EU-Stratum is now attempting to come back online in the EU region rather than a redirect to a US-based proxy.

Whitelisting does not work.  iptables does not work.  Once an attacker is already flooding your pipes, blocking them does not magically remove their traffic that is already hitting your switch.  Upstream filtering IS in place at BTC Guild, but this is hitting through Stratum ports.  There simply isn't any way to completely block the traffic, outside of having enough bandwidth to absorb it.  Then the problem becomes identifying good vs bad traffic.  BTC Guild regularly has 25,000-30,000 active stratum connections.  It's *extremely* hard to separate the good from the bad.

Yes, it's under attack.  Most users are able to connect and mine again, but there are some limitations being put on the proxy servers which prohibit some miners that run many machines/cgminer instances if trying to connect via the traditional stratum. or eu-stratum. DNS entries.

The servers in EU are still completely down (by IP).  The DNS for EU-Stratum is pointed to a US proxy currently, and it's working.  There's some extra filtering happening at the moment that may be impacting larger mining farms trying to access the pools via stratum/eu-stratum.btcguild.com where there are multiple stratum proxies or multiple machines connecting individually.

And this is the universe we're living in, where 170 GH/s is referred to as "measly".  When BTC Guild started that was nearly the entire network.

Attacks have resumed -.-

And don't forget how insignificant this will be towards affecting the next difficulty.  BTC Guild lost ~250 TH/s during the attacks.  The remaining ~160 TH/s were on the private servers that were online the entire time, and about 30-40 TH/s were able to stay connected during the attacks.

Of that 250 TH/s that was lost, close to 100 TH/s showed up on other pools (50BTC, Slush, and p2pool got the biggest bumps).

So in the end, only ~10% of network speed was lost (and the longer the attack goes, the less of a % that becomes as more people change pools if they didn't automatically) for about 12 hours.  That's ~5% of a difficulty adjustment timeframe, of which only 10% of network speed was lost.  VERY little affect on the next difficulty in the long run, and the longer the attack goes the less bang for the buck if the goal is slowing the difficulty climb.

The pool servers seem to have stabilized over the last 45 minutes.  Can't be sure the attacks have stopped, but at least they seem to have done so for now.

Because we had bad luck at the same time as the DDoS.  Normally losing pool speed wouldn't affect 24h earnings much, because you get a bigger share of each block.  But at lower pool speeds, bad luck takes longer to power through.  As a result of bad luck DURING the attack, we had 12 hours where luck was just plain awful instead of 3 or 4 hours of bad luck.

Things are starting to come back online after 12 hours of fighting with DNS and proxies.  Luck has been terrible all night (not just from DDoS, just bad luck in general), which isn't helped by the pool speed dropping 50% during the attacks.


No demands, no gloating, nobody even taking credit.

I've been doing that all night.

Note to users with relatively high speeds (250 GH/s+) historically:  You can PM me for information regarding the private server access.

Many users have been given access to private servers over the last year, which is why the pool is still running at 150-180 TH/s.  If you've ever contacted me for that IP and forgotten to use it, or updated miners and forgot to use the private credentials, now would be a good time to do so!

Still under constant attack.  Not a whole lot else to say at this point.  Attempts to push new servers out as proxies are met with those servers immediately getting hit.

http://www.youtube.com/watch?v=t6ZarKIKpSA  - That's where I got the audio.

Difficulty 2 was the default for workers for quite a while now.  I did finally drop Difficulty 1 entirely earlier this week as an option, but the pool servers still cached the default difficulty of 1 for most workers that had already been set to diff1.  When the servers were restarted, the cache was refreshed and all diff1 workers were updated to diff2.

I've mentioned it in the past.  When a server misses it's heartbeat check 5 times in a row, or the users drops well below a reasonable number, my phone tells me.  It tells me by playing a terrible techno remix of Steve Balmer screaming "DEVELOPERS, DEVELOPERS, DEVELOPERS, DEVELOPERS!"  This continues for 30 seconds.  It will then stop for 30 seconds.  If the heartbeat is missed again, it plays it again.  This repeats until the problem is fixed.

Naw, if it was government you'd just be redirected to fbi/nsa/homeland security.  This was just a very big attack that *appears* to have targetted many Bitcoin sites & services.  However, it's tough to say since all of Cloudflare was down for a while there.

Secondary private DNS has been updated (couldn't update it because Cloudflare went down).

I'm actually wondering what the target is.  BTC Guild's mining servers were targetted.  So was the website.  Cloudflare is used for BTC Guild's website.  But I doubt one website getting attacked would take their whole system down, so the attack may be targetting large sections of Bitcoin related sites.  I doubt it's a coincidence that Cloudflare went down just as BTC Guild's pool servers started coming back online (loading many proxy servers to keep mining going).

Website is down, but mining is back up for most users.