Some customers complained recently that their mining farms were hacked, the workers in the pools were tampered and the hashrate was stolen. According to our investigation and analysis, most of the cases were caused by customers accessing irregular websites, downloading third-party firmware or overclocking firmware. In addition, if the miner was second-handed or repaired at unauthorized service station, it will be most possibly attacked by virus.
Symptoms of Virus Infection
- Workers in pools are tampered
- Firmware cannot be upgraded: When click on Upgrade, 120-second countdown will be displayed immediately, shown as below:
The percentage of uploading will be prompted at the lower left corner of the browser if it can be upgraded normally (only Google Chrome supported), shown as below.
- Password on mining configuration page will be tampered to an unknown one so that the page cannot be accessed.
- In the case of normal hardware and network, many miners suddenly suffer from zero hashrate and failure of firmware upgrading.
- To solve aforesaid problems, the following preventive measures and solutions are recommended:
- Do not visit unidentified or unauthorized websites.
- Do not download or use third-party firmware (especially S9, T9+ overclocking firmware), please visit the official website to download firmware.
- Be sure to modify the miner login password in time.
- In the case of second-handed machine or repairment at unauthorized service station, please flash the firmware and modify the login password before use.
(I). Network Isolation (Important)
Check all computers and miners in the network to ensure that they are free from virus infection. Isolate the infected machines from other machines in the network.
- Secondary routing for isolation, shown as follows:
- Divide into three zones: virus-infected machines, recovered for observation, normal machines.
- No need to add any routing pointing at other routers, that is, use the default settings.
- Main cable out of primary router is connected to WLAN port of secondary router.
- The switch is connected to LAN port of secondary router.
- The miner IP address is obtained on secondary router.
- Conduct subnet isolation at network convergence layer to prevent mutual communication in internal subnets.
- In output devices, block the FTP, HTTP and HTTPS protocols on the network segment in corresponding miners to prevent virus variants from being automatically updated.
(II). Resume Default Settings
Use SD card to resume firmware in all machines. Tutorial of resuming firmware with SD card: How to re-image Beaglebone board for an Antminer S5
The image file of Antminer could be downloaded on the Bitmain official site.
(III). Modify Miner Login Password (Important)
After resuming the default settings, be sure to modify miner login password as soon as possible. The password should be set as complicated as possible. The steps of modifying password are as follows:
Modify Password in Single Miner
- Enter the configuration page, click “System -> Administration”, enter the old password in “Current Password” first, then enter the new password twice in the “New Password” and “Confirmation”. Click “Save&Apply” to save the new password.
- After successful modification, “Updating Password” will prompt.
Batch Password Modification in Multiple Miners
Use APMinerTool to search for miners first, select the ones be modified in batches, and then click “Change Password”.
Enter the old password, then enter the new password twice, click “OK”.
Check Running Status, if “Modified Successfully” is shown, it means the modification is completed.
Series articles on troubleshooting for Antminer at EastShore:
- Troubleshooting in ANTMINER GENERAL MINING GUIDE: https://www.eastshore.xyz/tutorial-general-mining-guide-troubleshoot-for-antminer-models/
- Troubleshooting for Antminer – hashing board: https://www.eastshore.xyz/troubleshooting-for-antminer-hashing-board/
- Troubleshooting for Antminer – controller & fan: https://www.eastshore.xyz/troubleshooting-for-antminer-controller-fan/
- Troubleshooting for Antminer – Common External Problems: https://www.eastshore.xyz/troubleshooting-for-antminer-common-external-problems/
- Miner Virus Prevention and Solutions: https://www.eastshore.xyz/miner-virus-prevention-and-solutions/