Bitcoin Forum
November 04, 2024, 01:56:28 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 [85] 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 ... 1154 »
  Print  
Author Topic: [4+ EH] Slush Pool (slushpool.com); Overt AsicBoost; World First Mining Pool  (Read 4382590 times)
xenon481
Sr. Member
****
Offline Offline

Activity: 406
Merit: 250



View Profile
April 18, 2011, 06:50:05 PM
 #1681


A bit more relaxed? Huh
How about a TON more relaxed!   Wink
Personally, I rely on slush's great work and the feedback I get there.
Seeing my miner(s) churning away early this AM when I left the house is little consolation throughout the day...!
I'll be very happy (as I'm sure slush and we all will be) when the site id back up.

I sure hope the fargin bastiches (*) that did this are caught! (anybody else see 'Johnny Dangerously' - LOL).

Thanks to slush, all the best to all of us, and have a good day, in spite of it all!
-digdug

I missed something.  Where did anybody say that somebody "did something" to cause the site outage?  Yesterday, slush indicated it was because bitcoind hung up (seems like that code needs some refinement I suspect). 

Slush's website is being actively hit with a Denial of Service attack that is/was taking 40Mbps of bandwidth.

Tips Appreciated: 171TQ2wJg7bxj2q68VNibU75YZB22b7ZDr
colossus
Full Member
***
Offline Offline

Activity: 121
Merit: 100

Obey me and live or disobey and die.


View Profile
April 18, 2011, 06:55:48 PM
 #1682

Including real time stats like last submit time?

If they are in a database... yes.  memcached is fantastic for stats.  It even has special protocol command such as 'incr' that might be used.

Many large mysql installations wind up using memcached as the primary for all read operations.



Excellent but why don't you also split your site into to 2 parts, use varnish to cache the mundane stuff for a much longer period and set the more realtime stuff to have a shorter ttl, although i'm a bit of an f5'er myself i'd be willing to wait a defined period for my status to be updated.

I've seen varnish work wonders with very high traffic sites much more so than nginx, and i mean high traffic.  Those DoS loosers would have to work much harder to bring you down with varnish as a shield.
comboy
Sr. Member
****
Offline Offline

Activity: 247
Merit: 252



View Profile
April 18, 2011, 08:35:37 PM
 #1683

tl; dr; but if you are considering changing technology be sure to check redis. I love memcache but I wouldn't like my shares to stay just in memory.

Variance is a bitch!
xf2_org
Member
**
Offline Offline

Activity: 98
Merit: 13


View Profile
April 18, 2011, 08:47:12 PM
 #1684

tl; dr; but if you are considering changing technology be sure to check redis. I love memcache but I wouldn't like my shares to stay just in memory.

huh?  Nobody has suggested that.

The normal pattern is for database writes to do as the name implies -- write to the database (and memcached).  Database reads are served from memcached.  That means the database is used almost exclusively for storing data.  This is known as write-through caching.


Quote from: colossus
Excellent but why don't you also split your site into to 2 parts, use varnish to cache the mundane stuff for a much longer period and set the more realtime stuff to have a shorter ttl

<shrug>  Having two caches is pointless.  Adding Varnish would duplicate quite a bit of what memcached does.  Each object may have its own ttl.  That is not a unique (or even noteworthy) use of Varnish.

slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
April 18, 2011, 09:30:03 PM
 #1685

Attacker flooding the server had IP 69.72.189.147

dishwara
Legendary
*
Offline Offline

Activity: 1855
Merit: 1016



View Profile
April 18, 2011, 09:51:28 PM
 #1686

Attacker flooding the server had IP 69.72.189.147
http://www.dnsstuff.com/tools/whois/?ip=69.72.189.147&j=1&email=on
http://www.dnsstuff.com/tools/ipall/?tool_id=67&token=&toolhandler_redirect=0&ip=69.72.189.147
http://www.fortressitx.com/index.php?tpl=contact
http://www.web-hosting-top.com/companies/fortressitx.com

It may help...........
colossus
Full Member
***
Offline Offline

Activity: 121
Merit: 100

Obey me and live or disobey and die.


