R0land Posted January 19, 2018 Share Posted January 19, 2018 (edited) Anscheinend ist die claymore Miningsoftware unsicher. Über den Remoteport kann die Walletadresse geändert werden, welches auch schon vom Satori-Botnet ausgenutzt wird. Den passenden Exploit gibt es schon seit über einen Monat in Netz: https://www.exploit-db.com/exploits/43231/ R.I.P. Claymore Edited January 19, 2018 by R0land Link to comment Share on other sites More sharing options...
Dogma2k Posted January 19, 2018 Share Posted January 19, 2018 Mass dafür nicht die write funktion aktiv sein? Bei read-only sollte ja noch alles im grünen sein, oder? Link to comment Share on other sites More sharing options...
R0land Posted January 19, 2018 Author Share Posted January 19, 2018 (edited) vor 4 Minuten schrieb Dogma2k: Mass dafür nicht die write funktion aktiv sein? Bei read-only sollte ja noch alles im grünen sein, oder? Ne, eben nicht ! Die erzeugen einen Buffer overflow, ändern dann die reboot.bat und rebooten. Edited January 19, 2018 by R0land Link to comment Share on other sites More sharing options...
Dogma2k Posted January 19, 2018 Share Posted January 19, 2018 ach du sch... dann ist wohl wirklich erst einmal schluss. Link to comment Share on other sites More sharing options...
Judi Posted January 19, 2018 Share Posted January 19, 2018 Gibt es vernünftige Alternativen? Link to comment Share on other sites More sharing options...
Dogma2k Posted January 20, 2018 Share Posted January 20, 2018 z.B. sgminer-gm, xmr-stak, 1 Link to comment Share on other sites More sharing options...
Shitdoor Posted January 20, 2018 Share Posted January 20, 2018 Stellt ihr eure miner um oder wartet ihr ab? Ich hatte nen artikel gelesen das es um eine schaden von 1800$ ging da lach ich drüber... Link to comment Share on other sites More sharing options...
Shitdoor Posted January 20, 2018 Share Posted January 20, 2018 ich kontrollieren meinen farm wert täglich und wenn in 7 tagen der wert X nicht gefarmt ist dann sollte man reagieren natürlich abzgl. Der difficulty Link to comment Share on other sites More sharing options...
hagbase Posted January 20, 2018 Share Posted January 20, 2018 Wie wäre es den mit -mport 0 damit wird alles abgeschaltet. Kein Remote zugriff etc.. Link to comment Share on other sites More sharing options...
Dogma2k Posted January 20, 2018 Share Posted January 20, 2018 vor 2 Stunden schrieb Shitdoor: Stellt ihr eure miner um oder wartet ihr ab? Ich hatte nen artikel gelesen das es um eine schaden von 1800$ ging da lach ich drüber... Ich finde egal wie groß eine Farm ist, 1800$ schon ne stolze Summe. Ich würde da nicht drüber lachen auch wenn ich 1MH/s im Crytonight hätte Link to comment Share on other sites More sharing options...
hagbase Posted January 20, 2018 Share Posted January 20, 2018 Wie gesagt -mport 0 dann ist der ganze remote kram abgeschaltet. Claymore hat schon in der Version 10.2 darauf aufmerksam gemacht. Link to comment Share on other sites More sharing options...
MrBonk Posted January 20, 2018 Share Posted January 20, 2018 vor 2 Stunden schrieb hagbase: Wie gesagt -mport 0 dann ist der ganze remote kram abgeschaltet. Claymore hat schon in der Version 10.2 darauf aufmerksam gemacht. -mport 0 heist das dann dass ich nicht mehr mit TeamWeaver drauf kann?? Link to comment Share on other sites More sharing options...
hagbase Posted January 20, 2018 Share Posted January 20, 2018 19 minutes ago, MrBonk said: -mport 0 heist das dann dass ich nicht mehr mit TeamWeaver drauf kann?? Gegenfrage was hat claymore mit teamviewer zu tun und umgekehrt? Link to comment Share on other sites More sharing options...
MrBonk Posted January 20, 2018 Share Posted January 20, 2018 Gerade eben schrieb hagbase: Gegenfrage was hat claymore mit teamviewer zu tun und umgekehrt? Das hatte ich mir auch gedacht aber von dummen fragen lernt man eben ^^ Daher gehe ich einfach davon aus, das -mport 0 nur claymore specifisch ist Link to comment Share on other sites More sharing options...
hagbase Posted January 20, 2018 Share Posted January 20, 2018 (edited) Genau. Einfach in eure bat reinpacken fertig. Quote 1. CVE-2017-16929 works only if you specified -mport > 0 and don't use password (-mpsw). Also it can crash miner: From History.txt: ... v10.2 - fixed critical issues in remote management feature (attacker could crash miner even in read-only mode). ... That was the last known security issue and it was fixed in v10.2 and above. Here is my opinon: Yes my miners have "remote management" feature that allows administrators to upload files, restart miners etc. It's not a vulnerability itself. Also I know that this feature can be used by attackers, therefore by default miner uses "read-only" mode which ignores all commands except "miner_getstat1" (I mean recent versions of my miners, very old versions have no "read-only mode"). User must specify "-mport" option and positive port manually to enable potentially dangerous commands. Also I added "-mpsw" option that allows users to set a password for remote management. Also miner shows warning during startup if "read-only" mode is disabled and -mpsw is missed. Also I added necessary information to Readme file. And, of course, it's bad idea to make these ports public, they must be used in local network only, "-mport" option can expose the port to specified network interface only. To make this feature dangerous, user must do the following: 1. Disable "read-mode", ignore miner warning. 2. Ignore "-mpsw", i.e. don't set a password, again ignore miner warning. 3. Expose the port(s) to internet. So, in my opinion, I did everything to make this feature safe as much as possible, but some users have no idea/knowledge what they do when they change default settings. Edited January 20, 2018 by hagbase Link to comment Share on other sites More sharing options...
Shitdoor Posted January 20, 2018 Share Posted January 20, 2018 Danke hagbase werde ich tun... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now