Prevention and treatment of Antminer poisoning

Recently, some customers have reported that some mining farms have been hacked, mining pool miners have been tampered with, computing power has been stolen, etc. After investigation and analysis, most of the causes are caused by customers visiting irregular websites and downloading third-party firmware or overclocking firmware. In addition, if you are using a second-hand machine or it has been repaired at an unofficial repair point, you should also be alert to the possibility of poisoning.

1. Symptoms of poisoning

1. Mining pool miners have been tampered with

2. The firmware cannot be upgraded in the background

After clicking upgrade, a 120-second countdown prompt will appear immediately, as shown below.

The mining machine that can be upgraded normally will have an upload percentage prompt in the lower left corner (only Google Chrome supports display), as shown in the figure below.

3. The backend password will be tampered with into an unknown password, making it impossible to enter the backend.

4. When the hardware and network are normal, a large number of mining machines suddenly have 0 computing power and the background firmware cannot be upgraded.

2. Prevention measures

The following prevention and treatment methods are given for this problem:

1. Do not use third-party firmware.

Note: Any damage to the machine caused by overclocking or the use of third-party firmware will be charged out of warranty by after-sales service.

2. Be sure to change the mining machine login password in time.

3. If you purchase a second-hand machine or repair it at an unofficial repair station, you need to refresh the firmware and change the mining machine login password before use.

4. Download the official security firmware to prevent viruses.

3. Treatment methods

1. Network Isolation (Important)

Check all computers and machines in the network to ensure that the computers are not infected with viruses, and isolate the infected machines from other machines. Since the virus has mutated many times recently, we hope that everyone can complete the following 2 and 3 configurations as soon as possible to prevent the virus from upgrading again.

1. Use secondary routing to isolate. The specific method is as follows:

1) It is divided into three areas: infected machine, recovery observation and normal machine area.

2) The router does not need to add any routes pointing to other routers, that is, use the default settings.

3) The main line from the primary router is connected to the WLAN port of the secondary router.

4) The switch is connected to the LAN port of the secondary router.

5) The IP addresses of mining machines are all obtained on the secondary router.

2. Perform subnet isolation at the network aggregation layer to prohibit communication between internal subnets.

3. On the export equipment, block FTP, HTTP and HTTPS protocols for the network segment corresponding to the mining machine to prevent automatic updates of virus variants.

(II) Restore factory settings

All machines need to use SD card to restore the firmware

1. A3, D3, L3, L3+ and X3 series mining machines
SD card recovery tutorial: https://support.bitmain.com/hc/zh-cn/articles/115000216034
2. S9 series (S9j, S9i), T9 and T9+ mining machines
SD card recovery tutorial: https://support.bitmain.com/hc/zh-cn/articles/360019493654
3. Z9, Z9mini and V9 mining machine SD card recovery tutorial: https://support.bitmain.com/hc/zh-cn/articles/360006020914

(III) Modify the mining machine login password (important)

After restoring the factory settings, be sure to change the miner login password as soon as possible. It is recommended to set the password as complex as possible. The method to change the password is as follows:

1. How to modify the password of a single mining machine

1) Enter the mining machine backend, click "System" -> click "Administration", -> first enter the old password in the "Current Password" box, then enter the new password twice in the "New Password" and "Confirmation" boxes -> click "Save&Apply" to save.

2) If the modification is successful, the message “Updating Password” will be displayed.

2. Method for batch modifying passwords of multiple mining machines

1) Use the Antminer software (APMinerTool V1.0.7) to search for the mining machine, select the mining machine to be batch modified, and then click "Change Password".

2) Enter the old password, enter the new password twice, and click "OK".

3) Check the running status. If it displays "Modification successful", the modification is completed.