[POOL][Scrypt][Scrypt-N][X11] Profit switching pool - wafflepool.com

[comeonalready]

Whoever is seeing the DNS issues, can you post what your DNS is, any any lookups and results for our endpoints?  We haven't changed anything in terms of DNS in weeks, and its very disconcerting that multiple people are seeing this.

Name:   uswest.wafflepool.com
Address: 192.241.211.125
Name:   useast.wafflepool.com
Address: 162.243.89.19
Name:   eu.wafflepool.com
Address: 95.85.61.208

all VIA ISP DNS (I'd rather not say who)

The next time the problem occurs I'll give you a network capture of it!

Please do, I've got an email from another person seeing the same thing (disconnect after a while and on reconnect, getting a different pool entirely).  Which is very disconcerting....

pw, I sent you a pm containing some information that I decided not to leave posted publicly, as whoever is responsible for this is likely reading this thread.

since it is obvious that some one compiled cgminer or sgminer with a worm within, you probably should publicly post it here. and after that we will find the trojan link. omg do you think it is deeper... in wifi router's dns settings ?

I do not believe that to be the case.  But if it were a dns hack, cgminer or most other miner software would still continue to display x.wafflepool.com as the pool server name, and it would simply resolve to another ip address underneath.  If cgminer or other miner software shows the unexpected ip address as the server name, then something else must be the cause.  I suggested one possibility to pw, but he considered it to be unlikely.  We'll see.

[1714258158]

1714258158

[1714258158]

1714258158

[1714258158]

1714258158

[1714258158]

1714258158

[Cru]

When I looked this morning, it was still showing useast.wafflepool.com as the site where I was submitting shares.

[lagster]

What is strange with my Hosted GridSpeed connected to Waffle East is my hash rate shows 0 but my Earned and unconverted keeps growing???  What the heck??

why dont you ask gridseed manages? 98.8% of people in here do not like your kind as much as thier first hangover.

[JHammer]

What is strange with my Hosted GridSpeed connected to Waffle East is my hash rate shows 0 but my Earned and unconverted keeps growing???  What the heck??

why dont you ask gridseed manages? 98.8% of people in here do not like your kind as much as thier first hangover.

I have.. But if its a Pool issue its not their issue..

And yea I could see how people would not like me considering I am getting Free hosting including free electricity and Internet..

I dont care what people like or dont like..

[o_oo_o]

both my miners had switched to 206.223.224.2 - cgminer (bamt) and cudaminer (win7), both rigs using google public dns 8.8.8.8.

Doing lookup on the bad ip:

nslookup 206.223.224.2
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    true.fiberpimp.net
Address:  206.223.224.2



wafflepool now resolves properly:

nslookup useast.wafflepool.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    useast.wafflepool.com
Address:  162.243.89.19

While that sounds conclusive on the surface, did you ever run "nslookup useast.wafflepool.com" on dns server 8.8.8.8 and receive address 206.223.224.2 as a result?  And wasn't it 206.223.224.225 that we are all talking about?

No, right now it seems the us wafflepool.com endpoints are resolving properly when using google's dns:

nslookup useast.wafflepool.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    useast.wafflepool.com
Address:  162.243.89.19

nslookup uswest.wafflepool.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    uswest.wafflepool.com
Address:  192.241.211.125

I'm assuming that when my miners went down, there was a DNS hijack taking place and if you'd tried resolving wafflepool at that point, you'd get the bad IP's.  Looks like currently things are back to normal but I suggest keeping a close eye on your miners, maybe even direct setting the endpoint IP's in cgminer.conf in case this attack starts back up.

[Cru]

both my miners had switched to 206.223.224.2 - cgminer (bamt) and cudaminer (win7), both rigs using google public dns 8.8.8.8.

Doing lookup on the bad ip:

nslookup 206.223.224.2
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    true.fiberpimp.net
Address:  206.223.224.2



wafflepool now resolves properly:

nslookup useast.wafflepool.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    useast.wafflepool.com
Address:  162.243.89.19

While that sounds conclusive on the surface, did you ever run "nslookup useast.wafflepool.com" on dns server 8.8.8.8 and receive address 206.223.224.2 as a result?  And wasn't it 206.223.224.225 that we are all talking about?

No, right now it seems the us wafflepool.com endpoints are resolving properly when using google's dns:

nslookup useast.wafflepool.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    useast.wafflepool.com
Address:  162.243.89.19

nslookup uswest.wafflepool.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    uswest.wafflepool.com
Address:  192.241.211.125

I'm assuming that when my miners went down, there was a DNS hijack taking place and if you'd tried resolving wafflepool at that point, you'd get the bad IP's.  Looks like currently things are back to normal but I suggest keeping a close eye on your miners, maybe even direct setting the endpoint IP's in cgminer.conf in case this attack starts back up.

