Miner Virus Prevention and Solutions

4 Comments 140 Views0


Miner Virus Prevention and Solutions IMG 10

Some customers complained recently that their mining farms were hacked, the workers in the pools were tampered and the hashrate was stolen. According to our investigation and analysis, most of the cases were caused by customers accessing irregular websites, downloading third-party firmware or overclocking firmware. In addition, if the miner was second-handed or repaired at unauthorized service station, it will be most possibly attacked by virus.

 

Symptoms of Virus Infection

  • Workers in pools are tampered

Miner Virus Prevention and Solutions IMG 07

  • Firmware cannot be upgraded: When click on Upgrade, 120-second countdown will be displayed immediately, shown as below:

Miner Virus Prevention and Solutions IMG 08

The percentage of uploading will be prompted at the lower left corner of the browser if it can be upgraded normally (only Google Chrome supported), shown as below.

Miner Virus Prevention and Solutions IMG 09

  • Password on mining configuration page will be tampered to an unknown one so that the page cannot be accessed.
  • In the case of normal hardware and network, many miners suddenly suffer from zero hashrate and failure of firmware upgrading.

 

Preventive Measures

  1. To solve aforesaid problems, the following preventive measures and solutions are recommended:
  2. Do not visit unidentified or unauthorized websites.
  3. Do not download or use third-party firmware (especially S9, T9+ overclocking firmware), please visit the official website to download firmware.
  4. Be sure to modify the miner login password in time.
  5. In the case of second-handed machine or repairment at unauthorized service station, please flash the firmware and modify the login password before use.

 

Solutions

(I). Network Isolation (Important)

Check all computers and miners in the network to ensure that they are free from virus infection. Isolate the infected machines from other machines in the network.

  1. Secondary routing for isolation, shown as follows:
    • Divide into three zones: virus-infected machines, recovered for observation, normal machines.
    • No need to add any routing pointing at other routers, that is, use the default settings.
    • Main cable out of primary router is connected to WLAN port of secondary router.
    • The switch is connected to LAN port of secondary router.
    • The miner IP address is obtained on secondary router.
  2. Conduct subnet isolation at network convergence layer to prevent mutual communication in internal subnets.
  3. In output devices, block the FTP, HTTP and HTTPS protocols on the network segment in corresponding miners to prevent virus variants from being automatically updated.

Miner Virus Prevention and Solutions IMG 01

(II). Resume Default Settings

Use SD card to resume firmware in all machines. Tutorial of resuming firmware with SD card: How to re-image Beaglebone board for an Antminer S5

The image file of Antminer could be downloaded on the Bitmain official site.

(III). Modify Miner Login Password (Important)

After resuming the default settings, be sure to modify miner login password as soon as possible. The password should be set as complicated as possible. The steps of modifying password are as follows:

Modify Password in Single Miner

  • Enter the configuration page, click “System -> Administration”, enter the old password in “Current Password” first, then enter the new password twice in the “New Password” and “Confirmation”. Click “Save&Apply” to save the new password.

Miner Virus Prevention and Solutions IMG 02

  • After successful modification, “Updating Password” will prompt.

Miner Virus Prevention and Solutions IMG 03

Batch Password Modification in Multiple Miners

Use APMinerTool to search for miners first, select the ones be modified in batches, and then click “Change Password”.

Miner Virus Prevention and Solutions IMG 04

Enter the old password, then enter the new password twice, click “OK”.

Miner Virus Prevention and Solutions IMG 05

Check Running Status, if “Modified Successfully” is shown, it means the modification is completed.

Miner Virus Prevention and Solutions IMG 06

 

Appendix 1

Series articles on troubleshooting for Antminer at EastShore:

 

Appendix

Series articles on crypto miner maintenance: