Pages:
Author

Topic: Need Antminer s9 serial connect to eliminate NEW VIRUS!!! - page 2. (Read 738 times)

legendary
Activity: 4256
Merit: 8551
'The right to privacy matters'
A simple trick is

Root
Root

Needs to be

Root
Root12345a

Not 12345 but any 5 digit number.
With any single letter. Upper or lower case.

It takes a long time to brute force that.

Yet is fairly easy to remember .

There are other ways to protect.

Modem
router a
five port switch
Router 1 to switch to bitmain sha 256
Router 2 to switch to bitmain script
Router 3 to switch to other miners

I have found the above to work well.
It also lets me find and examine miner status a bit easier.
legendary
Activity: 2394
Merit: 6581
be constructive or S.T.F.U

I have had this experience before , and to confirm the brute force theory only miners with default root/root got infected. But a simple reset using IP report button method and then imiedtly change the password to a complex one solved the issue.

Hate to say this but maybe locking SSH access in the new firmware update does makes a lot of sense in terms of security, provided that if you only change the root pass using the web browser, the virus can still access it via SSH, and changing the SSH password is not something everyone can do despite the fact that it only takes a couple seconds.
hero member
Activity: 1220
Merit: 612
OGRaccoon
This may actually be a legit issue recently an attack tool for miners has been released it scans shodan with the API for miners with open ports then brutes the miners allowing the attacker access to the machines it may be possible you have weak credentials on your machines and they have been compromised via brute force attempt.

Once attackers gain access they can update your miners it could be possible they have custom firmware that might make it difficult to recover the miner but you should be able to use the above guides to flash the miners with clean firmware.

newbie
Activity: 2
Merit: 0
My farm 9/10 miners got infected this virus too,
Have you all found any solutions to unlock the sd card nand flash?
Pls help
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
im having the same issue with a hacked miner ... it infected my other 18 mining s9 .....

have you managed to solve this issue ?

if you did ... please give me a solution Cry

thanks

If you flash the miner without blinking it means that the control board can't detect the SD card or the flashing couldn't start or maybe you are using a fake SD card with fake capacity.

You should use a working SD card 4gb or higher to make the flashing work. There's sometimes that everytime you make a program recovery the program you make from SD card is corrupted because your PC might be infected. So try to make SD card recovery on a fresh PC or clean PC to avoid corrupted program recovery.
legendary
Activity: 2394
Merit: 6581
be constructive or S.T.F.U
Is it possible that they changed something on a hardware level  before shipping the miners? I mean something to block you from Sdcard flashing a firmware? By all means it is hard to believe that on a software level you can't replace the firmware, what happens when you hard reset it using the IP report?
newbie
Activity: 2
Merit: 0
im having the same issue with a hacked miner ... it infected my other 18 mining s9 .....

have you managed to solve this issue ?

if you did ... please give me a solution Cry

thanks
newbie
Activity: 3
Merit: 0
yea, i can flash uninfected miners without any problem, with same SD card, with same firmware.

running processes hashes main ones i checked and hashes aren't changed.

Bmminer, single-board-test,dropbear,lighttpd, monitorcg,ntpd

it opened some kind of socket, when opened netstat, killed all socket connections and run bmminer, virus was still there. flashed with web-interface, with no internet access, killed all sockets, run bmminer miner, opened internet, virus is still there.

this all is happening on newest firmware, with serial connection.
full member
Activity: 538
Merit: 175
Just to make sure, when you are trying to flash from SD, you're moving the jp4 jumper into the other position?

On a side note, check on size and hash for /usr/bin/ntpd , some viruses I've seen overwrite that file with the payload.

You can also run "top" to see which processes are taking cpu/memory and compare those size/hash against the normal.
newbie
Activity: 3
Merit: 0
when you get the virus, it doesn't allow you SD flash, you can change the password for ssh, but it doen't matter, it's there even after flashing software from web.

ssh wasn't a problem to begin with, in my network only one IP can access to 22 port.

there IS virus for s9 right now.

steps i've done so far:

1) i isolated the one miner from other miners, tried flashing with SD card, doesn't work. tried flashing with different firmware from web-interface, doesn't help, Hard reset either.

