Author

Topic: Antminer S3 Being used to Access Websites (Read 965 times)

legendary
Activity: 1456
Merit: 1000
June 12, 2015, 09:12:41 PM
#7
I changed the default password, and all is well now....but I am still confused how they were
using it to connect to websites with it.


On the S3's it has a beagle bone black as a controller board.  If you ssh into it then you have access to a lot of commands that would not be there via gui. Most likely someone was ssh'ed into it I would guess from reading.   But since they did not change pool's I have a feeling they did not know what they had access to.

But default passwords especially on routers are a bad idea in general.  Glad it stopped now.
newbie
Activity: 42
Merit: 0
I changed the default password, and all is well now....but I am still confused how they were
using it to connect to websites with it.
alh
legendary
Activity: 1846
Merit: 1052
I assume that your S3 is still mining using the pool that you want, with the credentials you want? The classic attack on a miner is to just point it at a different pool and let it coniynue to mine, for somebody other than the owner.
legendary
Activity: 1456
Merit: 1000
Make sure you do not have default name/password on router.  After that make sure your router has some sort of firewall up keeping the devices connected to it from being accessed from outside from the internet.  And finally change your S3 password just as a extra precaution.

With all of that it should keep it from being accessed on the internet.   Which should stop this issue.  The good news is with them using it to access websites and not change pool's it does not look like who ever did it knew what it was.  

If they really did a number on it and it keeps surfing websites then look into reloading the firmware.  But I think the above chances are will stop it without this step being needed.
sr. member
Activity: 265
Merit: 250
I think it's virus in your computer.Scan whole computer.Or router hacked if it has default psw.
hero member
Activity: 882
Merit: 501
Ching-Chang;Ding-Dong
Probably should reset your antminer and then immediately set a strong root password instead of the default.

newbie
Activity: 42
Merit: 0
I have an Antminer S3, hooked up to an AP which connects to my router wirelessly.
I am seeing someone access the Antminer IP, and can see various websites being accessed
in my Router Logfiles:
1434079256   192.168.1.215   cdn.adnxs.com
1434079254   192.168.1.215   net.e-viral.com
1434079252   192.168.1.215   ib.adnxs.com
1434079249   192.168.1.215   fra1.ib.adnxs.com
1434079249   192.168.1.215   c1.rfihub.net
1434079249   192.168.1.215   fra-134.fra-rtb1.rfihub.net
1434079248   192.168.1.215   trkx.adprudence.com
1434079245   192.168.1.215   ib.adnx
1434079242   192.168.1.215   pixel.rubiconproject.com
1434079241   192.168.1.215   pixel.jumptap.com
1434079241   192.168.1.215   apnx-match.dotomi.com
1434079241   192.168.1.215   adventori.com
1434079240   192.168.1.215   loadm.e
1434079240   192.168.1.215   pxl.connexity.net
1434079240   192.168.1.215   bh.contextweb.com
1434079240   192.168.1.215   rt.legolas-media.com
1434079240   192.168.1.215   d.turn.com
1434079240   192.168.1.215   pixel.tapad.com
1434079240   192.168.1.215   um.simpli.fi
1434079240   192.168.1.215   tags.bluekai

How do I stop this unauthorized access....even when everything has been password protected?
Jump to: