Bitcoin Forum
December 14, 2024, 05:03:27 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: [1]
  Print  
Author Topic: [MPOS] [Sratum]These stratum attacks have to stop ! Poolowners unite.  (Read 3484 times)
Mikellev (OP)
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
January 26, 2014, 12:20:47 PM
Last edit: January 26, 2014, 05:13:04 PM by Mikellev
 #1

Ok,

maybe some of you MPOS / stratum pool-ops is also attacked recently and knows the problem.

Attacks come and go, as the attacker wants to sell you his solution in form of a app.
Price for poolerino.com was 80.000 Doge.

He wont sell the source just the compiled app, so we didnt buy it.

Edit: next attacker wants 200k doge..... see original mail below
Edit2: This time they aint using Tor. Some Bot net.

Type of attacks:

Using TOR Network random exit points, so blocking the IP is useless.
Sending thousand of wrong usernames to stratum so that stratum stresses the database to much and goes down.

Thank you for your support / help / ideas

Mike
ocminer
Legendary
*
Offline Offline

Activity: 2702
Merit: 1240



View Profile WWW
January 26, 2014, 12:43:56 PM
 #2

Hey Mike,

count me in, same problems here.

Done so far:

If a IP locks more than 2 accounts, it gets banned.
Using geoip database to block suspicious IPs from countrys like the Philippines and so on, probably does not help much because of TOR.
Added Re-Captcha's to sign-ups and logins. (done party, as I dont like this solution)
IP Banning in Stratum much faster than the defaults, I'm banning already after 5 seconds of sending "nonsense" - which works quite well.

What is planned:
Google Authenticator for all logins/payouts/adress changes/everything


Maybe we should start a Pool OP Forum for this - maybe even invite only, as the attackers read here too...

suprnova pools - reliable mining pools - #suprnova on freenet
https://www.suprnova.cc - FOLLOW us @ Twitter ! twitter.com/SuprnovaPools
neter
Newbie
*
Offline Offline

Activity: 37
Merit: 0


View Profile
January 26, 2014, 12:50:04 PM
 #3

as a band-aid to the problem, you might introduce memcached before the db connections so that it would be much more harder to stress the db behind.

as a permanent solution, in addition to memcached and such, you can use ddos protection. some ddos protection companies should have tor network protection too, but mandatory when choosing one.
Mikellev (OP)
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
January 26, 2014, 02:31:44 PM
 #4

Hey Mike,

count me in, same problems here.

Done so far:

If a IP locks more than 2 accounts, it gets banned.
Using geoip database to block suspicious IPs from countrys like the Philippines and so on, probably does not help much because of TOR.
Added Re-Captcha's to sign-ups and logins. (done party, as I dont like this solution)
IP Banning in Stratum much faster than the defaults, I'm banning already after 5 seconds of sending "nonsense" - which works quite well.

What is planned:
Google Authenticator for all logins/payouts/adress changes/everything


Maybe we should start a Pool OP Forum for this - maybe even invite only, as the attackers read here too...

Hey,

can you help us with your 2 accounts banned solution ? Sounds great , can you offer source for that ?

Thank you in advance!

Mike
Honourablequest
Full Member
***
Offline Offline

Activity: 149
Merit: 100


View Profile
January 26, 2014, 02:59:51 PM
 #5



Its a sad day when people resort to unethical behaviour to get some dogecoin - they should earn it like the rest of us!




Keep up the good work to keep the pools working.
CartGeezer
Sr. Member
****
Offline Offline

Activity: 272
Merit: 250


View Profile
January 26, 2014, 03:20:27 PM
 #6

Some people are makers, some are takers.  A pox on the latter.

CURE DEM DMD GPL HBN HYPER KED POT TEK  THC -   I'm such a PoS
aleks648
Full Member
***
Offline Offline

Activity: 230
Merit: 100


Bounty Manager


View Profile WWW
January 26, 2014, 03:53:30 PM
 #7

As the attacks are coming from tor might this help?
https://github.com/meltingwax/block-tor-iptables

Bounty Manager http://t.me/aleks648
Mikellev (OP)
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
January 26, 2014, 05:00:11 PM
 #8

Received: by mail.poolerino.com (Postfix, from userid 33)
   id 67DF121010; Sun, 26 Jan 2014 17:40:54 +0100 (CET)
To: support@poolerino.com

The Dogecoin - Poolerino Message,

Zetatron Networks Sent you a message

Senders Email: tarball@trash-mail.com

Subject: End of attack

Personal message:

Hello Poolerino We are Zetatron Networks. Should we stop our attack against doge.poolerino.com? No Problem. Pay 200 000 DogeCoins to this address: DACcwM4buv5fsZeWPs3WZDovQHb4jnd1AW When we received, the attack will be stopped and never started again.
ocminer
Legendary
*
Offline Offline

Activity: 2702
Merit: 1240



View Profile WWW
January 26, 2014, 05:43:08 PM
 #9

Hey Mike,

count me in, same problems here.

