[MPOS] [Sratum]These stratum attacks have to stop ! Poolowners unite.

[Mikellev]

Ok,

maybe some of you MPOS / stratum pool-ops is also attacked recently and knows the problem.

Attacks come and go, as the attacker wants to sell you his solution in form of a app.
Price for poolerino.com was 80.000 Doge.

He wont sell the source just the compiled app, so we didnt buy it.

Edit: next attacker wants 200k doge..... see original mail below
Edit2: This time they aint using Tor. Some Bot net.

Type of attacks:

Using TOR Network random exit points, so blocking the IP is useless.
Sending thousand of wrong usernames to stratum so that stratum stresses the database to much and goes down.

Thank you for your support / help / ideas

Mike

[1715570275]

1715570275

[1715570275]

1715570275

[1715570275]

1715570275

[1715570275]

1715570275

[1715570275]

1715570275

[ocminer]

Hey Mike,

count me in, same problems here.

Done so far:

If a IP locks more than 2 accounts, it gets banned.
Using geoip database to block suspicious IPs from countrys like the Philippines and so on, probably does not help much because of TOR.
Added Re-Captcha's to sign-ups and logins. (done party, as I dont like this solution)
IP Banning in Stratum much faster than the defaults, I'm banning already after 5 seconds of sending "nonsense" - which works quite well.

What is planned:
Google Authenticator for all logins/payouts/adress changes/everything


Maybe we should start a Pool OP Forum for this - maybe even invite only, as the attackers read here too...

[neter]

as a band-aid to the problem, you might introduce memcached before the db connections so that it would be much more harder to stress the db behind.

as a permanent solution, in addition to memcached and such, you can use ddos protection. some ddos protection companies should have tor network protection too, but mandatory when choosing one.

[Mikellev]

Hey Mike,

count me in, same problems here.

Done so far:

If a IP locks more than 2 accounts, it gets banned.
Using geoip database to block suspicious IPs from countrys like the Philippines and so on, probably does not help much because of TOR.
Added Re-Captcha's to sign-ups and logins. (done party, as I dont like this solution)
IP Banning in Stratum much faster than the defaults, I'm banning already after 5 seconds of sending "nonsense" - which works quite well.

What is planned:
Google Authenticator for all logins/payouts/adress changes/everything


Maybe we should start a Pool OP Forum for this - maybe even invite only, as the attackers read here too...

Hey,

can you help us with your 2 accounts banned solution ? Sounds great , can you offer source for that ?

Thank you in advance!

Mike

[Honourablequest]

Its a sad day when people resort to unethical behaviour to get some dogecoin - they should earn it like the rest of us!




Keep up the good work to keep the pools working.

[CartGeezer]

Some people are makers, some are takers.  A pox on the latter.

[aleks648]

As the attacks are coming from tor might this help?
https://github.com/meltingwax/block-tor-iptables

[Mikellev]

Received: by mail.poolerino.com (Postfix, from userid 33)
   id 67DF121010; Sun, 26 Jan 2014 17:40:54 +0100 (CET)
To: support@poolerino.com

The Dogecoin - Poolerino Message,

Zetatron Networks Sent you a message

Senders Email: tarball@trash-mail.com

Subject: End of attack

Personal message:

Hello Poolerino We are Zetatron Networks. Should we stop our attack against doge.poolerino.com? No Problem. Pay 200 000 DogeCoins to this address: DACcwM4buv5fsZeWPs3WZDovQHb4jnd1AW When we received, the attack will be stopped and never started again.

[ocminer]

Hey Mike,

count me in, same problems here.

Done so far:

If a IP locks more than 2 accounts, it gets banned.
Using geoip database to block suspicious IPs from countrys like the Philippines and so on, probably does not help much because of TOR.
Added Re-Captcha's to sign-ups and logins. (done party, as I dont like this solution)
IP Banning in Stratum much faster than the defaults, I'm banning already after 5 seconds of sending "nonsense" - which works quite well.

What is planned:
Google Authenticator for all logins/payouts/adress changes/everything


Maybe we should start a Pool OP Forum for this - maybe even invite only, as the attackers read here too...

Hey,

can you help us with your 2 accounts banned solution ? Sounds great , can you offer source for that ?

Thank you in advance!

Mike

Sure Mike, I'll get it into a source-friendly form and mail it to you, its currently quite a hack

[jochem]

Hey Mike,

count me in, same problems here.

Done so far:

If a IP locks more than 2 accounts, it gets banned.
Using geoip database to block suspicious IPs from countrys like the Philippines and so on, probably does not help much because of TOR.
Added Re-Captcha's to sign-ups and logins. (done party, as I dont like this solution)
IP Banning in Stratum much faster than the defaults, I'm banning already after 5 seconds of sending "nonsense" - which works quite well.

What is planned:
Google Authenticator for all logins/payouts/adress changes/everything


Maybe we should start a Pool OP Forum for this - maybe even invite only, as the attackers read here too...

Hey,

can you help us with your 2 accounts banned solution ? Sounds great , can you offer source for that ?

Thank you in advance!

Mike

Sure Mike, I'll get it into a source-friendly form and mail it to you, its currently quite a hack

Count me in, sounds nice

[Mikellev]

And now to the NEWS !

Until yesterday we got attacked by the famous "Zer0byte" team. Yes. We must be very important for them.

Then, yesterday, we got attacked by "Zetatron Networks", as you can see in the post b4.

but today, Zer0byte team (Im still wondering if these groups run around in superhero costumes..?!) send another mail:

c3m0 Sent you a message

Senders Email: stratum@poolers.com

Subject: stratum attacks

Personal message:

Hello mike, my name is c3m0 from the Zer0byte team. I saw you crying @ https://bitcointalk.org/index.php?topic=432997 Let me tell u something... All the attacks we made were just testing whats possible. The attacks were done by a single machine (dualcore/ 2GB RAM /tor upstream). Now we got a hole botnet with over 100.000 machines. Way enough power to take down the hole dogecoin network. Zer0byte team was the inventor of this stratum exploit and we got a lot more varieties that can take down every pool setup. Just droped 4 loadbalanced stratum servers on teamdoge.de with a single 6 year old machine in 30 sec. So girls of "poolowners unite" got a fair offer for you: You pay 500.000 Dogecoin and we will publish the fix for this vulnerability. Open source. Attacks will stop. Including a tutorial how to secure stratum with kernel modules. Pls post this to this buthurt bitcointalk thread... and answer me there... expect us! c3m0

Well, I just did mail them that Zetatron Networks was lot cheaper.

Can these guys pls get their stuff together and maybe reunite to some other cool name ?

[zneww]

[Mikellev]

and the next kid is playing with the ball

>
>
> The Dogecoin - Poolerino Message,
>
> dimiturdimitrovpld Sent you a message
>
> Senders Email: dimiturdimitrovpld@gmail.com
>
> Subject: DDOS atack
>
> Personal message:
>
> If you want your servers back online pay 500 000 DOGE COINS TO THIS ADDRESS DDBLyPMpiM183dyobG9QvS9tQz4wbUipzE AS soon as the DOGE are received, we will stop the attack and never attack you in the next 1 year. You have 24 hours to respond.