There is probably a backdoor in the firmware. An attacker can change the custom root password (no, it's not root in my case, it's a complex one) or there is a manufacturer password. Stay behind your firewall and do not open any ports to the outside.
Furthermore, the current firmware file 2024032701_110811(Download at Canaan offical) https://www.canaan.io/tmp/file/heaternano3slaverk2102024032701110811-61ee.zip does not make any visible changes and worse, does not change the firmware version in the API or the web backend.
http://<yourIP>/get_home.cgi
API data can be accessed without a password. For example, the Wifi SSID, the mining address, firmware, temperature, pool and so on.
My pool address changed several times. Always directed to https://web.public-pool.io/#/ with changing receiving addresses, but with my own worker name (after the .)
Be careful.
However, one thing is quite funny: the hacker or bot relies on solo mining. Not a good source of income.
Furthermore, the current firmware file 2024032701_110811(Download at Canaan offical) https://www.canaan.io/tmp/file/heaternano3slaverk2102024032701110811-61ee.zip does not make any visible changes and worse, does not change the firmware version in the API or the web backend.
http://<yourIP>/get_home.cgi
API data can be accessed without a password. For example, the Wifi SSID, the mining address, firmware, temperature, pool and so on.
My pool address changed several times. Always directed to https://web.public-pool.io/#/ with changing receiving addresses, but with my own worker name (after the .)
Be careful.
However, one thing is quite funny: the hacker or bot relies on solo mining. Not a good source of income.
Same applies to the API http://<yourIP>/updatecglog.cgi. You don't need a password to call it. Password seems to be only needed on the main page.
The above API is the output of the LOG-page from the Avalon Nano UI.