| 
			| 
					
								| VishwaJay 
								Newbie    Offline 
								Activity: 56 
								Merit: 0
								   | 
								|  | April 17, 2013, 01:01:18 PM |  | 
 
 I say we get IP address information on the botnet and execute take-downs of the servers by notifying ISPs that server with IP xx.xx.xx.xx is involved in a DDoS attack, etc.?
 How about it, slush, can we have a list of IP addresses from your server logs?
 
 +1, although it's probably a botnet  Thus the reason to involve a lot of users who have telephones in multiple countries to call ISP's after doing a reverse host lookup and finding the hosting provider by IP address, then asking them to disable the server because it's active as part of a botnet DDoS... do I have to spell out the whole thing? |  
						|  |  |  | 
| 
			| 
					
								| weirdthall 
								Member     Offline 
								Activity: 81 
								Merit: 10
								   | 
								|  | April 17, 2013, 01:04:22 PM |  | 
 
 Hmm, I'm mining but Im getting some weird stats...
 Sending shares through but says (every now and then) that I sent shares through anything up to 2 hours ago...
 
 IE
 
 ******   ******   0   168   0.0001   39 minutes   80.289    on   yes   1   Edit |
 ******   ******   0   73   0.0000   41 minutes   34.887    on   yes   1   Edit |
 ******   ******   0   23   0.0000   42 minutes   10.992    on   yes   1   Edit |
 ******   ******   0   17   0.0000   50 minutes   8.124            on   yes   1   Edit |
 
 But each one of those workers has sent shares through in the last minute or two...anyone else getting this?
 
 
 
 EDIT: Just checked, failover on my miners had changed and I hadn't noticed it...so stats are correct, seems like pool is being DDoS'd again?
 |  
						|  |  |  | 
| 
			| 
					
								| aigeezer 
								Legendary    Offline 
								Activity: 1450 
								Merit: 1013
								 
								Cryptanalyst castrated by his government, 1952
								
								
								
								
								
								   | 
								|  | April 17, 2013, 01:07:41 PM |  | 
 
 "Hashrate on Stratum interface (30 min average):   24.578 Ghash/s (4%)"  no longer zero, but still not normal. Very few credits, although miners seem to be working at first glance.
 |  
						|  |  |  | 
| 
			| 
					
								| centove | 
								|  | April 17, 2013, 01:08:11 PM |  | 
 
 I say we get IP address information on the botnet and execute take-downs of the servers by notifying ISPs that server with IP xx.xx.xx.xx is involved in a DDoS attack, etc.?
 How about it, slush, can we have a list of IP addresses from your server logs?
 
 +1, although it's probably a botnet  Thus the reason to involve a lot of users who have telephones in multiple countries to call ISP's after doing a reverse host lookup and finding the hosting provider by IP address, then asking them to disable the server because it's active as part of a botnet DDoS... do I have to spell out the whole thing?Good luck with that, taking out the 'drones' is like trying to hold the tide back. For every drone you stop, two or more replace it. To really stop this you need to locate the 'command' nodes and shut those down.  |  
						| 
 |  |  | 
| 
			| 
					
								| VishwaJay 
								Newbie    Offline 
								Activity: 56 
								Merit: 0
								   | 
								|  | April 17, 2013, 01:08:40 PM |  | 
 
 Still getting this: 2013-04-17 07:09:06: Listener for "Slush": 17/04/2013 07:09:06, started OpenCL miner on platform 0, device 0 (BeaverCreek)2013-04-17 07:09:06: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:06, checking for stratum...
 2013-04-17 07:09:07: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:07, diverted to stratum on stratum.bitcoin.cz:3333
 2013-04-17 07:09:17: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:17, Failed to subscribe
 2013-04-17 07:09:19: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:19, IO errors - 1, tolerance 2
 2013-04-17 07:09:29: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:29, Failed to subscribe
 2013-04-17 07:09:31: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:31, IO errors - 2, tolerance 2
 2013-04-17 07:09:41: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:41, Failed to subscribe
 2013-04-17 07:09:43: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:43, IO errors - 3, tolerance 2
 2013-04-17 07:09:43: Listener for "Slush": api2.bitcoin.cz:8332 17/04/2013 07:09:43, No more backup servers left. Using primary and starting over.
 
 |  
						|  |  |  | 
| 
			| 
					
								| salty | 
								|  | April 17, 2013, 01:09:46 PM |  | 
 
 do I have to spell out the whole thing?
 
