We have recently received feedback from customers that their mining farms have been compromised by malicious attacks. Most of them observed that their mining pool worker names got tampered with and their miners were misused in other pools they didn’t sign up for, resulting in loss of profitability.
This happened because customers visited malicious websites and downloaded applications that could load themselves and infect the miners.
In view of this, we are introducing some tips to defend yourself against and remove (if you are unfortunately, affected by) such threats.
Three Ways to Prevent
- Do not visit any potentially suspicious, unsafe websites.
- Do not download or use any firmware that is not provided by Bitmain, especially firmware claiming to help overclock your S9 or T9 series miners.
Note: We would like emphasize that overclocking your miners or using any unauthorized firmware resulting miners malfunction will void your warranty immediately
- Change your password, and remember it. A strong password is always your first line of defense.
Three Steps to Handle and Eliminate
- Quarantine your network (I M P O R T A N T!)
If you have detected a threat, identify the infected PC or miners.
What is the behavior of an infected miner? You will see that your miner is actually mining for a hidden pool - a pool that you did not sign up for, or see your wallet hijacked and coins stolen, etc...
Check all your PC and miners and determine which PC or miners are infected by a virus. Then prevent the virus from spreading through network by quarantine the infected ones.
It is critical that you remove the compromised PC or miner from the network or add it to a "quarantine network." Otherwise, the virus will spread as it infects other computers on the network.
How to setup a quarantine network
- Split the miners into 3 zones: infectious zone, under-observation zone and unharmed zone.
- The main router do not need to specially routed to the other routers. Use the default settings
- Connect the main router to the WLAN port of the 1st Quarantine routers.
- Then connect the 1st Quarantine routers LAN port to the switches in 2nd Quarantine
- The IP can be obtained from the routers placed at 1st Quarantine
- Reset to factory settings
Please refer the page below to learn more about how to reset your infected miners to factory settings.
You can also use a SD card to reset your miner to factory setting and flush the miner with the latest firmware.
- Change your password!
The first thing you need to do after resetting your miner is to change the miner’s password to a strong and secure one.
How to change my password?
Go to your miner User Interface, click “System”, then “Administration”.
In case you are not aware, the default password for our new or reset miner is "root"
Once you see the status is “Updating Password”, it means your new password works like a charm. Also, please remember your password because you cannot reset or change your password if you do not remember it.
How to change password for multiple miners at once?
We understand you do not just own one miner, but perhaps tens or hundreds of it. If you would like to change the password of your miners in batch, you can use our APminerTool (V1.0.7)!
>>>> Download it here
The APminerTool is especially created by our Antpool team for our Antminers.
Search for the miners you would like to change, select all of them and choose “Change Password”.