Hi,
I've used HiveOs for a few weeks now, on and off, as I've been ill lately, but so far I really love everything about the OS except for one thing:
With regular intervals, my rigs suddenly go offline, and rebooting doesn't help, I have to mount a display and check what is going on, and my rigs then appear under other names - "mark3", "mark6" etc. instead of my own rig names.
They also appear to be mining, but not to my own accounts. So I can only assume that I have been hacked, and someone else is taking the profit.
At first I was running Claymore miner, I did a bit of googling and found that there were mentions online of hacking vulnerabilities with that miner, and so I changed to Ethminer, but today it happened again. I managed to get the rig back after forcing "firstrun -f" and entering my own rig credentials again, and I'll see how long that lasts.
After one of the previous incidients, while I was still running Claymore, the rig would just crash immediately after attempting to force "firstrun -f", so the only way to get the rig back online was to flash a new OS on a USB stick, and start over fresh.
I'd really appreciate input from people here about this issue - if anyone else have had similar issues, and if so, what to do to prevent against it.
Advance thanks!
1. Use 2FA on HiveOS web site
2. Remove any port forwarding on your router or install fail2ban on HiveOS
3. Change user default password
4. Use an antivirus if you use Windows
5. Do not use any phone app who ask your HiveOS API key (I see some and there are not official)
Thanks a lot clems, it happened tonight again, always seems to happen at night around 3-4 o'clock, probably so that the hacker can rest assured my rigs will mine for a few hours before I wake up and discover it. Tonight a 3 o'clock my rig was hijacked again and when I woke up it had been renamed "mark 3".
Of all your suggestions this is my status
1. I have already activated 2FA
2 . AFAIK I don't use any port forwarding on my router, but it is a closed ISP router anyway, so AFAIK there's not much I can do with it. So fail2ban is probably my best option.I'm a complete linux noob - could you please explain to me how I can install fail2ban under HiveOS?
3. user default password - I'm not sure which password you mean, but AFAIK I've changed every password, and used pretty secure ones too (long passwords with mix of upper and lower case letters, numbers, symbols etc.)
4. I use only Mac OS X and HiveOS except for my wife's laptop that I've used to flash the memory sticks for HiveOS. I don't think that laptop use antivirus except for the frequent Microsoft updates (Win10).
5. I've used the Nicestats iOS phone app to check on my Nicehash stats, which don't use any HiveOS API keys, but of course it has access to my Nicehash credentials. Using those somebody could probably hijack my Nicehash account before even involving HiveOS. So I believe you may have put me on the right path there. I'll delete that app and change all my Nicehash passwords.
Thanks a lot for your valuable input! :-)