Mikellev (OP)
|
|
January 26, 2014, 12:20:47 PM Last edit: January 26, 2014, 05:13:04 PM by Mikellev |
|
Ok,
maybe some of you MPOS / stratum pool-ops is also attacked recently and knows the problem.
Attacks come and go, as the attacker wants to sell you his solution in form of a app. Price for poolerino.com was 80.000 Doge.
He wont sell the source just the compiled app, so we didnt buy it.
Edit: next attacker wants 200k doge..... see original mail below Edit2: This time they aint using Tor. Some Bot net.
Type of attacks:
Using TOR Network random exit points, so blocking the IP is useless. Sending thousand of wrong usernames to stratum so that stratum stresses the database to much and goes down.
Thank you for your support / help / ideas
Mike
|
|
|
|
ocminer
Legendary
Offline
Activity: 2702
Merit: 1240
|
|
January 26, 2014, 12:43:56 PM |
|
Hey Mike,
count me in, same problems here.
Done so far:
If a IP locks more than 2 accounts, it gets banned. Using geoip database to block suspicious IPs from countrys like the Philippines and so on, probably does not help much because of TOR. Added Re-Captcha's to sign-ups and logins. (done party, as I dont like this solution) IP Banning in Stratum much faster than the defaults, I'm banning already after 5 seconds of sending "nonsense" - which works quite well.
What is planned: Google Authenticator for all logins/payouts/adress changes/everything
Maybe we should start a Pool OP Forum for this - maybe even invite only, as the attackers read here too...
|
suprnova pools - reliable mining pools - #suprnova on freenet https://www.suprnova.cc - FOLLOW us @ Twitter ! twitter.com/SuprnovaPools
|
|
|
neter
Newbie
Offline
Activity: 37
Merit: 0
|
|
January 26, 2014, 12:50:04 PM |
|
as a band-aid to the problem, you might introduce memcached before the db connections so that it would be much more harder to stress the db behind.
as a permanent solution, in addition to memcached and such, you can use ddos protection. some ddos protection companies should have tor network protection too, but mandatory when choosing one.
|
|
|
|
Mikellev (OP)
|
|
January 26, 2014, 02:31:44 PM |
|
Hey Mike,
count me in, same problems here.
Done so far:
If a IP locks more than 2 accounts, it gets banned. Using geoip database to block suspicious IPs from countrys like the Philippines and so on, probably does not help much because of TOR. Added Re-Captcha's to sign-ups and logins. (done party, as I dont like this solution) IP Banning in Stratum much faster than the defaults, I'm banning already after 5 seconds of sending "nonsense" - which works quite well.
What is planned: Google Authenticator for all logins/payouts/adress changes/everything
Maybe we should start a Pool OP Forum for this - maybe even invite only, as the attackers read here too...
Hey, can you help us with your 2 accounts banned solution ? Sounds great , can you offer source for that ? Thank you in advance! Mike
|
|
|
|
Honourablequest
|
|
January 26, 2014, 02:59:51 PM |
|
Its a sad day when people resort to unethical behaviour to get some dogecoin - they should earn it like the rest of us! Keep up the good work to keep the pools working.
|
|
|
|
CartGeezer
|
|
January 26, 2014, 03:20:27 PM |
|
Some people are makers, some are takers. A pox on the latter.
|
CURE DEM DMD GPL HBN HYPER KED POT TEK THC - I'm such a PoS
|
|
|
|
Mikellev (OP)
|
|
January 26, 2014, 05:00:11 PM |
|
Received: by mail.poolerino.com (Postfix, from userid 33) id 67DF121010; Sun, 26 Jan 2014 17:40:54 +0100 (CET) To: support@poolerino.comThe Dogecoin - Poolerino Message, Zetatron Networks Sent you a message Senders Email: tarball@trash-mail.comSubject: End of attack Personal message: Hello Poolerino We are Zetatron Networks. Should we stop our attack against doge.poolerino.com? No Problem. Pay 200 000 DogeCoins to this address: DACcwM4buv5fsZeWPs3WZDovQHb4jnd1AW When we received, the attack will be stopped and never started again.
|
|
|
|
ocminer
Legendary
Offline
Activity: 2702
Merit: 1240
|
|
January 26, 2014, 05:43:08 PM |
|
Hey Mike,
count me in, same problems here.
