Bitcoin Forum
October 14, 2024, 12:13:57 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 [314] 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 ... 1154 »
  Print  
Author Topic: [4+ EH] Slush Pool (slushpool.com); Overt AsicBoost; World First Mining Pool  (Read 4382522 times)
centove
Full Member
***
Offline Offline

Activity: 194
Merit: 100


View Profile
April 17, 2013, 01:00:15 PM
 #6261

FWIW, None of my miners can seem to connect to the stratum servers..

Give me Btc: 1BRkf5bwSVdGCyvu4SyYBiJjEjbNiAQoYd Mine on my node: http://ask.gxsnmp.org:9332/
BitcoinOxygen
Sr. Member
****
Offline Offline

Activity: 336
Merit: 250



View Profile WWW
April 17, 2013, 01:00:44 PM
 #6262

strange.... At the same time slush's pool started getting DDOSed again My pool and some other pools are getting DDOSed again.

It seems that this DDOS on many pools are done by the same botnet operator that is attacking slush.


Could this be an all out attack? Is it wise to start solo mining for a while to spread the targets?

The attack on BTCOxygen seems to be going away again.
Maybe slush's pool will also start working again.

BTCOxygen PPS Mining Pool 2% Fee  <<<  Join Now
VishwaJay
Newbie
*
Offline Offline

Activity: 56
Merit: 0



View Profile
April 17, 2013, 01:01:18 PM
 #6263

I say we get IP address information on the botnet and execute take-downs of the servers by notifying ISPs that server with IP xx.xx.xx.xx is involved in a DDoS attack, etc.?

How about it, slush, can we have a list of IP addresses from your server logs?

+1, although it's probably a botnet Sad

Thus the reason to involve a lot of users who have telephones in multiple countries to call ISP's after doing a reverse host lookup and finding the hosting provider by IP address, then asking them to disable the server because it's active as part of a botnet DDoS... do I have to spell out the whole thing?
weirdthall
Member
**
Offline Offline

Activity: 81
Merit: 10



View Profile
April 17, 2013, 01:04:22 PM
 #6264

Hmm, I'm mining but Im getting some weird stats...

Sending shares through but says (every now and then) that I sent shares through anything up to 2 hours ago...

IE

******   ******   0   168   0.0001   39 minutes   80.289    on   yes   1   Edit |  
******   ******   0   73   0.0000   41 minutes   34.887    on   yes   1   Edit |  
******   ******   0   23   0.0000   42 minutes   10.992    on   yes   1   Edit |  
******   ******   0   17   0.0000   50 minutes   8.124            on   yes   1   Edit |  

But each one of those workers has sent shares through in the last minute or two...anyone else getting this?
 


EDIT: Just checked, failover on my miners had changed and I hadn't noticed it...so stats are correct, seems like pool is being DDoS'd again?
aigeezer
Legendary
*
Offline Offline

Activity: 1450
Merit: 1013


Cryptanalyst castrated by his government, 1952


View Profile
April 17, 2013, 01:07:41 PM
 #6265

"Hashrate on Stratum interface (30 min average):   24.578 Ghash/s (4%)"  no longer zero, but still not normal. Very few credits, although miners seem to be working at first glance.
centove
Full Member
***
Offline Offline

Activity: 194
Merit: 100


View Profile
April 17, 2013, 01:08:11 PM
 #6266

I say we get IP address information on the botnet and execute take-downs of the servers by notifying ISPs that server with IP xx.xx.xx.xx is involved in a DDoS attack, etc.?

How about it, slush, can we have a list of IP addresses from your server logs?

+1, although it's probably a botnet Sad

Thus the reason to involve a lot of users who have telephones in multiple countries to call ISP's after doing a reverse host lookup and finding the hosting provider by IP address, then asking them to disable the server because it's active as part of a botnet DDoS... do I have to spell out the whole thing?

Good luck with that, taking out the 'drones' is like trying to hold the tide back. For every drone you stop, two or more replace it. To really stop this you need to locate the 'command' nodes and shut those down.

