Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Mining (Altcoins)
Re: My EthOS instances, hacked
by
nsummy
on 29/09/2018, 04:32:15 UTC
Quote from: Xazax310 on September 25, 2018, 04:25:04 PM
Quote from: aar on September 24, 2018, 07:44:40 PM
Was running 1.3.1, this morning they're all pointed at a different pool.

Looks like every one of my 4 machines has been rooted, teamviewer and a few other things automatically installed (and ran)

02:35 PM ethos@49a38f 192.168.0.118 [miner started] /home/ethos $ ps -ef | grep eam
root       731     1  0 14:31 ?        00:00:00 /opt/teamviewer/tv_bin/teamviewerd -f

Can update local.conf, and has been forced to this wallet proxywallet 0x00351843e3e2fbaa8e1e87dd962c90b999acee60

Which appears to be mining now on various pools (I was nanopool) - suspect I am not the only one exploited

But if you check etherscan, a lot of payments coming from other pools.

And yes, my SSH login was secure.

I suspect this was caused by an exploit in ShellInABox  (easy to google it). A very old version comes packaged with ethOs.

02:38 PM ethos@49a38f 192.168.0.118 [miner started] /home/ethos $ /usr/bin/shellinaboxd --version
ShellInABox version 2.10 (revision 239)

I've stopped the hack by, sudo mv /opt/miners/claymore /opt/miners/clayno, which leaves my machines useless.

[killing the miner doesnt work, as auto reboots, cant change wallet config, as mounted read only, lots of horrible kit things also there].

Does anybody know where the EthOS dev's are?  

If you get bored, you can track the money to https://etherscan.io/address/0x003e36550908907c2a2da960fd19a419b9a774b7



I've told many people to stay away from ETHos, main Dev abandoned the project a year ago, terrible interface to change any settings, extremely costly (If you actually bought ONE per rig $40??). Here's how to not get hacked. Get rid of that PoS "mining operating system" and move to something like Simple-miningOS or better than simple mining HiveOS. If you don't like either of those (for some weird reason) you can always use NV-OC or RX-OC which are free and decent. I actually purchased ETHos in my review/quest for a miningOS's. I didn't like it, clunky to change settings in claymore, how to monitor the miner remotely, etc none of it was simple. Moved to SMOS which as better. I used that for a few months before jumping into HiveOS. HiveOS is by far and large best Linux mining OS. Constant updates. 1-3 days for new miner released to get added in. Easy to see all your rigs what failed etc. In the end I'm actually using Windows and Awesome-miner because for my medium-sized farm is actually cheaper paying one time fees than monthly fees and windows has far superior power saving features compared to linux.

Amen to this, but anyone using these linux-based mining OSes are living on borrowed time.  The one theme I see with them is they all tout the mining updates they provide, but they also have zero documentation on what packages are installed, what kernel is installed, and if there is a security update mechanism.  I mean this is the documentation:  http://ethosdistro.com/source/   Ubuntu 14.04, really?  I think its safe to assume that no one that is running this is applying security updates with any frequency.  If you want to run linux, do it right and get Ubuntu or something similar and do it yourself.  If that is too daunting, then Awesome miner on windows is the best choice.