Hacking Cryptocurrency Miners with OSINT Techniques

Comments

  • cidmocidmo ✭✭✭ Member Posts: 446 ✭✭✭
    edited October 2017
    all the info needed for this is in the readme files for the miners lol
    cryptocurrency is pretty much run by hackers
  • cjclm7cjclm7 Member Posts: 77
    how can we avoid this type of attack to our miners?
  • digimondigimon Member Posts: 43
    edited October 2017
    cjclm7 said:

    how can we avoid this type of attack to our miners?

    I see the -mport and -mpsw options related to remote management in Claymore's miner readme file, for instance.

    With -mport switch it is possible to disable remote monitoring and management altogether, or enable monitoring, but disable management (see readme file for details). Also in readme file: "Warning: use negative option value or disable remote management entirely if you think that you can be attacked via this port!", and the default -mport value is -3333, so by default it is set for monitoring only.
    And with -mpsw switch it is possible to setup a password for remote management.

    I suppose if you are behind a firewall and do not have a port forwarding rule configured on the firewall for remote access to TCP port 3333, then you are protected, but can explicitly disable the remote monitoring and management using -mport 0 option as well.

  • digimondigimon Member Posts: 43
    edited October 2017
    cjclm7 said:

    how can we avoid this type of attack to our miners?

    The Claymore's miner has -mport and -mpsw options to control remote monitoring and management, for instance.

    It is possible to disable remote monitoring and management altogether using -mport 0, or leave monitoring on and disable management only by providing a negative port value like -mport -3333, which is the default setting.
    And it is possible to set a password for remote management using -mpsw.

    If the miner is behind a firewall and there is no port forwarding rule configured on the firewall for remote access to TCP port 3333, then you are most probably safe from this type of attack, but can also explicitly disable remote monitoring and management for Claymore's miner using -mport 0 option.

  • ecs87ecs87 ✭✭✭ Dekalb, ILMember Posts: 339 ✭✭✭
    digimon said:
    Anyone leaving ports open on their mining rigs to allow R/W access without securing them are morons and deserve to be hacked.
  • digimondigimon Member Posts: 43
    ecs87 said:

    digimon said:
    Anyone leaving ports open on their mining rigs to allow R/W access without securing them are morons and deserve to be hacked.
    I doubt that someone who is aware about the threat will choose to stay unprotected. That's why this post - to bring awareness to the masses :)
  • cjclm7cjclm7 Member Posts: 77
    edited October 2017
    ecs87 said:

    digimon said:
    Anyone leaving ports open on their mining rigs to allow R/W access without securing them are morons and deserve to be hacked.
    well I am guessing I am one of those "morons" since last night from 3am to 4am (UTC+3) my miner kept on working but maybe he was mining to other address since he "disappeared" from the pool radar...



    Windows 10 Pro, 2 miners connected to same router...



  • digimondigimon Member Posts: 43
    cjclm7 said:

    ecs87 said:

    digimon said:
    Anyone leaving ports open on their mining rigs to allow R/W access without securing them are morons and deserve to be hacked.
    well I am guessing I am one of those "morons" since last night from 3am to 4am (UTC+3) my miner kept on working but maybe he was mining to other address since he "disappeared" from the pool radar...


    Windows 10 Pro, 2 miners connected to same router...

    It could be your Internet provider doing maintenance. Was your Internet connection up at that time?
    You can check the logs of the miner to find out more about the downtime.

    If you use Claymore's miner and did not enable remote management without strong password, it is unlikely that you are a "morron" :)

    Also, in Claymore's miner you can setup failover servers using epools.txt file, in case the main pool server is not accessible.
  • cjclm7cjclm7 Member Posts: 77
    Thanks, the explanation is simple: it is due to Europe´s Summer/Winter time switching (clock returns 1h, and it happened on that night).
    So, no "morons" issue :D
  • digimondigimon Member Posts: 43
    cjclm7 said:

    Thanks, the explanation is simple: it is due to Europe´s Summer/Winter time switching (clock returns 1h, and it happened on that night).
    So, no "morons" issue :D

    Good for you.
    There was about 5 hours outage at Ethermine pool on Nov 9th, 2017, and my mining chart looked similar to yours except there was a 5 hours void vs. your one hour.
    Here are the details about that outage:
    https://medium.com/@bitfly/eu-stratum-mining-server-outage-postmortem-60f00e4c4411
Sign In or Register to comment.