Hacked for the 3rd time ! What am I doing wrong?

As the title says. My rig again got hacked today. The wallet address automatically changed in the miner config files. This is happening through that exploit where if we keep default user ID and password, your account can get hacked.

As I was a victim of this earlier, I was cautious this time.

I did a fresh install, changed my hiveOS ID, changed the default rig password before 1st time boot up, changed the VPC /SSH password. But after running smooth for 10 days or so, again hacked !!

What more do I need to do ? can someone please tell me the steps that they do to secure their setup.

Any help appreciated.

I doubt I am skilled enough to assist, but are you running on fixed and exposed IP address vs. behind a NAT router/firewall?

Well, I have it hard wired to a LAN port in the wall. Which has a direct connection to the white box (sorry I don’t know what it is) which was provided by the builder and installed at main entrance of the apartment along side all other MCB etc.

I have my router connected to a different LAN port in the house. My mining setup is not connected to that.

Hope this help :slight_smile:

I would guess a device inside of your router vs the wall connection has an IP address starting with 192.168.xxx.xxx or 10.xxx.xxx.xxx. These would be NAT addresses and increase security a bit.

If the above is true inside your router, and your miner is on address which is not 192. or 10. something, you may be running your miner open to the internet or visible to other folks in the apartment or neighborhood.

If all addresses are 192 and 10 non-routable connections, you might have the culprit much closer.

Ok so I cross checked. The white box at the entrance of my house has some MAC address written on it. From that I have taken a LAN cable into a switch, which further goes in one of the port which gives LAN port to my room.

The IP address currently shows as 90.xxx.xxx.xxx. This I’m seeing on my worker screen (right next to Os version and miner uptime )

I am fairly certain 90.x.x.x addresses are routable and accessible so, local and remote users can attempt to directly login to your device.

2 Factor authentication and locking down all the ports, etc., will be the bare minimums.

Curious as to why you have this area set up differently from your mining investment as I suspect your router is running NAT and providing a bit more protection:

This topic was automatically closed 416 days after the last reply. New replies are no longer allowed.