Minepeon security issue

If you use Minepeon for your Raspberry Pi based Bitcoin mining rig then you might be a risk of someone changing your pool settings and sealing your mining power!

The Minepeon web interface uses the API to get the stats from the mining software. It seems the default setting on Minepeon is to have the miners API accessible to all IPs and without a password!
This means if your mining rig is on a public IP or someone gets on to your network then they could connect to that IP and point your rig at another mining pool/user so that they get the hashes you have generated.

Below is how to change the configuration so that the API is only listening on the local host and therefore securing it from anything accessing it which isn’t running on the Raspberry Pi.

1) SSH on to the Raspberry Pi.
2) Put in the following command to edit the miner config files.


nano /opt/minepeon/etc/miner.conf /opt/minepeon/etc/miner.conf.donate /opt/minepeon/etc/miner.user.conf

3) Edit the following line from

"api-allow": "W:0\/0",

To

"api-allow": "127.0.0.1",

4) Press CRTL + X This will then ask you if you want to save the changes, Press y
5) After saving the changes the next file will open, make the same changes you did in step 3. This will be done 3 times to change all the files.
6) Login to the Minepeon web interface and restart the miner.

To check to make sure the changes are working you can try to connect to the API at the following URL, change <ip> to be the IP of your Pi.
http://<ip>:4028/

You should get an error message, Something like Connection reset or no data received depending on your browser.
If you get a page which looks like the following then API access is still open and you should check the changes have been saved, if they have save then try restarting the Pi.

STATUS=E,When=1390150582,Code=14,Msg=Invalid command,Description=bfgminer 3.4.0

A fix has been pushed to the Minepeon Git repo, so this should be fixed in the next version. I believe Minepeon version 0.2.4 and lower are vulnerable to this issue.

Some tools

Recently I have had a bit of spare time so thought I would add a couple of projects I found interesting to my web site.

IPv6 Stats

This tool allows you to get some stats on people visiting websites which have a small image included in the page. The image is used to collect the stats.

You can view the stats I have collected on my own sites at http://ipv6stats.noroutetohost.net/

Feel free to add the collector image to the your own site to help build up the stats, this will work even if your site is only running on IPv4. Use the following code on your site.

The stats tool was created by Eric Vyncke, you can see the stats that Eric has collected at his website. Eric also has some interesting IPv6 deployment stats

DNS Check

This tool runs various DNS checks and lets you know of any errors, checks include IPv6 checking and DNSSEC. You can also enter in name servers to run the check against, which is useful if you are changing DNS servers and want to make sure that things are setup correctly before you change servers.

You can check your domains at http://dnscheck.noroutetohost.net

DNS check was created by the guys at http://iis.se and the source code can be downloaded from https://github.com/dotse/dnscheck

At some point I will get around to updating the themes on the above tools so that they blend in a bit more with the rest of the site.

TinEye – reverse image search engine

I was browsing the internet the other day and I came across this site and thought it was very useful so I thought I would post it up here

TinEye – http://www.tineye.com

its search engine however instead of typing text of what you want to search for you upload or provide a link to an image you want to look for and it will find images based on that image

for example you see someone has posted a picture of their desktop that you like the back ground image to however it has icons, etc on it, you can upload it to TinEye and if an image that looks the same is in its database then it will show you list of results.

so say I saw this and wanted to to find the original image.

withclock

I could upload it to TinEye and get the original image

376897623l

or put this in

AbbeyRoad

and get this

nogriffin

its also useful if you have an image and want to see if you can get it in a higher resolution.

From the TinEye website

    What is TinEye?

TinEye is a reverse image search engine. You can submit an image to TinEye to find out where it came from, how it is being used, if modified versions of the image exist, or to find higher resolution versions. TinEye is the first image search engine on the web to use image identification technology rather than keywords, metadata or watermarks.