Virus - BOT

miner

#1

every day at 2:30 a.m. all my rigs goes down. But power consumption stays the same or become higher.
after restart everything goes well till next day 2:30 a.m. I think some one STEALS my hash - it some kind of virus or BOT…
Watchdog is set, but this virus ( I suspect) bypass it somehow…

PLEASE can some one tell how to fix this problem!!!
I have changed Internet provider, changes miners, algos, passwords. but i got the same - 2:30…

Please Please Please


#2

Does this go down on the Pool only or HiveOS shows as down and the pool shows no hashing as well?

Are you using https connections to your pool?


#3

pool shows 0 hash after 2:30 a.m.
to look on pool that is results - yes i am using HTTPS but how it can influence?
I guest that there is some one like BOT in hive LINUX OS and it runs every day at 2:30 A.M.
But how find it and fix that???


#4


#5

Use command(ssh or teleconsole) : netstat -t -u
You can see where are miner connected and then kill connection if not connected to you pool.


#6

netstat shows:
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:64452 TIME_WAIT
tcp 0 0 localhost:58018 localhost:4068 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 hv36accu6041.maso:59906 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:54085 TIME_WAIT
tcp 0 0 localhost:58012 localhost:4068 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:49567 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:53387 TIME_WAIT
tcp 0 0 Ichill_6_70ti:52726 hvj.pl:3353 ESTABLISHED
tcp 0 0 localhost:58020 localhost:4068 TIME_WAIT
tcp 0 0 localhost:58006 localhost:4068 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:61485 TIME_WAIT
tcp 0 0 localhost:58014 localhost:4068 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:64087 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:50393 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:56390 TIME_WAIT
tcp 0 0 localhost:57988 localhost:4068 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:61453 TIME_WAIT
tcp 0 0 localhost:58008 localhost:4068 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:60293 SYN_RECV
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:60783 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:65476 TIME_WAIT
tcp 0 0 Ichill_6_70ti:4200 78-61-249-182.sta:59825 ESTABLISHED
tcp 0 0 Ichill_6_70ti:5900 174.138.8.132:40546 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:54043 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:55186 TIME_WAIT
tcp 0 0 localhost:57994 localhost:4068 TIME_WAIT
tcp 0 0 Ichill_6_70ti:55120 198.251.89.103:4553 ESTABLISHED
tcp 0 0 Ichill_6_70ti:46580 host122-126-40-:omniorb ESTABLISHED
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:52159 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 hv36accu6041.maso:64121 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:58347 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:64743 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:58371 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:52881 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 41.71.74.242:60685 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:59868 TIME_WAIT
tcp 0 0 localhost:57990 localhost:4068 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 174.138.8.132:56054 TIME_WAIT
tcp 0 0 localhost:58002 localhost:4068 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:65305 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:58762 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:60143 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:51043 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:53447 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:58751 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:57570 TIME_WAIT
tcp 0 0 Ichill_6_70ti:5900 216.170.114.106:51721 TIME_WAIT
tcp 0 0 localhost:57996 localhost:4068 TIME_WAIT
tcp 0 0 localhost:58000 localhost:4068 TIME_WAIT

but pool shows 0 rigs

one more thing i notice that in hive show that i mine 4.778 TH/s speed, that is impossible with LYRA2Z algo with my 8 1070ti cards.
So that mean this VIRUS steals my hash in other algo…


#7

so why any comments from developers???
we are paying money for this OS and we cannot get solutions for problems…
maybe developers are in this deal of stealing our hash???


#8

I got the exact same problem … I described it here : All rigs goes offline at the same time(almost everynight at 11:30 pm ) with all the info. Same rigs seems to work , very high CPU utilization , never gets any good untill I reboot the rig manually … I’ve posted maybe dozens of times on telegram / bitcointalk and here and no1 ever answered my question…


#9

Please don’t accuse anyone of stealing Klepas, it’s a big accusation.

Usually this kind of problem happen when you mine devfees.
Do you have same problem with different miner?
Do you have a firewall that may block some common devfee pools?


#10

yes couples of miners - ccminer, EWBF, DSTM, also with different algo in CCminer and situation is the same.
I don’t believe that devfee turns on every day equally at 2:30 and mine not for me till you restart rigs. I did not restart one rig more than one day and is was mined whole the time not for me…
Is it norma? maybe i am wrong.

i have firewall in router only and it is turned on - maybe it is not enough?

also one more thing - how this BOT bypass (cheats) watchdog??? I set for e.g. 100sol and after 2:30 hiveos shows 40 or 30 sols but watchdog do not send restart or reboot commands - STRANGE…


#11

Seeing your netstat output, you only have 4 established sessions. 1 seem to be a lyrz2z pool (the 192.251.89.103 one). You have to check the 3 others. (btw you have a lot of portscan on your vnc port, maybe you can drop it on your router?). hvl.pl seems to be a vps on aruba.it, probably the host122 ones too. Those 2 seems to be connected to a know port for pools too. Best thing to do to debug more is to do lsof on process using these ports, you’ll see the process, then you can maybe find the config somewhere (command line in /proc or somewhere else)


#12

Bagster, i found fomthing in proc, what should i do with it?


#13

Interesting topic which I will follow.

Sometime during few days I have the same thing at 1 am. My rig goes down and I have to restart it manually otherwize it will not start again.

Does anyone else have the same ?


#14

As I understand lot of Hiveos users got similar problem and it not depends on what miner you are using


#15

My case is a little bit different compared to yours. In my case the rig just stop mining and stays iddle until I restart it again. The watchdog doesn’t do anything (no restart). It just wait.


#16


#17

i this it is similar like with your 1070ti, because in my case it only drops, not stops. but drops by 90%.


#18

Every one with this problem mining ethash?
Does the problem still occur using a proxy?


#19

no not everyone
I mine equihash192 and HEX
also the same with Lyra
i dont think that is due miner or algo


#20

Process of elimination.
What does every one have in common besides HiveOS?