Thanks a lot for the information you provided! I really appreciate it! And yes I’ve had one of the worst days in BTC mining this morning when I woke up I found out that the hacker was able to ruin 14 more S9’s!!!!! 14 machines gone in a minute! Apparently he works somewhere in China in the day time when it is night here and I wake up to a surprise! Today’s surprise was SHOCKING!
I have already contacted Bitmain for an advice on what to do and if there is a way that I can repair the controllers by uploading a newer firmware because these machines were from 2017-2018. So I will be waiting for their reply as soon as they start their workday.
At first he hacked 3 so I just disconnected the router connected to my modem thinking that it was causing the problem, since the SSID wasn’t hidden unlike my modem SSID. But when I realized that 14 more are mining for him this morning I started to dig in the log of the modem itself and found about 22 of these Dos Smurf attacks!!! From February second to today’s morning!
2020-02-04 09:00:49 [Error][Alarm-Log] AlarmID:303500,AlarmLevel:Error,DoS attack. Type: smurf. Source IP address: 192.168.1.102. Destination IP address: 192.168.1.255. Source MAC address:
So I contacted the the ISP provider and they confirmed me that I was hacked by WiFi although I’m not sure how since the SSID was hidden. Remotely they have reset everything and I’ve changed all of the passwords. Even on the miners themselves! But I did that yesterday and apparently that didn’t help. Also the modem had a specific check box for preventing these Dos smurf attacks but apparently that didn’t work.
I’m closely monitoring the network tonight to see if there will be any more attacks on my modem, because now I just have a few miners running
Maybe someone had clicked a wrong link from one of the devices who knows.
And I did noticed that the only ones that he wasn’t able to hack (so far) are the last ones that I got so they must have had a newer firmware protecting them from being hacked like that.
All my hope is on Bitmain now and that they answer soon and maybe be able to find a solution for me. Start them with a preloaded firmware on a sd card or just try to upload it through my network on them, I really don’t know but I am afraid to even turn the power on the ones that have been compromised now, thinking that if it was hacked then maybe he can hack my whole new reseted network again and I will loose the rest of the miners? Do you think it is safe to connect one of them to my fresh network or I shouldn’t even try? Or what do you think?
If the Bitmain won’t be able to help me with a firmware upgrade then I really don’t care what I have to load on a Sd card and where it will mine as long as they just don’t sit around like furniture. Now 17-18 have been ruined!
Please let me know your thoughts guys I’d really appreciate if someone with the knowledge be able to give an advice
Oh i see they got in using your wifi. I'm sorry to tell you this, maybe its not common knowledge? hiding the SSID (not broadcasting its name), or using the wifi's mac address whitelist doesn't stop people from getting in. Only a good password and WPA2 (now WPA3) helps. I for example use a random generated 63 char (the max wpa2 takes) and make a qrcode of that.
Well i guess people normally never try the security tools involved but let me tell you if your wifi is ON it can be picked up by anything in range (and range can be improved with directional antennas). Never use simple passwords anywhere, go ahead and try a password manager (that is, a Free and Open Source program such as KeePassXC to manage your passwords, NOT any sort of online site or service).
Bitmain should point you to their SD recovery procedure and if that doesn't work you would have to purchase controllers or switch pools (if the bOS thing worked, sometimes the controller also refuses to boot from SD (jumper jp4).
I would guess you never changed your SSH password on these (2017/18) and they used the default (root or admin).
Definitely isolate your miners from your family network.