I am completed illiterate when it comes to this kind of stuff.  What is the consensus here, is it something wrong on our machines/network or something wrong with Wafflepool? Or something that is in between?

[comeonalready]

both my miners had switched to 206.223.224.2 - cgminer (bamt) and cudaminer (win7), both rigs using google public dns 8.8.8.8.

Doing lookup on the bad ip:

nslookup 206.223.224.2
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    true.fiberpimp.net
Address:  206.223.224.2



wafflepool now resolves properly:

nslookup useast.wafflepool.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    useast.wafflepool.com
Address:  162.243.89.19

While that sounds conclusive on the surface, did you ever run "nslookup useast.wafflepool.com" on dns server 8.8.8.8 and receive address 206.223.224.2 as a result?  And wasn't it 206.223.224.225 that we are all talking about?

No, right now it seems the us wafflepool.com endpoints are resolving properly when using google's dns:

nslookup useast.wafflepool.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    useast.wafflepool.com
Address:  162.243.89.19

nslookup uswest.wafflepool.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    uswest.wafflepool.com
Address:  192.241.211.125

I'm assuming that when my miners went down, there was a DNS hijack taking place and if you'd tried resolving wafflepool at that point, you'd get the bad IP's.  Looks like currently things are back to normal but I suggest keeping a close eye on your miners, maybe even direct setting the endpoint IP's in cgminer.conf in case this attack starts back up.

Assumptions make poor foundations upon which to build any theory.  Though hard coding ip addresses will circumvent the problem for now, it may cause unexpected outages in the future if pw reconfigures the server network.

[lagster]

since it is obvious that some one compiled cgminer or sgminer with a worm within, you probably should publicly post it here. and after that we will find the trojan link. omg do you think it is deeper... in wifi router's dns settings ?

I do not believe that to be the case.  But if it were a dns hack, cgminer or most other miner software would still continue to display x.wafflepool.com as the pool server name, and it would simply resolve to another ip address underneath.  If cgminer or other miner software shows the unexpected ip address as the server name, then something else must be the cause.  I suggested one possibility to pw, but he considered it to be unlikely.  We'll see.

there is a 50% possibility (either yes or no) that fbi cдeлaлo eмy пpeдлoжeниe oт кoтopoгo нeльзя oткaзaтьcя? ))

[Gentso1]

What is strange with my Hosted GridSpeed connected to Waffle East is my hash rate shows 0 but my Earned and unconverted keeps growing???  What the heck??

why dont you ask gridseed manages? 98.8% of people in here do not like your kind as much as thier first hangover.

I have.. But if its a Pool issue its not their issue..

And yea I could see how people would not like me considering I am getting Free hosting including free electricity and Internet..

I dont care what people like or dont like..

I also have some hosted gridseeds and have send my hash rate from from 3-3.5 to 1.25mh/s in the past hour. I have emailed GAW and waiting to make sure everything is good on there end.

Did you get any answer from GAW?

[JHammer]

GAWMiners restart my Hosted units and looks good now..  

Edit:  Yes Bill Just got on mine and they look to be restarting..

[lagster]

What is strange with my Hosted GridSpeed connected to Waffle East is my hash rate shows 0 but my Earned and unconverted keeps growing???  What the heck??

why dont you ask gridseed manages? 98.8% of people in here do not like your kind as much as thier first hangover.

I have.. But if its a Pool issue its not their issue..
And yea I could see how people would not like me considering I am getting Free hosting including free electricity and Internet..
I dont care what people like or dont like..

and why would you care for their help then?
how can it be a pool issue if their 22+ghs are jumping on and off at will?

[o_oo_o]

Assumptions make poor foundations upon which to build any theory.  Though hard coding ip addresses will circumvent the problem for now, it may cause unexpected outages in the future if pw reconfigures the server network.

Sorry, I take back the word assumption if you're going to be semantic. 

Here's what I've seen, which I'm using to create my "theory":  I have 2 mining setups, both pointing to useast.wafflepool.com.  The two systems use different miners, one is using cgminer running under BAMT, the other is using cudaminer under win7.  Both systems are NAT'd behind a router running dd-wrt. 

With the difference in miners / systems, I don't think someone trojaning both my systems with different miners / OS's / authentications at the same time is likely.  With other people reporting the same issue, it makes a lot of sense that some sort of DNS hijack took place. 

I agree with you and don't recommend people hardcode an IP in their miner configs for long term use, but for the immediate future it would negate any sort of DNS issues should they continue.

[comeonalready]

Assumptions make poor foundations upon which to build any theory.  Though hard coding ip addresses will circumvent the problem for now, it may cause unexpected outages in the future if pw reconfigures the server network.

Sorry, I take back the word assumption if you're going to be semantic.  

Here's what I've seen, which I'm using to create my "theory":  I have 2 mining setups, both pointing to useast.wafflepool.com.  The two systems use different miners, one is using cgminer running under BAMT, the other is using cudaminer under win7.  Both systems are NAT'd behind a router running dd-wrt.  

With the difference in miners / systems, I don't think someone trojaning both my systems with different miners / OS's / authentications at the same time is likely.  With other people reporting the same issue, it makes a lot of sense that some sort of DNS hijack took place.  

I agree with you and don't recommend people hardcode an IP in their miner configs for long term use, but for the immediate future it would negate any sort of DNS issues should they continue.

I never suggested anyone infiltrated your systems with a trojan, and to rush to judgment that nothing else can be responsible other than a dns hijack, is a leap using poor reasoning.

Google "stratum client.reconnect", and notice that even if ip addresses are hard coded, you could still be vulnerable to this potential attack vector.

But as this would suggest a pool server vulnerability, I kept it private for a while to give pw a chance to collect whatever information he could to confirm or eliminate this possibility.

In simple English, within the legitimate code of most stratum mining software is a command called client.reconnect that can be issued by the server to tell any miner to switch to another server and port.  If a pool server vulnerability had been found and exploited, it would be possible to send your miner a client.reconnect command to go mine elsewhere, anywhere.

Here is a snippet from ckolivas/cgminer 3.7.2 code:


   if (!strncasecmp(buf, "client.reconnect", 16) && parse_reconnect(pool, params)) {
      ret = true;
      return ret;
   }


static bool parse_reconnect(struct pool *pool, json_t *val)
{
   char *url, *port, address[256];

   memset(address, 0, 255);
   url = (char *)json_string_value(json_array_get(val, 0));
   if (!url)
      url = pool->sockaddr_url;

   port = (char *)json_string_value(json_array_get(val, 1));
   if (!port)
      port = pool->stratum_port;

   sprintf(address, "%s:%s", url, port);

   if (!extract_sockaddr(address, &pool->sockaddr_url, &pool->stratum_port))
      return false;

   pool->stratum_url = pool->sockaddr_url;

   applog(LOG_NOTICE, "Reconnect requested from pool %d to %s", pool->pool_no, address);

   if (!restart_stratum(pool))
      return false;

   return true;
}


For those of you affected by the problem with detailed cgminer logs, (from cgminer/sgminer, not cgwatcher as it does not log such messages), may I suggest that you search for "reconnect requested" messages for any possible evidence of this method being used.

[JHammer]

What is strange with my Hosted GridSpeed connected to Waffle East is my hash rate shows 0 but my Earned and unconverted keeps growing???  What the heck??

why dont you ask gridseed manages? 98.8% of people in here do not like your kind as much as thier first hangover.

I have.. But if its a Pool issue its not their issue..
And yea I could see how people would not like me considering I am getting Free hosting including free electricity and Internet..
I dont care what people like or dont like..

and why would you care for their help then?
how can it be a pool issue if their 22+ghs are jumping on and off at will?

ummmmm  How about you read the 25 post before this one???  before you open your mouth..

[miless2111s]

What is strange with my Hosted GridSpeed connected to Waffle East is my hash rate shows 0 but my Earned and unconverted keeps growing???  What the heck??

why dont you ask gridseed manages? 98.8% of people in here do not like your kind as much as thier first hangover.

I have.. But if its a Pool issue its not their issue..

And yea I could see how people would not like me considering I am getting Free hosting including free electricity and Internet..

I dont care what people like or dont like..

Is this some sort of gridseed deal or are you just able to stick them into a works server room?
Thanks
Miles

[JHammer]

What is strange with my Hosted GridSpeed connected to Waffle East is my hash rate shows 0 but my Earned and unconverted keeps growing???  What the heck??

why dont you ask gridseed manages? 98.8% of people in here do not like your kind as much as thier first hangover.

I have.. But if its a Pool issue its not their issue..

And yea I could see how people would not like me considering I am getting Free hosting including free electricity and Internet..

I dont care what people like or dont like..

Is this some sort of gridseed deal or are you just able to stick them into a works server room?
Thanks
Miles

I dont work for them and dont want to get flamed by all the silly noobs on this site.

