If you're using cgminer, start it with 2>cgminer.log to enable logging to a file. I did this and found the following line in the log after two of my rigs were highjacked:
[2014-03-23 11:34:15] Reconnect requested from pool 2 to 190.97.165.179:3333
If you've compiled your own cgminer source, you can disable the reconnect command. Open util.c and look for this around line 1668:
static bool parse_reconnect(struct pool *pool, json_t *val)
{
char *url, *port, address[256];
Right below the opening curly bracket enter:
static bool parse_reconnect(struct pool *pool, json_t *val)
{
return false;
char *url, *port, address[256];
Recompile cgminer and re-run it. It should now ignore any client.reconnect messages from stratum.
Note: I'm still testing this out. This is fly-by-the-seat-of-my-pants work right now, so I'm not sure of the possible implications on how this might affect legit client.reconnect messages, although PW says wafflepool doesn't use this feature.
I just did this, on linux (sorry guy above me, I can't send you the binaries). CGminer works ok. I only wander if it would be safer to do 'return true;' than 'return false;'.
The diffeence would be at auth_stratum method:
/* Parse all data in the queue and anything left should be auth */
while (42) {
sret = recv_line(pool);
if (!sret)
return ret;
if (parse_method(pool, sret))
free(sret);
else
break;
}
Returning false would make it break, and not read the next line with recv_line(pool), I don't know the code enough to guess if that means it would skip some valid stratum commands.
All in all I like your solution, gotta love opensource software, just because of situations like this.