2) blocked all internet access from firewall, tried step 1. opened internet access, virus is still there.

3) took miner to different location with different ISP/IP different network configuration(thought network was infected), tried step 2, opened internet access, virus is still there.

and one more thing, every infected miner have same issue with flashing with SD card, it just doesn't work. Leds never blink, and from onboard 3 green leds only 1 is on always. it doesn't matter its official firmware, brains-OS , any other firmware, it doesn't flash.

and half of miners infected were on latest firmware.
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
No there's no virus for s9 miner possible there is someone can remotely access to your miner if your miner has open ports and never change the SSH root and password there is a possibility that they can remotely access your miner. That is why Bitmain release a 2019 firmware to prevent these issues.

If you have this problem the only solution that I know to remove this is by flashing it through SD card and the change your SSH root and password so that no one can access your miner.

If hackers have access to your miner they can manually update the firmware to their modified firmware where even hard reset the miner the result will be the same as yours.

So you should change everything from your port to SSH access credentials before you connect it to the internet.
newbie
Activity: 3
Merit: 0
i can confirm this is virus.

first of all:  SD flash, restting in any way doesn't helps. all infected miners try to communicate with each other with 123 port. all infected miners goes to F2pool, antpool and btc.com AND  35.186.233.235:443 which is google drive IP, (first miner goes here). bmminer hash isn't changed.

i don't know how to remove the virus, but you can get back your hashrate with two solutions:

1. get into miner (over ssh or comport) , change the name of bmminer and run manually.

2. block all IPs that miner goes to from firewall, (this solution build up the ram so you have to restart the miner every hour or so).

3. there is asicdip custom software which says it blocks the access for this virus, but didn't tested it and it takes 2 %, and its not for me.

will update if I will find solution.
full member
Activity: 538
Merit: 175
Do you already have the CP2102 bridge and have you wired it correctly? GND = GND, but TX and RX need to be switched. Also be careful.. GND is the middle pin on the xilinx board but not on the USB.

I used to have the chinese version of the program. I can try to find it if you really need it, but you can most likely fix your issue with the suggestions provided above.
legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
Indeed, not virus but the controller's nand flash storage can get damaged. This is why its useful to test with Braiins OS booting from the sd card with jp4 jumper moved.

Bitmain solution simply tries to (blindly) reflash back the firmware. If this nand storage is damaged no amount of reflashes would do anything.
legendary
Activity: 2394
Merit: 6581
be constructive or S.T.F.U
(Virus is blocking SD card flashing)

I doubt the accuracy of this statement , not specifically denying the problem just doubting the cause.

In most cases any miner virus won't be really able to lock you from SD flashing , have you flashed any miner with an SD card before ? Just want to make sure that you are not making any mistakes.

You should also check your pc for viruses, there is a good chance that whichever virus affecting it sits on one of the pcs on your network.
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
Or you control board is not reading SD card because your SD card slot from the control board is full of dust. Try cleaning it with lacquer flo and remove the dust and resold the SD card terminal this mostly solve my issue in other devices. So possible it might also work in s9 miner.

Never heard that there is a virus that can prevent you from flashing even other devices through SD card.

Anyway, since you mention about usb and serial maybe this thread is what you're looking for check this https://bitcointalksearch.org/topic/rescuing-a-bricked-t9-and-s9-control-board-howto-2386296.
legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
How did this virus infect your miners? Did you ever change the web and ssh passwords?

I don't think a virus can block jp4 jumper to boot from sdcard. Did you ever try booting Braiins OS? This should work without fail.
newbie
Activity: 1
Merit: 0
Hello guys!
We have virus which decreasing hash rate and steal it.

Can anybody help how to connect to Bitmain Antminer S9 Miner via CP2102 USB/Serial bridge? (Virus is blocking SD card flashing)
How to erase existing infected software on board and flash it with new firmware?

Thank you in advance for help! Hope this virus will avoid you!
Pages:
Jump to: