[4+ EH] Slush Pool (slushpool.com); Overt AsicBoost; World First Mining Pool

[centove]

FWIW, None of my miners can seem to connect to the stratum servers..

[BitcoinOxygen]

strange.... At the same time slush's pool started getting DDOSed again My pool and some other pools are getting DDOSed again.

It seems that this DDOS on many pools are done by the same botnet operator that is attacking slush.

Could this be an all out attack? Is it wise to start solo mining for a while to spread the targets?

The attack on BTCOxygen seems to be going away again.
Maybe slush's pool will also start working again.

[VishwaJay]

I say we get IP address information on the botnet and execute take-downs of the servers by notifying ISPs that server with IP xx.xx.xx.xx is involved in a DDoS attack, etc.?

How about it, slush, can we have a list of IP addresses from your server logs?

+1, although it's probably a botnet

Thus the reason to involve a lot of users who have telephones in multiple countries to call ISP's after doing a reverse host lookup and finding the hosting provider by IP address, then asking them to disable the server because it's active as part of a botnet DDoS... do I have to spell out the whole thing?

[weirdthall]

Hmm, I'm mining but Im getting some weird stats...

Sending shares through but says (every now and then) that I sent shares through anything up to 2 hours ago...

IE

******   ******   0   168   0.0001   39 minutes   80.289    on   yes   1   Edit |  
******   ******   0   73   0.0000   41 minutes   34.887    on   yes   1   Edit |  
******   ******   0   23   0.0000   42 minutes   10.992    on   yes   1   Edit |  
******   ******   0   17   0.0000   50 minutes   8.124            on   yes   1   Edit |  

But each one of those workers has sent shares through in the last minute or two...anyone else getting this?
 


EDIT: Just checked, failover on my miners had changed and I hadn't noticed it...so stats are correct, seems like pool is being DDoS'd again?

[aigeezer]

"Hashrate on Stratum interface (30 min average):   24.578 Ghash/s (4%)"  no longer zero, but still not normal. Very few credits, although miners seem to be working at first glance.

[centove]

I say we get IP address information on the botnet and execute take-downs of the servers by notifying ISPs that server with IP xx.xx.xx.xx is involved in a DDoS attack, etc.?

How about it, slush, can we have a list of IP addresses from your server logs?

+1, although it's probably a botnet

Thus the reason to involve a lot of users who have telephones in multiple countries to call ISP's after doing a reverse host lookup and finding the hosting provider by IP address, then asking them to disable the server because it's active as part of a botnet DDoS... do I have to spell out the whole thing?

Good luck with that, taking out the 'drones' is like trying to hold the tide back. For every drone you stop, two or more replace it. To really stop this you need to locate the 'command' nodes and shut those down.

[VishwaJay]

Still getting this:

2013-04-17 07:09:06: Listener for "Slush": 17/04/2013 07:09:06, started OpenCL miner on platform 0, device 0 (BeaverCreek)
2013-04-17 07:09:06: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:06, checking for stratum...
2013-04-17 07:09:07: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:07, diverted to stratum on stratum.bitcoin.cz:3333
2013-04-17 07:09:17: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:17, Failed to subscribe
2013-04-17 07:09:19: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:19, IO errors - 1, tolerance 2
2013-04-17 07:09:29: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:29, Failed to subscribe
2013-04-17 07:09:31: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:31, IO errors - 2, tolerance 2
2013-04-17 07:09:41: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:41, Failed to subscribe
2013-04-17 07:09:43: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:43, IO errors - 3, tolerance 2
2013-04-17 07:09:43: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:43, No more backup servers left. Using primary and starting over.

[salty]

do I have to spell out the whole thing?

Pretty much, yes. Thankyou for your patience

[VishwaJay]

Good luck with that, taking out the 'drones' is like trying to hold the tide back. For every drone you stop, two or more replace it. To really stop this you need to locate the 'command' nodes and shut those down.

Only if you go 1:1 with it... when you tell them a DDoS is happening, the word tends to spread and they begin looking for servers. If everyone does exactly nothing about it, then nothing gets done.

[Antuam]

Hello.

Is it down again the Pool?

Thanks you in advanced.
Antuam

[centove]

Good luck with that, taking out the 'drones' is like trying to hold the tide back. For every drone you stop, two or more replace it. To really stop this you need to locate the 'command' nodes and shut those down.

