Bitcoin Forum

Hi,

Long story short:
I exposed an L3+ and D3 to the internet (got public IPs, instead of being behind FW).

I had not changed default ssh or web gui login, and Im pretty sure someone found the miners while crawling the web and somehow locked me out from accessing it, or bricked it.

If I try to access web gui I get "ERR_CONNECTION_REFUSED"
Default SSH login is also changed, cant access with root/miner.

It seems to be mining when powered on, so somebody is probably getting free shares! :P

I've tried reset to factory settings without luck. Anyway to fix this, or do I need to buy new controller boards?

Cheers,
Tore

The attack you were the victim of is described in detail here

https://medium.com/@s3yfullah/hacking-cryptocurrency-miners-with-osint-techniques-677bbb3e0157

TL;DR: Exposing your mining rigs to the internet without first changing user/pass is asking to be robbed.

It is really easy to find machine like yours on IoT search engines such as Shodan. Beware!

Ty for link! Im familiar with shodan, so I figured it had to be something like that!
My mining locations are usually behind a fortigate or ubiquiti usg, so I've never really bothered with changing the logins! ^^

This happend when I got a new uplink, and my gf bypassed the USG when switching :D

I think its strange that factory reset wont change the pw back to the original one, but they have probably changed the default config as well I guess!

The only fix is to buy a new controller then? I will probably just scrap them and use the fan's as reserve parts if there arent any easy fixes! :)