[ad_1]
Another major campaign targeting Ethereum's mining platforms has been going on for at least a week, since December 3, ZDNet reported, citing Troy Mursch, co-founder of Bad Packets LLC, a computer security company. Attackers are scanning devices with port 8545 exposed online, which cost carefree miners more than $ 20 million in June this year, when the same thing happened.
Port 8545 is standard for the JSON-RPC interface of many Ethereum portfolios and mining equipment. Some Ethereum software applications may be configured to display a Remote Procedure Call (RPC), the purpose of which is to provide access to the programmatic API (application programming interface) that a service or a & # 39; Authorized third-party apps can query and interact or retrieve data from the original Ethereum service. The RPC interface can also allow access to very sensitive functions, such as private keys, personal data and the like.
In theory, the interface should only be exposed locally, but some app wallets and mining tools enable it on all interfaces. In addition, this JSON-RPC interface, when enabled, does not include a password in the default configurations and relies on users who set one. If this remains exposed on the internet, attackers can freely transfer funds from the victim's address to their own.
here too, 1st wave seen around 16:00 UTC pic.twitter.com/i5dXEohYI0
– ZeroBS_GmbH (@zero_B_S) 10 December 2018
Many manufacturers of rigs and wallet app manufacturers have taken precautions to limit the exposure to port 8545 or have completely removed the JSON-RPC interface. The Ethereum team has sent a security notice to all Ethereum users about the dangers of using mining equipment and Ethereum software that exposes this API interface on the Internet, recommending that users take precautions by adding a password to the interface or using a firewall to filter incoming traffic for port 8545.
To show the vulnerability of many miners, ZDNet writes that "A quick Shodan [search engine for Internet-connected devices] the research shows that almost 4,700 devices – most of which are Geth's mining equipment and Parity portfolios – are currently exposing their port 8545. "Even if the price of the asset is reaching new lows, settling at around $ 90 from the moment of the writing, this did not discourage the attackers from looking for easy holds.
As previously reported, protecting yourself from these attacks does not have to be very difficult. DIY with your Ethereum customer should be prohibited unless you are sure you know what you are doing, and reading the warnings accompanying the app you are using should be your first step. Of course, if you have a good reason to enable the RPC interface, protect it with an access control list (ACL), firewall, or other authentication system.
[ad_2]
Source link
