Pool Url change automatically - d1.projectlight.io

Wallets and Pools
,
1

Hi Guys

I’ve been having a nightmare as of late…

I mine to Ezil and for the last week or so i notice my Pool URL change to d1.projectlight.io automatically… i check my flightsheet and it still says Ezil and im using secure ports etc. but this happens automatically without me doing anything… so i dont know where my rewards are going to. I cant find d1.projectlight.io on google so please help… i dont know if im hacked or something but this is annoying. I contacted Ezil and they said i should try hiveOS support.

I have already done the Hivereplace command and that works… for a few hours, but the next day ill check and ill see my rig went off and on and with a different pool url… yesterday it was some weird IP, today its back to projectlight

I’m using a USB Flash drive … See pics below of miner

image
image1219×704 106 KB

Anyone else experienced this before?

2

It would appear someone has gained access to your rig and taken over with malware or direct attack.

If you are rig is not locked down with VNC disabled, having challenging passwords put in place, and having your rig behind a NAT/firewall: Shut down, reflash the OS Media from scratch and secure the rig.

<for the record, I don’t know jack about ezil mining or the pools you are talking about, but wallet changing is not good>

3

Oh dam, please dont say that… Im so tired of hacks so please tell me how to do these things?

Can i do all these in routers? Anything i need to do in HIveos?

4

Is your IP address exposed directly to the internet?

If so, adding a simple NAT router for hour home/office LAN is a good first line of defense.
If you are running on wireless in an apartment, condo, etc., you’ll need to secure that as well.

Have you changed your default password settings in the shell?

Image 8-18-22 at 2.42 PM
Image 8-18-22 at 2.42 PM549×946 113 KB

1 Like
5

Sign in to Hiveon ID revoke any unfamiliar sessions, enable 2fa, reflash drive and change the default system password.

6

Hi

I will be buying a new USB Flash and try all this. Thanks

7

Hi

Thanks, so its working so far.

I hope it will stay working, when is this password required as I changed it and i dont ever see Hiveos asking for this password, not even when i start a shell , thanks

8

Through shellinabox

9

My shellinabox never works… anything i need to do? it says network error

10

I also noticed a different IP, a 129.xxx IP that logged into my hiveos few days back… this could be the hacker, can i block or report this IP?

11

Shellinabox requires you to be on the same local network as your rig.

Could be outside access, but some folks are also accessing their rigs from mobile devices, remote work places, etc., and until you eliminate those as “known”, you may not be able to conclude such.

Who would you like to report the IP address to? The Police?

12

Oky, so how does the hacker access it if he is not on the local network? I can only access through the shell

13

Have not seen an answer to this question. Did I miss it?

14

im not sure how to check this

15

top of this picture, see the IP address? 192.x.x.x is a “non-routable” address of the rig itself. Similar would be 10.x.x.x

Image 8-10-22 at 1.32 PM
Image 8-10-22 at 1.32 PM1240×986 196 KB

At the very bottom, you can see remote IP masked with all x.x.x.x’s.

That is what HiveOS believes is your internet facing address in my situation. Yours is the question.

fwiw: The first 3 digits: 123.x.x.x are what?

16

yes, i can see my IP there yes… it shows the IP…

17

Are they 192.x.x.x or 10.x.x.x?

18

its 192

19

With a 192 address, the only likely way someone is getting through is via open ports on your router, port forwarding, DMZ open, WiFi open or by downloading via non-Hiveon sources.

20

oky, i got some ports open yeah but ill close them as it was for a bobcat miner. THanks for your help , i hope all will be fine as i went to get a new USB flash