Re: Ebit e9 miner with 6.8Th/s from Ebang company a new rival for existing producers
So your telling me that the client that you use to connect to it does not allow connections to the miners. The exploit is in the appweb code itself in the firmware.
You------------------------> Miner
You----Fetch Code-----> Miner.
Does not matter what the Miners are behind because the code is run from the connecting client and then executed on the Miner.
Does not matter what the miners are behind or if your use a vpn to connect to them.
So, Unless you invalidate all ssl certified servers the code has already ran. On every page on every miner you have connected to.
Now is when you say. "Oh Shit".
And for those of us with S9's yea heres the mea culpa from bitmain about there backdoor.
https://enforum.bitmain.com/bbs/topics/4194
You------------------------> Miner
You----Fetch Code-----> Miner.
Does not matter what the Miners are behind because the code is run from the connecting client and then executed on the Miner.
Does not matter what the miners are behind or if your use a vpn to connect to them.
So, Unless you invalidate all ssl certified servers the code has already ran. On every page on every miner you have connected to.
Now is when you say. "Oh Shit".
And for those of us with S9's yea heres the mea culpa from bitmain about there backdoor.
https://enforum.bitmain.com/bbs/topics/4194
You got it, you are definitely not a complete idiot like smart-ass.
Here, to remove the remote exploit of the ebang miners try running this batch file.
Your firewalls are useless against ebangs remote exploit. Here is how to disable it on a per machine basis.
Check every version of firmware with fgrep -r baidu . You will find it in all of them
This is for both windows and windows 64 bit version. Linux users well we already know.
When you can remotely change any javascript variable on a page via remote execution its a bad thing mkay.
https://pastebin.com/raw/euPTXM1g
Update on the last bomb run on root, Currently the mask of 0X00EE-0X00FF on the 16 range pinyin for the root password has begun.
Smartass1 don't bother the code is in batch file and may be to complex for you.
How to tell a smartass is a dumbass, simple a dumbass can at least use cabextract to get one fucking file and follow directions.
Blob conversion of the s9's has begun to be fully gpl compliant.
Don't bother donating to me Ill collect the bounties
Actually if you are running miners behind some NAT (in internal network behind router) - you don't need to worry about firewall I think
You may worry about china soft itself (inbound connections that cgminer make) - for example there are china pools hardcoded for sure
Just now ssh is just very very handy way to manage your miners remotely. And some insurance for cases when WebUI went down.
May be some more things and modifications will come in future (like nxsub support or fan control)
Here, to remove the remote exploit of the ebang miners try running this batch file.
Your firewalls are useless against ebangs remote exploit. Here is how to disable it on a per machine basis.
Check every version of firmware with fgrep -r baidu . You will find it in all of them
This is for both windows and windows 64 bit version. Linux users well we already know.
When you can remotely change any javascript variable on a page via remote execution its a bad thing mkay.
https://pastebin.com/raw/euPTXM1g
Update on the last bomb run on root, Currently the mask of 0X00EE-0X00FF on the 16 range pinyin for the root password has begun.
Smartass1 don't bother the code is in batch file and may be to complex for you.
How to tell a smartass is a dumbass, simple a dumbass can at least use cabextract to get one fucking file and follow directions.
Blob conversion of the s9's has begun to be fully gpl compliant.
Don't bother donating to me Ill collect the bounties
All, there is no need to pay someone for some fancy firmware, put your miners behind a statefull firewall like an ubiquity edgemax ($70) and just block all inside to outside ip connections that have nothing to do with the pool you are using. Manage your miners via an encrypted vpn (ubiquity supports ssl and ipsec) and you are golden.
Actually if you are running miners behind some NAT (in internal network behind router) - you don't need to worry about firewall I think
You may worry about china soft itself (inbound connections that cgminer make) - for example there are china pools hardcoded for sure
Just now ssh is just very very handy way to manage your miners remotely. And some insurance for cases when WebUI went down.
May be some more things and modifications will come in future (like nxsub support or fan control)
im a security network engineer, they can put whatever code in what they want, if i only allow connections from my miners to the public ip addressen I choose (pool of my choice) then these miners can not phone home.