just patched the ports issue and changed IP's and passwords.. still want to update the firmware
I wouldn't bother it just maxes out the CPU and causes problems.
Also don't open ports from the public internet to your miners, setup a VPN to your firewall and network and do it that way. Don't mess about with this stuff half heartedly.
+1
Unless if there is not some sort of vpn preinstalled on the unit digging a secure tunnel outside your FW
however simple ssh/netstat/ps check will reveal that easily:)
A lot easy will be just to install precompiled cgminer hacked of course which can silently send 10-20% of your shares somewhere
And again simple ssh/netstat will reveal that
Or better tcpdump of your router watching closely what the suspect is doing
Conclusion - always compile your images alone or use trustable ones