gutsy_btc (OP)
Newbie
Offline
Activity: 11
Merit: 0
|
|
August 21, 2017, 12:10:44 PM |
|
Hi everyone,
I've an antminer S9 kidnapped, and there is some cron job that modifies the conf every X hours.
I tried to update firmware to Antminer-S9-all-201708151137-autofreq-user-Update2UBI-NF.tar.gz, but it shows the following error: "error 403 request entity too large". It already has this firmware, but I tried to update it using other browsers with the same result. lighthttpd.conf doesn't show any info. I also tried firmware Antminer-S9-all-201704270135-autofreq-user-Update2UBI-NF.tar.gz with the same result.
When updating with s9_fix_upgrade.tar.gz to recover the fs, it shows a cgi html error "This firmware is for S9 XILINK" (it doesn't show the html page properly, but txt), but nothing more.
May you help me?
Thanks in advance
|
|
|
|
|
|
|
|
Once a transaction has 6 confirmations, it is extremely unlikely that an attacker without at least 50% of the network's computation power would be able to reverse it.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
Elphamyto
Member
Offline
Activity: 117
Merit: 16
|
|
August 21, 2017, 04:40:24 PM |
|
Did you try doing all the reset and restore options (holding down reset button)? Can you load the S9 image onto an SD card and insert it?
|
|
|
|
gutsy_btc (OP)
Newbie
Offline
Activity: 11
Merit: 0
|
|
August 22, 2017, 07:55:20 AM |
|
Did you try doing all the reset and restore options (holding down reset button)? Can you load the S9 image onto an SD card and insert it?
This 13.0T model has the same chasis, but no sdcard reader. Does anyone know where to find the cron jobs? It seems to be some chroot proceses, isn't it? Every X hours, it changes the worker config.
|
|
|
|
gutsy_btc (OP)
Newbie
Offline
Activity: 11
Merit: 0
|
|
August 22, 2017, 11:36:28 AM |
|
I've been comparing 2 S9, a working one and the hacked one, you can see the log monitor in https://pastebin.com/74qBhhi1. It's weird that {m5} eth1 /root/m5, eating CPU and being repeated many times.... any ideas to solve this? Thanks!!
|
|
|
|
xxcsu
|
|
August 23, 2017, 05:33:33 AM |
|
Hi everyone,
I've an antminer S9 kidnapped, and there is some cron job that modifies the conf every X hours.
I tried to update firmware to Antminer-S9-all-201708151137-autofreq-user-Update2UBI-NF.tar.gz, but it shows the following error: "error 403 request entity too large". It already has this firmware, but I tried to update it using other browsers with the same result. lighthttpd.conf doesn't show any info. I also tried firmware Antminer-S9-all-201704270135-autofreq-user-Update2UBI-NF.tar.gz with the same result.
When updating with s9_fix_upgrade.tar.gz to recover the fs, it shows a cgi html error "This firmware is for S9 XILINK" (it doesn't show the html page properly, but txt), but nothing more.
May you help me?
Thanks in advance
I have the same problem with one of my s9 / 13TH/s model Miner Type Antminer S9 Hostname mi03 Model GNU/Linux Hardware Version 12.8.1.3 Kernel Version Linux 3.14.0-xilinx-gb190cb0-dirty #57 SMP PREEMPT Fri Dec 9 14:49:22 CST 2016 File System Version Tue Jan 24 22:42:36 EST 2017 BMminer Version 2.0.0 Uptime 1 Load Average 0.31, 0.22, 0.19
|
|
|
|
Elphamyto
Member
Offline
Activity: 117
Merit: 16
|
|
August 23, 2017, 07:38:22 AM |
|
Did you try doing all the reset and restore options (holding down reset button)? Can you load the S9 image onto an SD card and insert it?
This 13.0T model has the same chasis, but no sdcard reader. Does anyone know where to find the cron jobs? It seems to be some chroot proceses, isn't it? Every X hours, it changes the worker config. Did you hold the reset button for 5-10 seconds and wait for it to reset to factory settings? The cron tasks are in /var/spool/cron/root You do have something running multiple instances of a process named "M5" on eth1 interface. If the reset button method doesn't work, try to ssh into the device and look at this /root/m5 You can also try ssh'ing into it and editing /config/cgminer.conf with your pool configuration.
|
|
|
|
gutsy_btc (OP)
Newbie
Offline
Activity: 11
Merit: 0
|
|
August 23, 2017, 11:42:10 AM |
|
Did you hold the reset button for 5-10 seconds and wait for it to reset to factory settings? The cron tasks are in /var/spool/cron/root You do have something running multiple instances of a process named "M5" on eth1 interface. If the reset button method doesn't work, try to ssh into the device and look at this /root/m5 You can also try ssh'ing into it and editing /config/cgminer.conf with your pool configuration.
/config/bmminer.conf has this permissions: -r-------- 1 root root 482 Aug 11 17:10 bmminer.conf I cannot modify with chattr +i because it's not ext3/ext4. /root/M5 does not exist, not mounted directly neither in /etc/fstab nor mount command. Have to check /var/spool/cron/root, because crontab -l root didn't show anything... not now because I lost ip access, no red/green light flashes at all
|
|
|
|
MauiDave
Newbie
Offline
Activity: 14
Merit: 0
|
|
November 27, 2017, 03:44:45 PM |
|
Last night, I powered down my two S9's. When I powered back up, they were configured to point to a viabtc pool. When I tried to change them, I could no longer get it to stick. When I clicked on "Miner Status" it would stay on the Configuration page. Both machines. I tried re-installing the firmware, but neither machine would take it.
Now I"m stuck, leaving these powered down until I can get the firmwere/software reinstalled. Tried resetting, all that. Nothing helps.
Is there a way to reinstall the software or whatever they did to this?
I'll be happy to pay a fair price if someone can get me back up and running asap.
PM me if you can help.
Thanks.
|
|
|
|
tonnynguyen
|
|
December 06, 2017, 09:39:38 AM |
|
Miner Type Antminer S9 Hostname mi03 Model GNU/Linux Hardware Version 12.8.1.3 Kernel Version Linux 3.14.0-xilinx-gb190cb0-dirty #57 SMP PREEMPT Fri Dec 9 14:49:22 CST 2016 File System Version Tue Jan 24 22:42:36 EST 2017 BMminer Version 2.0.0 Uptime 1 Load Average 0.31, 0.22, 0.19
|
|
|
|
MauiDave
Newbie
Offline
Activity: 14
Merit: 0
|
|
December 06, 2017, 03:27:21 PM |
|
Great. Thank you for that. D
|
|
|
|
lrowland21093
Member
Offline
Activity: 85
Merit: 16
|
|
December 07, 2017, 04:28:20 AM |
|
I am not sure this will help but it does sound a lot like what is being described. A few weeks ago when I first turn back on an old S5, it got an IP address from my router that was assigned as the DMZ IP address. I did not realize this happened until sometime later. Basically that meant the S5 was exposed to the open internet. When I went to check the miner and pools I saw a entry on there for viabtc that I did not add! Rebooting and removing the pool would only stick for a little while before it was added again. To get it fixed I had to completely reset the device, take it off the DMZ (once I realized it was there) and reenter all the pools I wanted. It has been fine since then. My theory is that someone is running a bot that connects to open Antminers using SSH and the "Antbleed" API and setting their pools whenever they find a vulnerable miner (like mine was). My lesson is never expose you miner to the open Internet!
|
|
|
|
|