But it is GAWMiners     Look them up if you want. They have been offering free hosting..   I got a 20 pack yesterday during the day, and was up and hashing last night

[comeonalready]

What is strange with my Hosted GridSpeed connected to Waffle East is my hash rate shows 0 but my Earned and unconverted keeps growing???  What the heck??

why dont you ask gridseed manages? 98.8% of people in here do not like your kind as much as thier first hangover.

I have.. But if its a Pool issue its not their issue..

And yea I could see how people would not like me considering I am getting Free hosting including free electricity and Internet..

I dont care what people like or dont like..

Is this some sort of gridseed deal or are you just able to stick them into a works server room?
Thanks
Miles

I dont work for them and dont want to get flamed by all the silly noobs on this site.

But it is GAWMiners     Look them up if you want. They have been offering free hosting..   I got a 20 pack yesterday during the day, and was up and hashing last night

Why would anyone spend $2000 on 3000-3400MH/s of scrypt mining power when it will take over 200 days to recoup the hardware cost at today's script coin values -- even with free electricity thrown in on the deal?  The writing is on the wall.  The profitability of scrypt mining is on the decline.  It will take much longer than 200 days to pay for that hardware, if you ever do.  At some point gaw will just decide to ship that equipment to you for free in order to remain profitable themselves.  Miners using GPUs will be able to switch to another algorithm to keep going for a little longer. but those gridseeds only become nice decorations.

The many mining booms in history (gold, silver, uranium, whatever) have shown that it is the suppliers to miners that earn the most profits from the boom.  And in the case of cryptocoin mining, the electricity companies too!

[comeonalready]

The aspect of all these cryptocoins that we have been mining that most amuses me is the "halvening" ratio of decreasing number of coins rewarded per block at predetermined block height intervals.  That is, for the first x number of blocks, the number of coins in each of those blocks is y, and then for the next x number of blocks, the number of coins in each of those blocks is y/2, and so on to y/4 and y/8, etc.

If we were to build an actual physical structure for which the length of each of its four outer walls followed the same formula -- where the width of the each new level built upwards in height were half the width of the level below it, what would this structure ultimately resemble?!

[JHammer]

What is strange with my Hosted GridSpeed connected to Waffle East is my hash rate shows 0 but my Earned and unconverted keeps growing???  What the heck??

why dont you ask gridseed manages? 98.8% of people in here do not like your kind as much as thier first hangover.

I have.. But if its a Pool issue its not their issue..

And yea I could see how people would not like me considering I am getting Free hosting including free electricity and Internet..

I dont care what people like or dont like..

Is this some sort of gridseed deal or are you just able to stick them into a works server room?
Thanks
Miles

I dont work for them and dont want to get flamed by all the silly noobs on this site.

But it is GAWMiners     Look them up if you want. They have been offering free hosting..   I got a 20 pack yesterday during the day, and was up and hashing last night

Why would anyone spend $2000 on 3000-3400MH/s of scrypt mining power when it will take over 200 days to recoup the hardware cost at today's script coin values -- even with free electricity thrown in on the deal?  The writing is on the wall.  The profitability of scrypt mining is on the decline.  It will take much longer than 200 days to pay for that hardware, if you ever do.  At some point gaw will just decide to ship that equipment to you for free in order to remain profitable themselves.  Miners using GPUs will be able to switch to another algorithm to keep going for a little longer. but those gridseeds only become nice decorations.

The many mining booms in history (gold, silver, uranium, whatever) have shown that it is the suppliers to miners that earn the most profits from the boom.  And in the case of cryptocoin mining, the electricity companies too!

Yes..  I was told this same thing when I got into GPU mining in Mid 2013..  Go figure..  

I believe at the worst case, I will recoup..   But things change, pools evolve and I do believe some folks have been saying GPU mining has been dead since.. Oh lets see, early 2013???

[lagster]

What is strange with my Hosted GridSpeed connected to Waffle East is my hash rate shows 0 but my Earned and unconverted keeps growing???  What the heck??

why dont you ask gridseed manages? 98.8% of people in here do not like your kind as much as thier first hangover.

I have.. But if its a Pool issue its not their issue..
And yea I could see how people would not like me considering I am getting Free hosting including free electricity and Internet..
I dont care what people like or dont like..

and why would you care for their help then?
how can it be a pool issue if their 22+ghs are jumping on and off at will?

ummmmm  How about you read the 25 post before this one???  before you open your mouth..

you never provided enough details about your problem. you could probably get better results with pmsing the only person who is interested in you - pw or reading few previous posts by yourself rather than pointing me there..