View Profile
April 18, 2011, 10:07:21 PM
 #1687

<shrug>  Having two caches is pointless.  Adding Varnish would duplicate quite a bit of what memcached does.  Each object may have its own ttl.  That is not a unique (or even noteworthy) use of Varnish.
LoL  Cheesy Really,  so easy to dismiss just trying to contribute, Varnish is an HTTP cache engine, Memcached is an engine that allows storage of data to memory, they’re not the same so they can’t be compared so black and white me thinks.

In fact surely they idea is not that idiotic , i.e if a visitor has no login session cookie then nginx will serve the page cache from Varnish, and then additionally even with the session cookie you can serve content generated from memcache but stored in varnish all offloading work from nginx and most likely reducing cpu usage and internal network bandwidth. Its highly configurable and you shouldn't treat is a dumb cache.

But its a bit hard to make a sweeping statement without knowing the internal bottlenecks generated by the attack.

just another 2 cents to the original 2 cents. or should i say 0.02 btc.
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3920
Merit: 2349


Eadem mutata resurgo


View Profile
April 18, 2011, 10:11:53 PM
 #1688

Attacker flooding the server had IP 69.72.189.147

Glove's are off for that botnet bastard now. Angry

colossus
Full Member
***
Offline Offline

Activity: 121
Merit: 100

Obey me and live or disobey and die.


View Profile
April 18, 2011, 10:22:06 PM
 #1689


Or just blocking all IP addresses from the home of capitalism might solve the problem  Wink, of course that might not be so open an fair and break the spirit of bitcoin.   Cry
colossus
Full Member
***
Offline Offline

Activity: 121
Merit: 100

Obey me and live or disobey and die.


View Profile
April 18, 2011, 10:24:38 PM
 #1690

Attacker flooding the server had IP 69.72.189.147

Glove's are off for that botnet bastard now. Angry

2 words "LOIC HIM"  or you can chant "LOIC HIM....LOIC HIM" if you are participating in an angry mob.  Grin
FairUser
Sr. Member
****
Offline Offline

Activity: 1344
Merit: 264


bit.ly/3QXp3oh | Ultimate Launchpad on TON


View Profile
April 19, 2011, 12:08:46 AM
 #1691

Suggestion...

iptables -A INPUT -s <ip> -j DROP

Problem solved.  I even blocked a whole ISP because someone was jumping around their IP space.
We've been getting attacked off and on for two weeks now.  Looks like someone has it out for the bitcoin pools indeed.

TONUP██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
▄▄███████▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄█████▄░▄▄▀█████▀▄████▄
▄███████▄▀█▄▀██▀▄███████▄
█████████▄▀█▄▀▄██████████
██████████▄▀█▄▀██████████
██████████▀▄▀█▄▀█████████
▀███████▀▄██▄▀█▄▀███████▀
▀████▀▄█████▄▀▀░▀█████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀███████▀▀
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄██████████████▀▀█████▄
▄██████████▀▀█████▐████▄
██████▀▀████▄▄▀▀█████████
████▄▄███▄██▀█████▐██████
█████████▀██████████████
▀███████▌▐██████▐██████▀
▀███████▄▄███▄████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄█████████████████████▄
▄████▀▀███▀▀███▀▀██▀███▄
████▀███████▀█▀███▀█████
██████████████████████
████▄███████▄█▄███▄█████
▀████▄▄███▄▄███▄▄██▄███▀
▀█████████████████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
████████
██
██
██
██
██
██
██
██
██
██
██
████████
████████████████████████████████████████████████████████████████████████████████
.
JOIN NOW
.
████████████████████████████████████████████████████████████████████████████████
████████
██
██
██
██
██
██
██
██
██
██
██
████████
rezin777
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile
April 19, 2011, 01:08:04 AM
 #1692

Or just blocking all IP addresses from the home of capitalism might solve the problem  Wink, of course that might not be so open an fair and break the spirit of bitcoin.   Cry

And block actual miners as well?

Capitalism... Don't you mean corporatism? And how nice of you to lay the blame on everyone, simply because of where they are born. Not all citizens support the actions of their government. And I would imagine the motives of anyone using or promoting bitcoin should speak for themselves.

