Guys and Girls be cerful at your pool if miner is working. Looks like HIVE-OS got some virus on server when you download image (kernel-Upgrade) your rig will swap on another wallet on Flexpool.
when you instal Kernel 5.10.0 #110 no command will work like upgrade or replace.
On that wallet is more then 50GB hash stolen from people !
always important to use 2FA and cahnge your ssh passwords from default if your network is used for anything besides mining.
This is realy bad anwser from support team. First of all i use 2FA and SSH paswoord is changed. Im owner of more then 1000Gpu. From i can see you have some serius problem over there. Hacker can brick your code and run their sistem on your server and you even dont know that. I repet one more time please check your sistem again before telling me about 2FA and SSH.
YES, that is happening to me! What we need yo do? Im lost.
do a clean install, and configure from a new uncompromised device only. make sure you change default passwords.
Ok, now im doing that… But i have a question… The agressor appeared in My account panel, when its said SESSION, they Enter in my account? Becouse hive never advertise me with an email or something
In Activity said : Login: and the hacker ip…
I have 2fa, i Dont understand why or how he Enter My rigs or acc
Revoke any sessions that you don’t recognize
I know, but i Dont know how, he have the access to create his personal access… How i know if he Enter My account? There is no email or something that advertise me.
https://id.hiveon.com/auth/realms/id/account/sessions
Revoke/remove any you don’t recognize, or all and re login all your devices.
I just tried keaton’s suggestion for sessions and got one in france!?!?! Already revoked it
Other Session Tokens
Other
[51.159.36.160 ](https://ip-api.com/#51.159.36.160)
CFNetwork/897.15
14:17, May 17, 2022
Revoke
Other
CFNetwork/897.15
14:30, May 18, 2022
Revoke
I revoked the sessions and the tokens, but keep reappearing
Any chance for a blacklist? I’m on a dynamic ip, so would be concerned to use the whitelist, since I could be blocking myself out of hive
ill pass the request on to the team
I smell something inside DEV team.
Its not possible to get into the sistem like that. First of that you need to brick Internet conetion after taht you need to found un-sec port after taht you need to found HIVE-OS name and pass of machine after that you can run script its almost impossible. Unless, someone from inside is sharing information.
This is addres of hacker wallet.
I would definitely like to know what service is provided by 51.159.36.160.
I’m afraid to delete that personal token and run the risk of not being able to access my account.
That is an ip located in france. Haven’t been in france in the last 24h, so not me.
I’ve deleted it a few times, but kept reappearing, so now I disabled it
Didn’t had any issues when I deleted it.
have you tried to contact the people at flex? That address has 8 gh/s, but seems they only scammed $18k. Doesn’t sound that much for a scam operation, unless they have more accounts.
If they are not hunting for things like this (ip from all over), blocking the wallet will probably only delay these guys a little until they update their code with a new address.
However, do try as Keaton suggested a clean install. Don’t use the media you had before until you had a chance to fully erase it. Change your rig id as well.
Seems that something is hijacking your rig. The doubt is whether it is something local to you or something on hive’s end?
@keaton_hiveon, just found that the paris ip shows when I use the app on ios. Why would it create a token from a paris ip?
I revoke all and always keep apearing… My solution was a fresh re install of hive in all My rigs, and eliminate SSH, and all the other bullshit… For now he didnt appeared
glad you squashed it.
I keep getting the french connection 
I suspect the phone app
@keaton_hiveon any feed back about paris?
Just for peace of mind I changed my password, and got 5 confirmation emails. Is that correct?