Ninjastic
Search content
Sort by
Showing 4 of 4 results by black007miner
Post
Topic
Board Pools (Altcoins)
Re: [ANN][AUTO-SWITCH] Profit-switch auto-exchange pool: CleverMining.com
by
black007miner
on 24/03/2014, 14:12:41 UTC
Quote from: Burnie on March 24, 2014, 11:44:27 AM
Quote from: ghur on March 24, 2014, 11:14:57 AM
Let's look at this from a different vector.

I don't use cgminer, but these miners come with a certain amount of remote management right?

Can affected users confirm these ports are exposed to the internet? Possibly you use it yourself to monitor your miner while away from the house?

Wouldn't it be more plausible an exploit was found in the miner's API that allows an attacker to issue such commands?
Try changing your API password to something much stronger?

That was my first thought also, that either the API or the API manager was breeched.
- open port for the API, API web management with weak or no password, etc



I have no open ports for API, or Web Management. I use PFSense for my router/firewall. I have a dedicated laptop with fresh install of Win 7 with Logmein, then SSH onto the Rigs from that point.



Post
Topic
Board Pools (Altcoins)
Re: [ANN][AUTO-SWITCH] Profit-switch auto-exchange pool: CleverMining.com
by
black007miner
on 24/03/2014, 01:35:51 UTC
Quote from: Terk on March 24, 2014, 01:28:48 AM
Just a question to everyone who was affected: what backup mining pool(s) do you have configured in your miners?

ltc.ghash.io
mine.coinshift.com


1 of my 6 rigs redirected to 190.X, another stopped mining at ny.clevermining.com and went to backup pool: ltc.ghash.io
Post
Topic
Board Pools (Altcoins)
Re: [ANN][AUTO-SWITCH] Profit-switch auto-exchange pool: CleverMining.com
by
black007miner
on 24/03/2014, 00:00:00 UTC
Quote from: Meeho on March 23, 2014, 11:57:37 PM
I am not using anything besides Kalroth's cgminer 3.7.3 and my hijacking was only taking place while mining on Waffle. I would expect it to continue even after changing to CleverMining. Also, it doesn't seem likely to me that all the affected users were hit by malware on both various Linux distributions, BAMT and Windows. And I haven't touched my mining rig for the last couple of weeks and it only got hijacked today.

Changing pools seems to "fix" the redirect from my experience. I changed to sf.clevermining.com after I noticed the redirect, and it started working perfectly after that point.
Post
Topic
Board Pools (Altcoins)
Re: [ANN][AUTO-SWITCH] Profit-switch auto-exchange pool: CleverMining.com
by
black007miner
on 23/03/2014, 23:48:09 UTC
Quote from: minedout on March 23, 2014, 11:25:36 PM
Anyone hijacked WITHOUT using CGwatcher or CGremote?

I am not using CGwatcher or CGremote.

I have 6 Rigs total, and 1 of the 6 rigs was redirected to 190.97.165.179, was using ny.clevermining.com.

SMOS Linux 1.3 with Kalroth.