Hard to say
Maybe open ports of VNC or ShellInabox
maybe something els dowloaded repo, autofan, or custom miner
it started one or two weeks befor Hiveos 2.0 for me
exactly the same happened for me. Iāve written above my problem in separate topicā¦ The sad things is that I got basically 0 % response from devs and I see a lot of people having problems with this stuffā¦
I can try to help if you are actually āin problemā. So next time it happen let me know, I can give you some hints. Maybe it will be hard to synchronize (Iām in canada), but Iāll keep this discussion opened.
Steps to do to begin, when you have the problem:
1- Do this command: netstat -na | grep ESTA
2- Take the ports on āstrangeā connections (the number after the : before the ESTA)
3- Do this command: lsof -i:PORTNUMBER where PORTNUMBER is the port from #2
4- You will see a process name and a PID number, keep them in note.
5- You can do: ps -ef | grep PID #to see the running process
6- You can do: lsof -p PID #to see all open files, sockets
7- You can do: cat /proc/PID/cmdline #like #5, you can see a bit more sometimes
From there you can have a lot of info, or none (if you have rootkits/obfuscated miners)
1 Like
Wow Bagster,
great thing you did.
but for me is it a bit hard when i am rookie in Linux at all 
As long as you know how to start teleconsole/shellinabox, you can do it on console + notepad on your pc.
If router firewall not good enough
Any update? Still having the problem every day?
Could be an issue with the ISP doing a man-in-the-middle attack. Or Mining Pool.
As iāve been operating pools before there are many ways this can happen, Poolside, ISP or even Pool-host issues.
(my pool is lyra2z.com) You can try this and see if the problem remains, best would be to test all factors separately so you can rule out things.
If it were mitm, his hashrate would have stayed the same, but not on the pool. Locally in hiveos interface he seeās hashrate going down, like if a 2nd miner took some processing power.
Latest update:
i have changed time zone of rigs - i can now reboot them in day time, not in night 2:30.
second i have installed fresh copy of hiveos (new SSD) and now second day everything is OK
for looking strange connection and PROC for me is to hard work
Humm, so with your new fresh copy, try to harden it a bit. Change passwords, donāt forward unnecessary ports from router (I hope your hive ip is not facing internet directly)
1 Like
yes, sure
i changed all all passwords, turned off VNC, disabled sheinabox, closed all ports i guest that will be enought
what time zone did you change your rigs ? (+12 hours so you can do this at lunch ?)
I still got my problem which is close to yours Iāve posted link above , dont want to go in full details but basically my rigs become offline everynight and HTTP test fails as curl hive os serversā¦ Strange is cards stay at about 70 % and draw not low power but miner seems not to run. Only manual restart works , watchdog doesnt restart them etcā¦ I tried adding on rig to proxy today but after that it fails to connect to hive os servers and even though itās mining (everything running fine) it appears offline on hive os page and I cannot control it by any meansā¦
I live in +3 time zone so i change to -4, than it happens in morning 9:30 a.m.
Why you do not want to try to new fresh installation - new USB or SSD?
i will do it as soon as I get physical to my rigs because they are 30 mins by car. I will reinstall them
Did you change the password to the terminal? I noticed that root and user have the same password after installation and you should change them both. I once left a rig with unchanged password and it was silently taken over in under 2h.
There are bots out there that are programmed to try and get in your system if you left default login information and theyāre quick about installing rootkits or just their own miner software, which was the case for me.
I started seeing my hashrate go down and load on the system skyrocketing so I went in and started digging, you may find these particular commands useful:
last - Shows you last successful logins to the system and by whom
lastb - Shows you last attempts to login to your system and user
top - Shows you system utilization, however, I prefer atop but itās a 3rd party install
I found someone logged in as āuserā as obviously password wasnāt changed and installed Ravencoin Miner under ~/home/user in dot directory.
If your systemās been compromised and this way for a long time, I would reinstall and make sure you change passwords for ārootā and āuserā when you login to terminal by doing:
passwd user
passwd root
Hope this helps and good luck, if it always goes down exactly at 2:30am, there maybe a ācronā or āatā jobs somewhere that trigger their software at that time.
1 Like
Same here, same hour, but not always.
Today didnāt.
I think problem is clear
someone is scanning ports and via VNC, shelinabox or others comes inside in add second miner somewhere.
to avoid that i think we must to close all ports from router. disable VNC and Shellina box and change all password.
and if you already have this problem - best solution fresh install Hiveos
1 Like
You said someone is scanning ports. Just at 2:30am (SERVER TIME)? How āsomeoneā know that its 2:30 on the server? We have same symptoms even we change timezones or so.
A few systems with exactly the same settings and spec works with no problems for weeks or even months, but some crashed as soon as you set timezone to get near 2:30am!
99.9% hives scripts or packages problem, but as guys said above HiveOS developers simply donāt care about their customers who pay money! 
I suspect that somehow infect the system injected some script that exact at 2:30a.m. launch other miner which mines to other wallet.