Done so far:
If a IP locks more than 2 accounts, it gets banned. Using geoip database to block suspicious IPs from countrys like the Philippines and so on, probably does not help much because of TOR. Added Re-Captcha's to sign-ups and logins. (done party, as I dont like this solution) IP Banning in Stratum much faster than the defaults, I'm banning already after 5 seconds of sending "nonsense" - which works quite well.
What is planned: Google Authenticator for all logins/payouts/adress changes/everything
Maybe we should start a Pool OP Forum for this - maybe even invite only, as the attackers read here too...
Hey, can you help us with your 2 accounts banned solution ? Sounds great , can you offer source for that ? Thank you in advance! Mike Sure Mike, I'll get it into a source-friendly form and mail it to you, its currently quite a hack
|
suprnova pools - reliable mining pools - #suprnova on freenet https://www.suprnova.cc - FOLLOW us @ Twitter ! twitter.com/SuprnovaPools
|
|
|
jochem
Member
Offline
Activity: 84
Merit: 10
https://dgb.luckyminers.com
|
|
January 26, 2014, 05:57:03 PM |
|
Hey Mike,
count me in, same problems here.
Done so far:
If a IP locks more than 2 accounts, it gets banned. Using geoip database to block suspicious IPs from countrys like the Philippines and so on, probably does not help much because of TOR. Added Re-Captcha's to sign-ups and logins. (done party, as I dont like this solution) IP Banning in Stratum much faster than the defaults, I'm banning already after 5 seconds of sending "nonsense" - which works quite well.
What is planned: Google Authenticator for all logins/payouts/adress changes/everything
Maybe we should start a Pool OP Forum for this - maybe even invite only, as the attackers read here too...
Hey, can you help us with your 2 accounts banned solution ? Sounds great , can you offer source for that ? Thank you in advance! Mike Sure Mike, I'll get it into a source-friendly form and mail it to you, its currently quite a hack Count me in, sounds nice
|
Come mine Digibyte DDOS Protected Server!
|
|
|
Mikellev (OP)
|
|
January 27, 2014, 04:10:32 PM |
|
And now to the NEWS ! Until yesterday we got attacked by the famous "Zer0byte" team. Yes. We must be very important for them. Then, yesterday, we got attacked by "Zetatron Networks", as you can see in the post b4. but today, Zer0byte team (Im still wondering if these groups run around in superhero costumes..?!) send another mail: c3m0 Sent you a message Senders Email: stratum@poolers.comSubject: stratum attacks Personal message: Hello mike, my name is c3m0 from the Zer0byte team. I saw you crying @ https://bitcointalk.org/index.php?topic=432997 Let me tell u something... All the attacks we made were just testing whats possible. The attacks were done by a single machine (dualcore/ 2GB RAM /tor upstream). Now we got a hole botnet with over 100.000 machines. Way enough power to take down the hole dogecoin network. Zer0byte team was the inventor of this stratum exploit and we got a lot more varieties that can take down every pool setup. Just droped 4 loadbalanced stratum servers on teamdoge.de with a single 6 year old machine in 30 sec. So girls of "poolowners unite" got a fair offer for you: You pay 500.000 Dogecoin and we will publish the fix for this vulnerability. Open source. Attacks will stop. Including a tutorial how to secure stratum with kernel modules. Pls post this to this buthurt bitcointalk thread... and answer me there... expect us! c3m0 Well, I just did mail them that Zetatron Networks was lot cheaper. Can these guys pls get their stuff together and maybe reunite to some other cool name ?
|
|
|
|
zneww
|
|
January 27, 2014, 05:54:35 PM |
|
|
|
|
|
Mikellev (OP)
|
|
January 27, 2014, 10:22:41 PM |
|
and the next kid is playing with the ball > > > The Dogecoin - Poolerino Message, > > dimiturdimitrovpld Sent you a message > > Senders Email: dimiturdimitrovpld@gmail.com> > Subject: DDOS atack > > Personal message: > > If you want your servers back online pay 500 000 DOGE COINS TO THIS ADDRESS DDBLyPMpiM183dyobG9QvS9tQz4wbUipzE AS soon as the DOGE are received, we will stop the attack and never attack you in the next 1 year. You have 24 hours to respond.
|
|
|
|
|