[1423GH] ABCPool PPS - Proxy Pool For High & Steady Mining Rewards

[farfiman]

So a 4% fee does not include DDOS mitigation?

A 500Gh pool with a 4% fee equals 20Gh of mining power for abcpool.co not to mention other donations.

At an average of $5 / BTC, that's around 16 coins a day for a total of $80. Over 30 days, that's $2400.

Seems like abcpool.co is making enough $$$ to mitigate the attack.

Why aren't you doing this for your loyal customers when you say you have the most reliable pool?

This is an obvious weak link in your reliability.

They were free for a very long time and probably ran at a loss, so I can't complain.
Now they are finally making money and they should invest.

[1713993780]

1713993780

[1713993780]

1713993780

[1713993780]

1713993780

[1713993780]

1713993780

[1713993780]

1713993780

[Hotdog453]

I guess I have to ask, since I'm curious: I'm going to guess a big chunk of your miners come from the same IPs, right? So, like, I'm sending you ~20GH/s from IP X.X.X.X. And BobTheMonkey is sending you 20GH/s from X.X.X.X, day in, day out. The log has to show that same traffic pretty constantly.

I have no idea what is required to prevent a DDOS, and I'm not about to claim I do. But in a fairly "small" operation like this (and, realistically, it is pretty small; you're looking at, what, ~550 or so clients connected?), couldn't you just whitelist all the "known" (or at least, say, the "big" known) IP addresses, and block everything else?

I'm assuming of course that only the pool.abcpool.co address is needed to allow mining, and the DDOS attack isn't screwing up something else on the back end.

I'm sure, 100% guaranteed, that my logic is wrong somewhere, but in a purely binary world, I assumed you could just block all traffic to that address except your "known" good miners (such as me, the most attractive member in the world).

[Brian DeLoach]

So a 4% fee does not include DDOS mitigation?

A 500Gh pool with a 4% fee equals 20Gh of mining power for abcpool.co not to mention other donations.

At an average of $5 / BTC, that's around 16 coins a day for a total of $80. Over 30 days, that's $2400.

Seems like abcpool.co is making enough $$$ to mitigate the attack.

Why aren't you doing this for your loyal customers when you say you have the most reliable pool?

This is an obvious weak link in your reliability.

It's an obvious weak link in every pool's reliability. Not even deepbit will stop a DDoS and they are a much bigger pool with a ton more money pouring in (%3 fee, 3500 ghps, ≈$15,000 per month). How about BTC Guild or Slush? They choke within minutes of an attack and will stay down at the discretion of the attacker. It's not realistic to demand expensive protection from pool operators for these attacks. BTC guild was literally blackmailed to keep a botnet on their server. When eleuthria finally banned him the pool was taken down within hours and didn't come back for days.

It's a very frustrating time for abcpool. I know they're working around the clock to mitigate the attack and it completely sucks to see your hard work get taken down like this.

[eleuthria]

So a 4% fee does not include DDOS mitigation?

A 500Gh pool with a 4% fee equals 20Gh of mining power for abcpool.co not to mention other donations.

At an average of $5 / BTC, that's around 16 coins a day for a total of $80. Over 30 days, that's $2400.

Seems like abcpool.co is making enough $$$ to mitigate the attack.

Why aren't you doing this for your loyal customers when you say you have the most reliable pool?

This is an obvious weak link in your reliability.

No pool can offer DDoS protection, not even Deepbit.  The best they can do is throw up spare servers and hope the DDoS doesn't follow them.  On top of that, a 4% fee on PPS doesn't mean a damn thing.  BTC Guild is a 5% fee, and I have made less in the last 3 months than I did off less than 1% donations in Proportional due to a severe bad luck streak in recent weeks.  In the long run?  Sure it SHOULD average out.  But that doesn't mean a pool is banking nonstop profits, especially when they haven't been around long.

[Hotdog453]

I was under the assumption the pool operators were all driving Ferraris.

Are you suggesting my impression was wrong?

[eleuthria]

I was under the assumption the pool operators were all driving Ferraris.

Are you suggesting my impression was wrong?

I wish I could afford a Tesla.  Sadly I'm stuck in a 2003 Honda Element.

I'm not saying pool operators are all running on ramen, but at least in the case of PPS pools, taking the fee and applying calculations on neutral luck is ignoring the significant added risk that the pool operator is assuming, and may be completely different from what is actually happening.  To expect a pool to have DDoS mitigation that can stop the botnet that hit BTC Guild, Deepbit, and Slush in the past, is insane.  There is no way a bitcoin pool can afford that level of service.

I don't know if its the same one hitting ABCPool, or if its a smaller fraction, but if its the same one, no host on the planet is going to be able to keep a bitcoin pool online during it.  Bitcoin mining itself is VERY DDOS-like.  You'd end up catching the majority of legit traffic as false positives.  At best you might keep the website portion online to let people know that the pool is down.

