours is the question.
fwiw: The first 3 digits: 123.x.x.x are what?
yes, i can see my IP there yes… it shows the IP…
Are they 192.x.x.x or 10.x.x.x?
its 192
With a 192 address, the only likely way someone is getting through is via open ports on your router, port forwarding, DMZ open, WiFi open or by downloading via non-Hiveon sources.
oky, i got some ports open yeah but ill close them as it was for a bobcat miner. THanks for your help , i hope all will be fine as i went to get a new USB flash
What you are likely seeing is folks getting direct access to the rig vs. getting to the rig via the.Hiveos.farm account.
They get access to the rig, swap a flight sheet file and point it somewhere.
You can track the.hiveos.farm activity in the activity tab, and as you saw, via the access lists. Hence, not likely the path.
Oky so i logged in the router and noticed some events…
| 1 | 2022 Aug 20 19:53:48 | Sec Account | warn | User admin login from 192.168.1.42 successful |
|---|---|---|---|---|
| 2 | 2022 Aug 20 10:51:54 | Sec Account | warn | User session timeout |
| 3 | 2022 Aug 20 10:41:20 | Sec L2TP | notice | L2TP VPN receives ppp4.1 WAN Connection UP |
| 4 | 2022 Aug 20 10:41:20 | Sec L2TP | notice | ============== |
| 5 | 2022 Aug 20 10:41:20 | Sec L2TP | info | L2TP VPN FSM Result: opt:0,conf:0,start:0,stop:0,purge:0 |
| 6 | 2022 Aug 20 10:41:20 | Sec L2TP | info | L2TP VPN FSM: En:0(chg:0),IpsecChg:1,PoolChg:0(en:0),dnsWa:0,dns1:0,dns2:0,win1:0,win2:0,group:0 |
| 7 | 2022 Aug 20 10:41:20 | Sec L2TP | info | WanUd: UP WAN ETHWAN (ppp4.1) is Multiwan ACTIVE mode (shown in Multiwan GUI) |
| 8 | 2022 Aug 20 10:41:20 | Sec L2TP | info | WanUd: MultiWan Config #3: if=ETHWAN(ppp4.1), grp=Default, IP=, En=1, Passive=0 |
| 9 | 2022 Aug 20 10:41:20 | Sec L2TP | info | WanUd: MultiWan Config #2: if=ADSL(ppp2), grp=Default, IP=, En=1, Passive=0 |
| 10 | 2022 Aug 20 10:41:20 | Sec L2TP | info | WanUd: MultiWan Config #1: if=VDSL(ppp3.1), grp=Default, IP=, En=1, Passive=0 |
| 11 | 2022 Aug 20 10:41:20 | Sec L2TP | info | ppp4.1 WAN Config: applied as default gateway, Dynamic IP Address |
| 12 | 2022 Aug 20 10:41:20 | Sec L2TP | info | ppp4.1 WAN: IP: 197.87.181.219, GW: 197.87.234.1, DNS: 197.80.80.80,197.84.84.84 |
| 13 | 2022 Aug 20 10:41:20 | Sec L2TP | notice | ppp4.1 WAN is up |
| 14 | 2022 Aug 20 10:41:20 | Sec L2TP | notice | L2TP VPN receives ppp4.1 WAN UPDATE (IP=197.87.181.219). |
| 15 | 2022 Aug 20 10:41:20 | Sec L2TP | notice | ============== |
What does this mean?
Good place to start is understanding where L2TP is in use, by whom, and why:
1 Like
Thanks for the link.
Some routers have issues. Make sure you are running a recent firmware or try one of the open projects.
Are you running something like UPnP? Might be convenient but the source of a thousand headaches. Disable it on all your devices. Also, check you don’t have any exposed ports. There are several scanners around. Hell, there are even sites that will list open ports (https://www.shodan.io/)
This topic was automatically closed 185 days after the last reply. New replies are no longer allowed.