WARNING: Possible mining software exploit

edited March 2014 in General

Hey guys,

I don't want to cause panic but at the same time i think all miners should be aware of a possible exploit to mining software. The exploit allows the attacker to insert a fake TCP packet and redirect miners to a different pool or server.

So far all of the reports have come from pools using a VPS or a VM. These are shared services and it woulden't be very hard for someone else who is sharing the service to sniff packets and do something dodgy.  We are not one of those pools running on a VPS or a VM we run on decdicated servers with dedicated external lines..

There is an option you can enable in your miners to prevent this attack while new updates are added to the software. While i dont think it is 100% necessary to add this option those who are worried can add it to ensure piece of mind.
Please also keep an eye on your miners and what url they are mining to as I'm
sure you already do.

Fix thread or more info. http://www.reddit.com/r/litecoinmining/comments/216ydt/psa_possible_miner_exploit/

Comments

  • Apon further investigation looks liek its only been reported on multipools (the profit switching ones)

  • edited March 2014

    If you use an app like CGWatcher, it has an option to prevent this and even will notify you by email when someone attempts it. Handy little app for setting up and starting miners as well. At least for cgminer, not yet tried it with the other one or with cpuminers yet. I dont think it supports cpu mining at the moment, sort of wished it did.

    need to make sure that the donate option is not enabled in that app though. or else with the pool guard and donate on, it will constantly send emails while trying to donate mine during the time selected for it to do so.

Sign In or Register to comment.