OS
Pool
ASIC Firmware
ASIC Hub
More
blog
Blog
News and Articles
forum
Forum
Top discussions, announcements, help
Show all articles
Referral Program
referral
Increase your income with Hive. Invite your friends and earn real cryptocurrency!
Get your referral link

Virus on hive-os_kernel#110

#22

Try searching the root files for an installed malicious script. On each rig, open a Hive Shell, once open, type in the following query (hit enter after “cd /usr/bin” and enter again after “find a.sh” [do not use the full quotes])

cd /usr/bin/
find a.sh

The system should return the following repsonse;

find: ‘a.sh’: No such file or directory

(Note: “a.sh” stands for Administrator Shell) If the system does not return anything but “No such file or directory” , your system is hacked and you should do a full install of HiveOS using the most recent stable version. Always download the most recent version of HiveOs and put an Air Gap between the file and any system which is online or connected to the internet.

1 Like
#23

Pretty scary. Do you exactly know when you where hacked? If it happened after a specific build upgrade (as it seems) the image should be immediately pulled, a lot of users experienced the upgrade issue (impossible to selfupdate) after a hive-replace, there’s another 3d covering the issue

#24

I had issues early on when I started mining. I noticed I was mining on Unmineable and found I was submitting shares but Unmineable showed my rigs off line. I ran across a youtube video where a Linux programmer showed how to search for malicious scripts in Ubuntu. After I purged my systems, I put my rigs behind two firewalls and purchased a Cisco DMVPN network switch (Dedicated Managed VPN). I had one of my network Admin’s at work program the DMVPN switch. After the network upgrades, I do not have issues with someone trying to hack my systems. Well worth the $1500 bucks. Now my entire house is behind two firewalls, a DMVPN and a big sandbox. I monitor my systems with my Mac running intrusion detection programs and I monitor my network with Wire Shark. If someone is tries to hack my network, I just DDOS their IP address. They stop really quick.

#25

Also use a separate network for iot/mining from your regular one.

Seems that this has been making the rounds

#26

Hello!
i too had 51.159.1.221 as token, i removed all sessions changed password and also redid my 2fa setup and it did reaper now after an hour or so. DEV team needs to answer in total what we need to do at this point.
Do we have to go out of our way reintalling every single workers hiveos?
thats a huge hassle…

#27

Ok so 51.159.1.221 keeps reappearing when i login via app. Is this a ip not to be worried about or should i be worried??

#28

yep same for me, when i log in from app
CFNetwork/897.15 and 51.159.1.221 keeps re appearing…

#30

Hive Os def. need to get on this ASAP and my best belief is that they are working they’re hardest on this as we speak!

#31

Something is DEF upp since api just went down!

#32

Report status: After a few hours without login from hiveos from android app no new sessions or similar things has popped up…

#33

Do you think that the vulnerability is exploited by the android app?

#34

I’m def. not sure. But hive has a API in france, you can redirect workers to i think its paris API for example if you have trouble with rigs going offline… That was my initial thought maybe it corelates to that server/api in someway?

#35

Not certain but could be that I was using nextdns. I disabled it and haven’t seen the france address since

#36

You’re correct, when you log in from the mobile app the ip from France appears but I guess is by design, probably when you use the app a gateway is used to admin the farm. I may be wrong but this is not an attacker

#37

This topic was automatically closed 416 days after the last reply. New replies are no longer allowed.