Sorry, this has nothing to do with this thread but I couldn't resist myself.
colossus
Full Member
***
Offline Offline

Activity: 121
Merit: 100

Obey me and live or disobey and die.


View Profile
April 19, 2011, 05:50:43 AM
 #1693

Yes perhaps a little extreme to block a whole country especially such a big one (not a serious suggestion) although a block on isp like suggested by iptables post could be considered in case of consistent repeated attack.

but.... is it fair to block a whole isp i would also ask, perhaps one individual is ruining it for others, i would probably stick with individual ips until more attacks from the same range where detected. The fact that only 1 ip was used for the attack shows its the intent of 1 at the moment and not some botnet attack.

but kudos to slush as he managed to keep the mining running, but i think it does have confidence hit on miners, when the site is not visible, as we could see that last night of bitcoinwatch as people went back to slush after the site was back up.

slurch
Member
**
Offline Offline

Activity: 70
Merit: 10



View Profile WWW
April 19, 2011, 06:36:15 AM
 #1694

Or just blocking all IP addresses from the home of capitalism might solve the problem  Wink, of course that might not be so open an fair and break the spirit of bitcoin.   Cry

Hey now...I can assure you that my IP address and my politics have not a damn thing to do with one another. Tongue

Donations accepted at: 1AXKzVc1tTmfC6VkWwBNSzKqThqhwsC5mY
For what, I have no idea...
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
April 19, 2011, 08:18:00 AM
 #1695

Yes, I blocked him with iptables, too. Easiest solution. Currently site has rate limiter and iptables blacklist.

Can you please create a list of the attackers?

Nice idea, I'll join this effort if fairuser & tycho agree (and I already published the one IP Smiley.

colossus
Full Member
***
Offline Offline

Activity: 121
Merit: 100

Obey me and live or disobey and die.


View Profile
April 19, 2011, 08:51:22 AM
 #1696

Quote

I prefer ping flooding:
hping3 --flood 69.72.189.147
 Cheesy

Unfortunately neither methods would be very successful, that attack was from a corporate line (cirtex corp), But I fully support the name and shame policy you suggested.
Aqualung
Sr. Member
****
Offline Offline

Activity: 357
Merit: 250



View Profile
April 20, 2011, 06:50:12 AM
 #1697

yep... maybe it is possible, but very strange that pool can't find block for so long
Current shares CFD:   99.98 % - and still no block Smiley

used to be a miner
OVerLoRDI
Member
**
Offline Offline

Activity: 60
Merit: 10


View Profile
April 20, 2011, 07:30:51 AM
 #1698

I've seen blocks take 10 hours to find.  Granted that was back when the pool was around 80 Ghash/s.  It is very unlikely, but still possible to have a block take 6+ hours.  It would have to be a very clever attack for this sort of thing to be accomplished.

Just get some sleep/go to work/go have drinks with your friends and stop refreshing your account page every few minutes Tongue

slurch
Member
**
Offline Offline

Activity: 70
Merit: 10



View Profile WWW
April 20, 2011, 07:36:39 AM
 #1699

I've seen blocks take 10 hours to find.  Granted that was back when the pool was around 80 Ghash/s.  It is very unlikely, but still possible to have a block take 6+ hours.  It would have to be a very clever attack for this sort of thing to be accomplished.

Just get some sleep/go to work/go have drinks with your friends and stop refreshing your account page every few minutes Tongue

Doing all of the above. Smiley

I can't even comprehend the type of attack this would take to pull this off. Granted, I'm still a noob, but you guys are definitely teaching me. I left Slush's the other night for a few hours and felt awful about it...been with the pool since I started with my CPU, pulling a nickel every day and a half. (and doing a hell of a lot better now, tyvm)

It must be an awesome block to be taking this long. Tongue

Donations accepted at: 1AXKzVc1tTmfC6VkWwBNSzKqThqhwsC5mY
For what, I have no idea...
tryptamine
Newbie
*
Offline Offline

Activity: 24
Merit: 0



View Profile
April 20, 2011, 08:25:12 AM
 #1700

100% cfd right now.
Pages: « 1 ... 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 [85] 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 ... 1154 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!