 Pretty much, yes. Thankyou for your patience   |  
						|  |  |  | 
| 
			| 
					
								| VishwaJay 
								Newbie    Offline 
								Activity: 56 
								Merit: 0
								   | 
								|  | April 17, 2013, 01:10:31 PM |  | 
 
 Good luck with that, taking out the 'drones' is like trying to hold the tide back. For every drone you stop, two or more replace it. To really stop this you need to locate the 'command' nodes and shut those down. 
 Only if you go 1:1 with it... when you tell them a DDoS is happening, the word tends to spread and they begin looking for servers. If everyone does exactly nothing about it, then nothing gets done. |  
						|  |  |  | 
| 
			| 
					
								| Antuam 
								Legendary    Offline 
								Activity: 1722 
								Merit: 1005
								   | 
								|  | April 17, 2013, 01:17:02 PM |  | 
 
 Hello. 
 Is it down again the Pool?
 
 Thanks you in advanced.
 Antuam
 
 |  
						| 
 |  |  | 
| 
			| 
					
								| centove | 
								|  | April 17, 2013, 01:22:44 PM |  | 
 
 Good luck with that, taking out the 'drones' is like trying to hold the tide back. For every drone you stop, two or more replace it. To really stop this you need to locate the 'command' nodes and shut those down. 
 Only if you go 1:1 with it... when you tell them a DDoS is happening, the word tends to spread and they begin looking for servers. If everyone does exactly nothing about it, then nothing gets done.The providers response tends to be hmmm.. I have a hundred thousand ip's smacking one IP here... Impacting my other business.. what to do.... Hmmm one vs thousands... Okay lets blackhole one upstream.. Other clients happy, one client unhappy. Then there is the fact of where 99% of the traffic is coming from. You start doing whois's and reverse lookups on things and get responses like this: netname:        CHINANET-HB descr:          CHINANET Hubei province network descr:          China Telecom descr:          A12,Xin-Jie-Kou-Wai Street descr:          Beijing 100088 netname:        SPECTRA descr:          Spectra ISP Networks Private Limited descr:          42, Okhla Industrial Estate descr:          Phase III .in-addr.arpa. not found: 3(NXDOMAIN) and so on... and IF you happen to get a response on that, it will generally be a end user (cable modem or some such) In short there isn't much that _can_ be done about it. The numbers favor the attacker. |  
						| 
 |  |  | 
| 
			| 
					
								| Camello_AR 
								Newbie    Offline 
								Activity: 43 
								Merit: 0
								   | 
								|  | April 17, 2013, 01:24:48 PM |  | 
 
 Appears to be down rigth now, but in stats page i see some stratum & getwork moves (but only 300GH/s in one and 800GH/s in all)
 And I can't see my proxy, but my miners show some error in connect them
 
 EDIT: I connect via VNC with my proxy and must to restart them due to some python errors, managing connections. Appears to be UP now
 |  
						|  |  |  | 
| 
			| 
					
								| slush (OP) 
								Legendary    Offline 
								Activity: 1386 
								Merit: 1097
								     | 
								|  | April 17, 2013, 01:27:03 PM |  | 
 
 This is a cat and mouse game.  |  
						| 
 |  |  | 
| 
			| 
					
								| slush (OP) 
								Legendary    Offline 
								Activity: 1386 
								Merit: 1097
								     | 
								|  | April 17, 2013, 01:28:13 PM |  | 
 
 Appears to be down rigth now, but in stats page i see some stratum & getwork moves (but only 300GH/s in one and 800GH/s in all)
 Stats are a bit behind, because it is a half hour average. Pool currently works, your DNS probably didn't propagated new record yet. It will refresh in few minutes... |  
						| 
 |  |  | 
| 
			| 
					
								| centove | 
								|  | April 17, 2013, 01:28:32 PM |  | 
 
 This is a cat and mouse game. 
 I prefer internet wack-a-mole   |  
						| 
 |  |  | 
| 
			| 
					
								| Camello_AR 
								Newbie    Offline 
								Activity: 43 
								Merit: 0
								   | 
								|  | April 17, 2013, 01:30:53 PM |  | 
 