Only if you go 1:1 with it... when you tell them a DDoS is happening, the word tends to spread and they begin looking for servers. If everyone does exactly nothing about it, then nothing gets done.

The providers response tends to be hmmm.. I have a hundred thousand ip's smacking one IP here... Impacting my other business.. what to do.... Hmmm one vs thousands... Okay lets blackhole one upstream.. Other clients happy, one client unhappy.

Then there is the fact of where 99% of the traffic is coming from.
You start doing whois's and reverse lookups on things and get responses like this:
netname:        CHINANET-HB
descr:          CHINANET Hubei province network
descr:          China Telecom
descr:          A12,Xin-Jie-Kou-Wai Street
descr:          Beijing 100088

netname:        SPECTRA
descr:          Spectra ISP Networks Private Limited
descr:          42, Okhla Industrial Estate
descr:          Phase III

.in-addr.arpa. not found: 3(NXDOMAIN)

and so on...

and IF you happen to get a response on that, it will generally be a end user (cable modem or some such)

In short there isn't much that _can_ be done about it. The numbers favor the attacker.

[Camello_AR]

Appears to be down rigth now, but in stats page i see some stratum & getwork moves (but only 300GH/s in one and 800GH/s in all)

And I can't see my proxy, but my miners show some error in connect them

EDIT: I connect via VNC with my proxy and must to restart them due to some python errors, managing connections. Appears to be UP now

[slush]

This is a cat and mouse game.

[slush]

Appears to be down rigth now, but in stats page i see some stratum & getwork moves (but only 300GH/s in one and 800GH/s in all)

Stats are a bit behind, because it is a half hour average. Pool currently works, your DNS probably didn't propagated new record yet. It will refresh in few minutes...

[centove]

This is a cat and mouse game.

I prefer internet wack-a-mole

[Camello_AR]

As I say few post ago, must restart mining proxy to get it connected again

[ewitte]

AHHHHH.  I switched to LTC last night but need a good pool.  Computer told me 770MH/s pool averaged 3xxMH/s!

EDIT: Welcome just got out of the newbie forum

[digital]

Wow, no wonder there are 316 pages.

Guys, when your miner just randomly stops working.  The pool is down.  If you leave it alone, when the pool comes back up so will your miner.

There is no need to come on the board and post every time you see the pool go up or down.  And I guarantee that when the pool is down, slush knows it and is on it like flies on shit.

Seriously, I've got my miner running, and I NEVER touch it.  When the pool is down, I usually don't even know til after the fact.  And when the pool comes back up, so does my miner.

If there are legit problems, after the pool is stable.  Then post and you will get several people willing to help.  But when you have ten people an hour posting the same stuff, the superusers aren't going to bother because info will get buried.

Just my 2 bitcents.

[jagallout]

In case a simple restart on your mining proxy doesn't "just work".  As slush stated above you may need to flush dns:

windows:
Run--> CMD --> ipconfig /flushdns

Mac Osx:
-->Searchlight --> Terminal --> dscacheutil -flushcache

Linux:
/etc/rc.d/init.d/nscd restart

[warlordluke]

Good luck with that, taking out the 'drones' is like trying to hold the tide back. For every drone you stop, two or more replace it. To really stop this you need to locate the 'command' nodes and shut those down.

Only if you go 1:1 with it... when you tell them a DDoS is happening, the word tends to spread and they begin looking for servers. If everyone does exactly nothing about it, then nothing gets done.

The providers response tends to be hmmm.. I have a hundred thousand ip's smacking one IP here... Impacting my other business.. what to do.... Hmmm one vs thousands... Okay lets blackhole one upstream.. Other clients happy, one client unhappy.

Then there is the fact of where 99% of the traffic is coming from.
You start doing whois's and reverse lookups on things and get responses like this:
netname:        CHINANET-HB
descr:          CHINANET Hubei province network
descr:          China Telecom
descr:          A12,Xin-Jie-Kou-Wai Street
descr:          Beijing 100088

netname:        SPECTRA
descr:          Spectra ISP Networks Private Limited
descr:          42, Okhla Industrial Estate
descr:          Phase III

.in-addr.arpa. not found: 3(NXDOMAIN)

and so on...

and IF you happen to get a response on that, it will generally be a end user (cable modem or some such)

In short there isn't much that _can_ be done about it. The numbers favor the attacker.

If you have the IP what about doing a tracert to see where exactly it comes from? Though I'm guessing that may also give you roughly the same information as doing the whois and reverse lookups.