Give me Btc: 1BRkf5bwSVdGCyvu4SyYBiJjEjbNiAQoYd Mine on my node: http://ask.gxsnmp.org:9332/
VishwaJay
Newbie
*
Offline Offline

Activity: 56
Merit: 0



View Profile
April 17, 2013, 01:08:40 PM
 #6267

Still getting this:

Quote
2013-04-17 07:09:06: Listener for "Slush": 17/04/2013 07:09:06, started OpenCL miner on platform 0, device 0 (BeaverCreek)
2013-04-17 07:09:06: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:06, checking for stratum...
2013-04-17 07:09:07: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:07, diverted to stratum on stratum.bitcoin.cz:3333
2013-04-17 07:09:17: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:17, Failed to subscribe
2013-04-17 07:09:19: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:19, IO errors - 1, tolerance 2
2013-04-17 07:09:29: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:29, Failed to subscribe
2013-04-17 07:09:31: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:31, IO errors - 2, tolerance 2
2013-04-17 07:09:41: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:41, Failed to subscribe
2013-04-17 07:09:43: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:43, IO errors - 3, tolerance 2
2013-04-17 07:09:43: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:43, No more backup servers left. Using primary and starting over.
salty
Full Member
***
Offline Offline

Activity: 562
Merit: 100



View Profile
April 17, 2013, 01:09:46 PM
 #6268


do I have to spell out the whole thing?

Pretty much, yes. Thankyou for your patience Wink
VishwaJay
Newbie
*
Offline Offline

Activity: 56
Merit: 0



View Profile
April 17, 2013, 01:10:31 PM
 #6269

Good luck with that, taking out the 'drones' is like trying to hold the tide back. For every drone you stop, two or more replace it. To really stop this you need to locate the 'command' nodes and shut those down.

Only if you go 1:1 with it... when you tell them a DDoS is happening, the word tends to spread and they begin looking for servers. If everyone does exactly nothing about it, then nothing gets done.
Antuam
Legendary
*
Offline Offline

Activity: 1722
Merit: 1005



View Profile
April 17, 2013, 01:17:02 PM
 #6270

Hello.

Is it down again the Pool?

Thanks you in advanced.
Antuam

centove
Full Member
***
Offline Offline

Activity: 194
Merit: 100


View Profile
April 17, 2013, 01:22:44 PM
 #6271

Good luck with that, taking out the 'drones' is like trying to hold the tide back. For every drone you stop, two or more replace it. To really stop this you need to locate the 'command' nodes and shut those down.

Only if you go 1:1 with it... when you tell them a DDoS is happening, the word tends to spread and they begin looking for servers. If everyone does exactly nothing about it, then nothing gets done.

The providers response tends to be hmmm.. I have a hundred thousand ip's smacking one IP here... Impacting my other business.. what to do.... Hmmm one vs thousands... Okay lets blackhole one upstream.. Other clients happy, one client unhappy.

Then there is the fact of where 99% of the traffic is coming from.
You start doing whois's and reverse lookups on things and get responses like this:
netname:        CHINANET-HB
descr:          CHINANET Hubei province network
descr:          China Telecom
descr:          A12,Xin-Jie-Kou-Wai Street
descr:          Beijing 100088

netname:        SPECTRA
descr:          Spectra ISP Networks Private Limited
descr:          42, Okhla Industrial Estate
descr:          Phase III

.in-addr.arpa. not found: 3(NXDOMAIN)

and so on...

and IF you happen to get a response on that, it will generally be a end user (cable modem or some such)

In short there isn't much that _can_ be done about it. The numbers favor the attacker.

Give me Btc: 1BRkf5bwSVdGCyvu4SyYBiJjEjbNiAQoYd Mine on my node: http://ask.gxsnmp.org:9332/
Camello_AR
Newbie
*
Offline Offline

Activity: 43
Merit: 0



View Profile
April 17, 2013, 01:24:48 PM
 #6272

Appears to be down rigth now, but in stats page i see some stratum & getwork moves (but only 300GH/s in one and 800GH/s in all)

And I can't see my proxy, but my miners show some error in connect them

EDIT: I connect via VNC with my proxy and must to restart them due to some python errors, managing connections. Appears to be UP now
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
April 17, 2013, 01:27:03 PM
 #6273

This is a cat and mouse game.

slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
April 17, 2013, 01:28:13 PM
 #6274

Appears to be down rigth now, but in stats page i see some stratum & getwork moves (but only 300GH/s in one and 800GH/s in all)

