in the last 24 hours, my rig.conf changed 5 times. Suddenly there are different RIG_ID and RIG_PASSWD values in my rig.conf. My rig suddenly works for someone elses wallet. I have to change the rig.conf back to my own parameters and reboot the machine. After some hours of mining for my account it gets hacked again and foreign login data is in my rig.conf. How does this happen? I tried to make rig.conf read-only, but this does not work. chattr +i rig.conf doesn’t work either. I seriously need help making a linux operating secure.
Have you enabled 2FA using Authy?
Utilise a complex password not used anywhere else.
Make sure rig is sat behind a Firewall
Hope this helps…
I’m using 2FA with Google Authenticator
I changed my password now, rebooted my machine and added a crontab to restore my original rig.conf every minute. One more thing i have to add is a script that reboots if the rig.conf is not my original config.
I have a router and a firewall of course. I hope this helps and I don’t get hacked again.
Have you got any open ports on the FW?
Check your logs for suspicious inbound traffic on the FW
If you see suspicious traffic blacklist those IP ranges
I’m sure I saw something about google authenticator somewhere but may be wrong, is info just being changed on the rig, or are your wallet details also being changed when you login to hive?
Ok, i had a look at my router’s log and there were many failed attempts to login into my router/ftp or other things. The IP 126.96.36.199 tried to login. I looked it up and there are many reports about abuse from this IP. I reconfigured the firewall and I hope this helps.
My wallet details are unchanged in hive os. I wrote a script now to compare the rig.conf and put it in a crontab. Then i changed the config and the comparescript fired and rebooted the machine. After the reboot the crontab is gone. How can i make the crontab persistent?
Ok, i found the /hive/etc/crontab.root to make the crontab persistent
are u using dmz for your rig? its happen with me too, i was with dmz on, now i turned it off. Hope was this… i have google authy too.
can u share your crontab file? its a good idea this one, but i dont have this knowledge to do lol
It was a firewall issue, i had the vnc port open to the internet. Someone found out about this and used the default password and changed my config. The port is now blocked and i changed the vnc password. I don’t need to access VNC from the internet any more and the rig runs stable.
If you want, you can use this script, but most probably it’s never run if you protect your machine with proper passwords and don’t expose VNC or SSH ports to the internet unless you REALLY need it.
if ! cmp /hive-config/rig.conf /hive-config/rig.conf.ok >/dev/null 2>&1
cp /hive-config/rig.conf.ok /hive-config/rig.conf
Save as /hive-config/compare.sh
Copy your valid rig.conf to rig.conf.ok and add in your /hive/etc/crontab.root a line like this:
*/5 * * * * /hive-config/compare.sh
This checks every 5 mins for changes to the file. If you change anything you have to make a new copy of your rig.conf to rig.conf.ok
Overall I don’t recommend running this script in crontab at all.
Just change default passwords, configure firewall and close ports if you don’t need them.
thanks bro, really apreciated it. i gonna tey it now! save my day lol