update firmware Antminer S9 && hacked bgminer.conf

lrowland21093

member

Activity: 85

Merit: 16

I am not sure this will help but it does sound a lot like what is being described.
A few weeks ago when I first turn back on an old S5, it got an IP address from my router that was assigned as the DMZ IP address. I did not realize this happened until sometime later.
Basically that meant the S5 was exposed to the open internet. When I went to check the miner and pools I saw a entry on there for viabtc that I did not add!
Rebooting and removing the pool would only stick for a little while before it was added again.

To get it fixed I had to completely reset the device, take it off the DMZ (once I realized it was there) and reenter all the pools I wanted.
It has been fine since then.

My theory is that someone is running a bot that connects to open Antminers using SSH and the "Antbleed" API and setting their pools whenever they find a vulnerable miner (like mine was).

My lesson is never expose you miner to the open Internet!

MauiDave

newbie

Activity: 14

Merit: 0

Great. Thank you for that. D

tonnynguyen

hero member

Activity: 658

Merit: 500

Miner Type Antminer S9
Hostname mi03
Model GNU/Linux
Hardware Version 12.8.1.3
Kernel Version Linux 3.14.0-xilinx-gb190cb0-dirty #57 SMP PREEMPT Fri Dec 9 14:49:22 CST 2016
File System Version Tue Jan 24 22:42:36 EST 2017
BMminer Version 2.0.0
Uptime 1
Load Average 0.31, 0.22, 0.19

MauiDave

newbie

Activity: 14

Merit: 0

Last night, I powered down my two S9's. When I powered back up, they were configured to point to a viabtc pool. When I tried to change them, I could no longer get it to stick. When I clicked on "Miner Status" it would stay on the Configuration page. Both machines. I tried re-installing the firmware, but neither machine would take it.

Now I"m stuck, leaving these powered down until I can get the firmwere/software reinstalled. Tried resetting, all that. Nothing helps.

Is there a way to reinstall the software or whatever they did to this?

I'll be happy to pay a fair price if someone can get me back up and running asap.

PM me if you can help.

Thanks.

gutsy_btc

newbie

Activity: 11

Merit: 0

Quote from: Elphamyto on August 23, 2017, 02:38:22 AM

Did you hold the reset button for 5-10 seconds and wait for it to reset to factory settings?
The cron tasks are in /var/spool/cron/root
You do have something running multiple instances of a process named "M5" on eth1 interface. If the reset button method doesn't work, try to ssh into the device and look at this /root/m5
You can also try ssh'ing into it and editing /config/cgminer.conf with your pool configuration.

/config/bmminer.conf has this permissions:

-r-------- 1 root root 482 Aug 11 17:10 bmminer.conf

I cannot modify with chattr +i because it's not ext3/ext4.

/root/M5 does not exist, not mounted directly neither in /etc/fstab nor mount command.

Have to check /var/spool/cron/root, because crontab -l root didn't show anything... not now because I lost ip access, no red/green light flashes at all Huh

Elphamyto

member

Activity: 117

Merit: 16

Quote from: gutsy_btc on August 22, 2017, 02:55:20 AM

Quote from: Elphamyto on August 21, 2017, 11:40:24 AM

Did you try doing all the reset and restore options (holding down reset button)? Can you load the S9 image onto an SD card and insert it?

This 13.0T model has the same chasis, but no sdcard reader. Does anyone know where to find the cron jobs? It seems to be some chroot proceses, isn't it? Every X hours, it changes the worker config.

Huh

Did you hold the reset button for 5-10 seconds and wait for it to reset to factory settings?
The cron tasks are in /var/spool/cron/root
You do have something running multiple instances of a process named "M5" on eth1 interface. If the reset button method doesn't work, try to ssh into the device and look at this /root/m5
You can also try ssh'ing into it and editing /config/cgminer.conf with your pool configuration.

xxcsu

hero member

Activity: 1498

Merit: 597

Quote from: gutsy_btc on August 21, 2017, 07:10:44 AM

Hi everyone,

I've an antminer S9 kidnapped, and there is some cron job that modifies the conf every X hours.

I tried to update firmware to Antminer-S9-all-201708151137-autofreq-user-Update2UBI-NF.tar.gz, but it shows the following error: "error 403 request entity too large". It already has this firmware, but I tried to update it using other browsers with the same result. lighthttpd.conf doesn't show any info. I also tried firmware Antminer-S9-all-201704270135-autofreq-user-Update2UBI-NF.tar.gz with the same result.

When updating with s9_fix_upgrade.tar.gz to recover the fs, it shows a cgi html error "This firmware is for S9 XILINK" (it doesn't show the html page properly, but txt), but nothing more.

May you help me?

Thanks in advance

I have the same problem with one of my s9 / 13TH/s model

Miner Type   Antminer S9
Hostname   mi03
Model   GNU/Linux
Hardware Version   12.8.1.3
Kernel Version   Linux 3.14.0-xilinx-gb190cb0-dirty #57 SMP PREEMPT Fri Dec 9 14:49:22 CST 2016
File System Version   Tue Jan 24 22:42:36 EST 2017
BMminer Version   2.0.0
Uptime   1
Load Average   0.31, 0.22, 0.19

gutsy_btc

newbie

Activity: 11

Merit: 0

I've been comparing 2 S9, a working one and the hacked one, you can see the log monitor in https://pastebin.com/74qBhhi1.

It's weird that {m5} eth1 /root/m5, eating CPU and being repeated many times....

any ideas to solve this?

Thanks!!

gutsy_btc

newbie

Activity: 11

Merit: 0

Quote from: Elphamyto on August 21, 2017, 11:40:24 AM

Did you try doing all the reset and restore options (holding down reset button)? Can you load the S9 image onto an SD card and insert it?

This 13.0T model has the same chasis, but no sdcard reader. Does anyone know where to find the cron jobs? It seems to be some chroot proceses, isn't it? Every X hours, it changes the worker config.

Huh

Elphamyto

member

Activity: 117

Merit: 16

Did you try doing all the reset and restore options (holding down reset button)? Can you load the S9 image onto an SD card and insert it?

gutsy_btc

newbie

Activity: 11

Merit: 0

Hi everyone,

I've an antminer S9 kidnapped, and there is some cron job that modifies the conf every X hours.

I tried to update firmware to Antminer-S9-all-201708151137-autofreq-user-Update2UBI-NF.tar.gz, but it shows the following error: "error 403 request entity too large". It already has this firmware, but I tried to update it using other browsers with the same result. lighthttpd.conf doesn't show any info. I also tried firmware Antminer-S9-all-201704270135-autofreq-user-Update2UBI-NF.tar.gz with the same result.

When updating with s9_fix_upgrade.tar.gz to recover the fs, it shows a cgi html error "This firmware is for S9 XILINK" (it doesn't show the html page properly, but txt), but nothing more.

May you help me?

Thanks in advance

Topic: update firmware Antminer S9 && hacked bgminer.conf (Read 2012 times)