Done so far:

If a IP locks more than 2 accounts, it gets banned.
Using geoip database to block suspicious IPs from countrys like the Philippines and so on, probably does not help much because of TOR.
Added Re-Captcha's to sign-ups and logins. (done party, as I dont like this solution)
IP Banning in Stratum much faster than the defaults, I'm banning already after 5 seconds of sending "nonsense" - which works quite well.

What is planned:
Google Authenticator for all logins/payouts/adress changes/everything


Maybe we should start a Pool OP Forum for this - maybe even invite only, as the attackers read here too...

Hey,

can you help us with your 2 accounts banned solution ? Sounds great , can you offer source for that ?

Thank you in advance!

Mike

Sure Mike, I'll get it into a source-friendly form and mail it to you, its currently quite a hack Smiley

suprnova pools - reliable mining pools - #suprnova on freenet
https://www.suprnova.cc - FOLLOW us @ Twitter ! twitter.com/SuprnovaPools
jochem
Member
**
Offline Offline

Activity: 84
Merit: 10

https://dgb.luckyminers.com


View Profile WWW
January 26, 2014, 05:57:03 PM
 #10

Hey Mike,

count me in, same problems here.

Done so far:

If a IP locks more than 2 accounts, it gets banned.
Using geoip database to block suspicious IPs from countrys like the Philippines and so on, probably does not help much because of TOR.
Added Re-Captcha's to sign-ups and logins. (done party, as I dont like this solution)
IP Banning in Stratum much faster than the defaults, I'm banning already after 5 seconds of sending "nonsense" - which works quite well.

What is planned:
Google Authenticator for all logins/payouts/adress changes/everything


Maybe we should start a Pool OP Forum for this - maybe even invite only, as the attackers read here too...

Hey,

can you help us with your 2 accounts banned solution ? Sounds great , can you offer source for that ?

Thank you in advance!

Mike

Sure Mike, I'll get it into a source-friendly form and mail it to you, its currently quite a hack Smiley


Count me in, sounds nice Smiley

Come mine Digibyte  DDOS Protected Server!
Mikellev (OP)
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
January 27, 2014, 04:10:32 PM
 #11

And now to the NEWS !

Until yesterday we got attacked by the famous "Zer0byte" team. Yes. We must be very important for them.

Then, yesterday, we got attacked by "Zetatron Networks", as you can see in the post b4.

but today, Zer0byte team (Im still wondering if these groups run around in superhero costumes..?!) send another mail:

Quote
c3m0 Sent you a message

Senders Email: stratum@poolers.com

Subject: stratum attacks

Personal message:

Hello mike, my name is c3m0 from the Zer0byte team. I saw you crying @ https://bitcointalk.org/index.php?topic=432997 Let me tell u something... All the attacks we made were just testing whats possible. The attacks were done by a single machine (dualcore/ 2GB RAM /tor upstream). Now we got a hole botnet with over 100.000 machines. Way enough power to take down the hole dogecoin network. Zer0byte team was the inventor of this stratum exploit and we got a lot more varieties that can take down every pool setup. Just droped 4 loadbalanced stratum servers on teamdoge.de with a single 6 year old machine in 30 sec. So girls of "poolowners unite" got a fair offer for you: You pay 500.000 Dogecoin and we will publish the fix for this vulnerability. Open source. Attacks will stop. Including a tutorial how to secure stratum with kernel modules. Pls post this to this buthurt bitcointalk thread... and answer me there... expect us! c3m0


Well, I just did mail them that Zetatron Networks was lot cheaper.

Can these guys pls get their stuff together and maybe reunite to some other cool name ?
zneww
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250



View Profile
January 27, 2014, 05:54:35 PM
 #12

Mikellev (OP)
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
January 27, 2014, 10:22:41 PM
 #13

and the next kid is playing with the ball

>
>
> The Dogecoin - Poolerino Message,
>
> dimiturdimitrovpld Sent you a message
>
> Senders Email: dimiturdimitrovpld@gmail.com
>
> Subject: DDOS atack
>
> Personal message:
>
> If you want your servers back online pay 500 000 DOGE COINS TO THIS ADDRESS DDBLyPMpiM183dyobG9QvS9tQz4wbUipzE AS soon as the DOGE are received, we will stop the attack and never attack you in the next 1 year. You have 24 hours to respond.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!