 As I say few post ago, must restart mining proxy to get it connected again |  
						|  |  |  | 
| 
			| 
					
								| ewitte 
								Member     Offline 
								Activity: 98 
								Merit: 10
								
								
								
								
								   | 
								|  | April 17, 2013, 01:36:42 PM |  | 
 
 AHHHHH.  I switched to LTC last night but need a good pool.  Computer told me 770MH/s pool averaged 3xxMH/s! EDIT: Welcome just got out of the newbie forum   |  
						| 
 DonationsBTC - 13Lgy6fb4d3nSYEf2nkgBgyBkkhPw8zkPd
 LTC - LegzRwyc2Xhu8cqvaW2jwRrqSnhyaYU6gZ
 |  |  | 
| 
			| 
					
								| digital | 
								|  | April 17, 2013, 01:38:01 PM |  | 
 
 Wow, no wonder there are 316 pages.
 Guys, when your miner just randomly stops working.  The pool is down.  If you leave it alone, when the pool comes back up so will your miner.
 
 There is no need to come on the board and post every time you see the pool go up or down.  And I guarantee that when the pool is down, slush knows it and is on it like flies on shit.
 
 Seriously, I've got my miner running, and I NEVER touch it.  When the pool is down, I usually don't even know til after the fact.  And when the pool comes back up, so does my miner.
 
 If there are legit problems, after the pool is stable.  Then post and you will get several people willing to help.  But when you have ten people an hour posting the same stuff, the superusers aren't going to bother because info will get buried.
 
 Just my 2 bitcents.
 |  
						| 
 If I help you out: 17QatvSdciyv2zsdAbphDEUzST1S6x46c3References (bitcointalk.org/index.php?topic=): 50051.20  50051.100  53668.0  53788.0  53571.0  53571.0  52212.0  50729.0  114804.0  115468  78106  69061  58572  54747
 |  |  | 
| 
			| 
					
								| jagallout 
								Newbie    Offline 
								Activity: 29 
								Merit: 0
								
								
								
								
								   | 
								|  | April 17, 2013, 01:40:03 PM |  | 
 
 In case a simple restart on your mining proxy doesn't "just work".  As slush stated above you may need to flush dns:
 windows:
 Run--> CMD --> ipconfig /flushdns
 
 Mac Osx:
 -->Searchlight --> Terminal --> dscacheutil -flushcache
 
 Linux:
 /etc/rc.d/init.d/nscd restart
 |  
						|  |  |  | 
| 
			| 
					
								| warlordluke 
								Newbie    Offline 
								Activity: 44 
								Merit: 0
								   | 
								|  | April 17, 2013, 01:40:45 PM |  | 
 
 Good luck with that, taking out the 'drones' is like trying to hold the tide back. For every drone you stop, two or more replace it. To really stop this you need to locate the 'command' nodes and shut those down. 
 Only if you go 1:1 with it... when you tell them a DDoS is happening, the word tends to spread and they begin looking for servers. If everyone does exactly nothing about it, then nothing gets done.The providers response tends to be hmmm.. I have a hundred thousand ip's smacking one IP here... Impacting my other business.. what to do.... Hmmm one vs thousands... Okay lets blackhole one upstream.. Other clients happy, one client unhappy. Then there is the fact of where 99% of the traffic is coming from. You start doing whois's and reverse lookups on things and get responses like this: netname:        CHINANET-HB descr:          CHINANET Hubei province network descr:          China Telecom descr:          A12,Xin-Jie-Kou-Wai Street descr:          Beijing 100088 netname:        SPECTRA descr:          Spectra ISP Networks Private Limited descr:          42, Okhla Industrial Estate descr:          Phase III .in-addr.arpa. not found: 3(NXDOMAIN) and so on... and IF you happen to get a response on that, it will generally be a end user (cable modem or some such) In short there isn't much that _can_ be done about it. The numbers favor the attacker.If you have the IP what about doing a tracert to see where exactly it comes from? Though I'm guessing that may also give you roughly the same information as doing the whois and reverse lookups. |  
						|  |  |  | 
| 
			| 
					
								| bitpop 
								Legendary    Offline 
								Activity: 2954 
								Merit: 1065
								     | 
								|  | April 17, 2013, 01:41:59 PM |  | 
 
 i dont blame the bot commanders. i blame the idiots that let their computers turn into virus laden festering bots. |  
						| 
 |  |  | 
| 
			| 
					
								| centove | 
								|  | April 17, 2013, 01:52:42 PM |  | 
 
 |  
						| 
 |  |  | 
	|  |