It would appear someone has gained access to your rig and taken over with malware or direct attack.
If you are rig is not locked down with VNC disabled, having challenging passwords put in place, and having your rig behind a NAT/firewall: Shut down, reflash the OS Media from scratch and secure the rig.
<for the record, I don’t know jack about ezil mining or the pools you are talking about, but wallet changing is not good>
Oh dam, please dont say that… Im so tired of hacks so please tell me how to do these things?
Can i do all these in routers? Anything i need to do in HIveos?
Is your IP address exposed directly to the internet?
If so, adding a simple NAT router for hour home/office LAN is a good first line of defense.
If you are running on wireless in an apartment, condo, etc., you’ll need to secure that as well.
Have you changed your default password settings in the shell?
Sign in to Hiveon ID revoke any unfamiliar sessions, enable 2fa, reflash drive and change the default system password.
Hi
I will be buying a new USB Flash and try all this. Thanks
Hi
Thanks, so its working so far.
I hope it will stay working, when is this password required as I changed it and i dont ever see Hiveos asking for this password, not even when i start a shell , thanks
Through shellinabox
My shellinabox never works… anything i need to do? it says network error
I also noticed a different IP, a 129.xxx IP that logged into my hiveos few days back… this could be the hacker, can i block or report this IP?
Shellinabox requires you to be on the same local network as your rig.
Could be outside access, but some folks are also accessing their rigs from mobile devices, remote work places, etc., and until you eliminate those as “known”, you may not be able to conclude such.
Who would you like to report the IP address to? The Police?
Oky, so how does the hacker access it if he is not on the local network? I can only access through the shell
Have not seen an answer to this question. Did I miss it?
im not sure how to check this
top of this picture, see the IP address? 192.x.x.x is a “non-routable” address of the rig itself. Similar would be 10.x.x.x
At the very bottom, you can see remote IP masked with all x.x.x.x’s.
That is what HiveOS believes is your internet facing address in my situation. Yours is the question.
fwiw: The first 3 digits: 123.x.x.x are what?
yes, i can see my IP there yes… it shows the IP…
Are they 192.x.x.x or 10.x.x.x?
its 192
With a 192 address, the only likely way someone is getting through is via open ports on your router, port forwarding, DMZ open, WiFi open or by downloading via non-Hiveon sources.
oky, i got some ports open yeah but ill close them as it was for a bobcat miner. THanks for your help , i hope all will be fine as i went to get a new USB flash
What you are likely seeing is folks getting direct access to the rig vs. getting to the rig via the.Hiveos.farm account.
They get access to the rig, swap a flight sheet file and point it somewhere.
You can track the.hiveos.farm activity in the activity tab, and as you saw, via the access lists. Hence, not likely the path.