[kano]

I was under the assumption the pool operators were all driving Ferraris.

Are you suggesting my impression was wrong?

Nah it's the insurance premiums - they cost a regular fortune - would drive almost anyone with money broke.

[despoiler]

I guess I have to ask, since I'm curious: I'm going to guess a big chunk of your miners come from the same IPs, right? So, like, I'm sending you ~20GH/s from IP X.X.X.X. And BobTheMonkey is sending you 20GH/s from X.X.X.X, day in, day out. The log has to show that same traffic pretty constantly.

I have no idea what is required to prevent a DDOS, and I'm not about to claim I do. But in a fairly "small" operation like this (and, realistically, it is pretty small; you're looking at, what, ~550 or so clients connected?), couldn't you just whitelist all the "known" (or at least, say, the "big" known) IP addresses, and block everything else?

I'm assuming of course that only the pool.abcpool.co address is needed to allow mining, and the DDOS attack isn't screwing up something else on the back end.

I'm sure, 100% guaranteed, that my logic is wrong somewhere, but in a purely binary world, I assumed you could just block all traffic to that address except your "known" good miners (such as me, the most attractive member in the world).

You could do that if you didn't want any new users.  It would buy you time while you determine how to stop the DDOS.  Once you have a capture of the malicious traffic you can craft your policies to stop it. 

[eleuthria]

I guess I have to ask, since I'm curious: I'm going to guess a big chunk of your miners come from the same IPs, right? So, like, I'm sending you ~20GH/s from IP X.X.X.X. And BobTheMonkey is sending you 20GH/s from X.X.X.X, day in, day out. The log has to show that same traffic pretty constantly.

I have no idea what is required to prevent a DDOS, and I'm not about to claim I do. But in a fairly "small" operation like this (and, realistically, it is pretty small; you're looking at, what, ~550 or so clients connected?), couldn't you just whitelist all the "known" (or at least, say, the "big" known) IP addresses, and block everything else?

I'm assuming of course that only the pool.abcpool.co address is needed to allow mining, and the DDOS attack isn't screwing up something else on the back end.

I'm sure, 100% guaranteed, that my logic is wrong somewhere, but in a purely binary world, I assumed you could just block all traffic to that address except your "known" good miners (such as me, the most attractive member in the world).

You could do that if you didn't want any new users.  It would buy you time while you determine how to stop the DDOS.  Once you have a capture of the malicious traffic you can craft your policies to stop it. 

That would only work if you're at an ISP that will allow you to add a whitelist at their perimeter.  If the DDoSer has enough zombies, they will still take you offline because they can flood the switches in front of your server before a whitelist takes effect.

The largest attacks back in July were over 10 gigabits of traffic.  There are very few datacenters that can absorb that when its all headed towards a single internal IP, and even fewer datacenters that will actually allow that kind of traffic to come in without just blackholing you temporarily.

[Hotdog453]

Jesus, yeah, good point. If they're just flooding a single address like that, I'm sure Amazon would just shut them down before they could do any unique whitelisting.

I figured their user-base was fairly... "static", the same primary users generating a big chunk of the relatively small 500GH/s. If you could quickly and easily enough whitelist those users... at least you'd maintain a good chunk of service.

Obviously it'd screw over everyone NOT on that whitelist, but letting me some people mine is better than nothing.

[Brian DeLoach]

They seem to be back up.

[spiccioli]

They seem to be back up.

No, bad gateway trying to log in.

spiccioli

[bittenbob]

I can once again mine but am also getting the bad gateway message. Are there any plans on rolling back the fees since you said they were implemented because you had become reliable. I have lost about 15 hours of mining due to your outage. I will also take partial responsibility for this because I did not set a fallback pool.

[bittenbob]

I can now log in by my invalids are insane (5%). It would appear I would have been better to keep mining at Deepbit. I guess this is partly my fault for trying to use it so soon after a DDOS.

[JWU42]

Jumped on for just 10 minutes and no stale shares on a 1GH/s box.  Too short a timeframe to draw much conclusion but pleased to see it wasn't 5% rate...

[MintCondition]

Jumped on for just 10 minutes and no stale shares on a 1GH/s box.  Too short a timeframe to draw much conclusion but pleased to see it wasn't 5% rate...

Service levels are indeed back to normal since a few hours. Don't start celebrating yet, we still need to finish up the work on hardening the pool against these kind of events.

MC

[JWU42]

Confirmed - after 3 hours no invalid shares (0.0%).

[bittenbob]

No more new invalids. I am sitting at 3.25% right now.

[Update]
0 for the past 24 hours - have never seen it so low

[asdf2121]

down?   

[despoiler]

down?   

I'm on it right now.  Refresh was successful.