Stats are a bit behind, because it is a half hour average. Pool currently works, your DNS probably didn't propagated new record yet. It will refresh in few minutes...

centove
Full Member
***
Offline Offline

Activity: 194
Merit: 100


View Profile
April 17, 2013, 01:28:32 PM
 #6275

This is a cat and mouse game.
I prefer internet wack-a-mole Smiley

Give me Btc: 1BRkf5bwSVdGCyvu4SyYBiJjEjbNiAQoYd Mine on my node: http://ask.gxsnmp.org:9332/
Camello_AR
Newbie
*
Offline Offline

Activity: 43
Merit: 0



View Profile
April 17, 2013, 01:30:53 PM
 #6276

As I say few post ago, must restart mining proxy to get it connected again
ewitte
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
April 17, 2013, 01:36:42 PM
 #6277

AHHHHH.  I switched to LTC last night but need a good pool.  Computer told me 770MH/s pool averaged 3xxMH/s!

EDIT: Welcome just got out of the newbie forum Cheesy

Donations
BTC - 13Lgy6fb4d3nSYEf2nkgBgyBkkhPw8zkPd
LTC - LegzRwyc2Xhu8cqvaW2jwRrqSnhyaYU6gZ
digital
Hero Member
*****
Offline Offline

Activity: 490
Merit: 500


View Profile
April 17, 2013, 01:38:01 PM
 #6278

Wow, no wonder there are 316 pages.

Guys, when your miner just randomly stops working.  The pool is down.  If you leave it alone, when the pool comes back up so will your miner.

There is no need to come on the board and post every time you see the pool go up or down.  And I guarantee that when the pool is down, slush knows it and is on it like flies on shit.

Seriously, I've got my miner running, and I NEVER touch it.  When the pool is down, I usually don't even know til after the fact.  And when the pool comes back up, so does my miner.

If there are legit problems, after the pool is stable.  Then post and you will get several people willing to help.  But when you have ten people an hour posting the same stuff, the superusers aren't going to bother because info will get buried.

Just my 2 bitcents.

If I help you out: 17QatvSdciyv2zsdAbphDEUzST1S6x46c3
References (bitcointalk.org/index.php?topic=): 50051.20  50051.100  53668.0  53788.0  53571.0  53571.0  52212.0  50729.0  114804.0  115468  78106  69061  58572  54747
jagallout
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
April 17, 2013, 01:40:03 PM
 #6279

In case a simple restart on your mining proxy doesn't "just work".  As slush stated above you may need to flush dns:

windows:
Run--> CMD --> ipconfig /flushdns

Mac Osx:
-->Searchlight --> Terminal --> dscacheutil -flushcache

Linux:
/etc/rc.d/init.d/nscd restart
warlordluke
Newbie
*
Offline Offline

Activity: 44
Merit: 0



View Profile
April 17, 2013, 01:40:45 PM
 #6280

Good luck with that, taking out the 'drones' is like trying to hold the tide back. For every drone you stop, two or more replace it. To really stop this you need to locate the 'command' nodes and shut those down.

Only if you go 1:1 with it... when you tell them a DDoS is happening, the word tends to spread and they begin looking for servers. If everyone does exactly nothing about it, then nothing gets done.

The providers response tends to be hmmm.. I have a hundred thousand ip's smacking one IP here... Impacting my other business.. what to do.... Hmmm one vs thousands... Okay lets blackhole one upstream.. Other clients happy, one client unhappy.

Then there is the fact of where 99% of the traffic is coming from.
You start doing whois's and reverse lookups on things and get responses like this:
netname:        CHINANET-HB
descr:          CHINANET Hubei province network
descr:          China Telecom
descr:          A12,Xin-Jie-Kou-Wai Street
descr:          Beijing 100088

netname:        SPECTRA
descr:          Spectra ISP Networks Private Limited
descr:          42, Okhla Industrial Estate
descr:          Phase III

.in-addr.arpa. not found: 3(NXDOMAIN)

and so on...

and IF you happen to get a response on that, it will generally be a end user (cable modem or some such)

In short there isn't much that _can_ be done about it. The numbers favor the attacker.


If you have the IP what about doing a tracert to see where exactly it comes from? Though I'm guessing that may also give you roughly the same information as doing the whois and reverse lookups.
Pages: « 1 ... 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 [314] 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 ... 1154 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!