Bitcoin Forum
November 16, 2024, 01:27:50 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Antminer S3 Being used to Access Websites  (Read 964 times)
mswells (OP)
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
June 12, 2015, 03:22:36 AM
 #1

I have an Antminer S3, hooked up to an AP which connects to my router wirelessly.
I am seeing someone access the Antminer IP, and can see various websites being accessed
in my Router Logfiles:
1434079256   192.168.1.215   cdn.adnxs.com
1434079254   192.168.1.215   net.e-viral.com
1434079252   192.168.1.215   ib.adnxs.com
1434079249   192.168.1.215   fra1.ib.adnxs.com
1434079249   192.168.1.215   c1.rfihub.net
1434079249   192.168.1.215   fra-134.fra-rtb1.rfihub.net
1434079248   192.168.1.215   trkx.adprudence.com
1434079245   192.168.1.215   ib.adnx
1434079242   192.168.1.215   pixel.rubiconproject.com
1434079241   192.168.1.215   pixel.jumptap.com
1434079241   192.168.1.215   apnx-match.dotomi.com
1434079241   192.168.1.215   adventori.com
1434079240   192.168.1.215   loadm.e
1434079240   192.168.1.215   pxl.connexity.net
1434079240   192.168.1.215   bh.contextweb.com
1434079240   192.168.1.215   rt.legolas-media.com
1434079240   192.168.1.215   d.turn.com
1434079240   192.168.1.215   pixel.tapad.com
1434079240   192.168.1.215   um.simpli.fi
1434079240   192.168.1.215   tags.bluekai

How do I stop this unauthorized access....even when everything has been password protected?
joesmoe2012
Hero Member
*****
Offline Offline

Activity: 882
Merit: 501


Ching-Chang;Ding-Dong


View Profile WWW
June 12, 2015, 03:35:02 AM
 #2

Probably should reset your antminer and then immediately set a strong root password instead of the default.


Check out BitcoinATMTalk - https://bitcoinatmtalk.com
pinhead666
Sr. Member
****
Offline Offline

Activity: 265
Merit: 250


View Profile
June 12, 2015, 03:58:54 AM
 #3

I think it's virus in your computer.Scan whole computer.Or router hacked if it has default psw.
notlist3d
Legendary
*
Offline Offline

Activity: 1456
Merit: 1000



View Profile
June 12, 2015, 05:52:30 AM
 #4

Make sure you do not have default name/password on router.  After that make sure your router has some sort of firewall up keeping the devices connected to it from being accessed from outside from the internet.  And finally change your S3 password just as a extra precaution.

With all of that it should keep it from being accessed on the internet.   Which should stop this issue.  The good news is with them using it to access websites and not change pool's it does not look like who ever did it knew what it was.  

If they really did a number on it and it keeps surfing websites then look into reloading the firmware.  But I think the above chances are will stop it without this step being needed.
alh
Legendary
*
Offline Offline

Activity: 1848
Merit: 1052


View Profile
June 12, 2015, 06:11:48 AM
 #5

I assume that your S3 is still mining using the pool that you want, with the credentials you want? The classic attack on a miner is to just point it at a different pool and let it coniynue to mine, for somebody other than the owner.
mswells (OP)
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
June 13, 2015, 12:04:26 AM
 #6

I changed the default password, and all is well now....but I am still confused how they were
using it to connect to websites with it.
notlist3d
Legendary
*
Offline Offline

Activity: 1456
Merit: 1000



View Profile
June 13, 2015, 02:12:41 AM
 #7

I changed the default password, and all is well now....but I am still confused how they were
using it to connect to websites with it.


On the S3's it has a beagle bone black as a controller board.  If you ssh into it then you have access to a lot of commands that would not be there via gui. Most likely someone was ssh'ed into it I would guess from reading.   But since they did not change pool's I have a feeling they did not know what they had access to.

But default passwords especially on routers are a bad idea in general.  Glad it stopped now.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!