[POOL][Scrypt][Scrypt-N][X11] Profit switching pool - wafflepool.com

[GalacticMiningCorp]

Interestingly enough, I don't have a pool 2 defined. I have uswest.poolwaffle.com and useast.poolwaffle.com as the only 2 pools defined (unless the log isn't zero-indexed for the pools - I haven't looked at that part of the code)

[poolwaffle]

ummmmm  Payouts sent a while back and still have not showed up in my wallet...  Are our payments now being Hijacked?

Or is there just a delay?

Please run a re-index on your wallet, payments should be fine.

[utahjohn]

If you're using cgminer, start it with 2>cgminer.log to enable logging to a file. I did this and found the following line in the log after two of my rigs were highjacked:

 [2014-03-23 11:34:15] Reconnect requested from pool 2 to 190.97.165.179:3333

If you've compiled your own cgminer source, you can disable the reconnect command. Open util.c and look for this around line 1668:

Code:

static bool parse_reconnect(struct pool *pool, json_t *val)
{
        char *url, *port, address[256];

Right below the opening curly bracket enter:

Code:

static bool parse_reconnect(struct pool *pool, json_t *val)
{
        return false;
        char *url, *port, address[256];

Recompile cgminer and re-run it. It should now ignore any client.reconnect messages from stratum.

Note: I'm still testing this out. This is fly-by-the-seat-of-my-pants work right now, so I'm not sure of the possible implications on how this might affect legit client.reconnect messages, although PW says wafflepool doesn't use this feature.

Can someone compile a windows x86-64 binary for cgminer-kalroth with this fix in it and provide a link to binary please

[minedit]

If you're using cgminer, start it with 2>cgminer.log to enable logging to a file. I did this and found the following line in the log after two of my rigs were highjacked:

 [2014-03-23 11:34:15] Reconnect requested from pool 2 to 190.97.165.179:3333

If you've compiled your own cgminer source, you can disable the reconnect command. Open util.c and look for this around line 1668:

Code:

static bool parse_reconnect(struct pool *pool, json_t *val)
{
        char *url, *port, address[256];

Right below the opening curly bracket enter:

Code:

static bool parse_reconnect(struct pool *pool, json_t *val)
{
        return false;
        char *url, *port, address[256];

Recompile cgminer and re-run it. It should now ignore any client.reconnect messages from stratum.

Note: I'm still testing this out. This is fly-by-the-seat-of-my-pants work right now, so I'm not sure of the possible implications on how this might affect legit client.reconnect messages, although PW says wafflepool doesn't use this feature.

I just did this, on linux (sorry guy above me, I can't send you the binaries). CGminer works ok.  I only wander if it would be safer to do 'return true;' than 'return false;'.

The diffeence would be at auth_stratum method:

Code:

	/* Parse all data in the queue and anything left should be auth */
	while (42) {
		sret = recv_line(pool);
		if (!sret)
			return ret;
		if (parse_method(pool, sret))
			free(sret);
		else
			break;
	}

Returning false would make it break, and not read the next line with recv_line(pool), I don't know the code enough to guess if that means it would skip some valid stratum commands.

All in all I like your solution, gotta love opensource software, just because of situations like this.

[notbatman]

I'm on multipool.us and all 3 of my miners got hijacked and redirected to 190.97.165.179 

[utahjohn]

If you who know more than I do about coding and can provide a fix for the reconnect issue it would be a major feather in the hat for wafflepool and would probably draw a lot more miners to our pool

[JHammer]

ummmmm  Payouts sent a while back and still have not showed up in my wallet...  Are our payments now being Hijacked?

Or is there just a delay?

Please run a re-index on your wallet, payments should be fine.

I have a web based Wallet and just looked through all the options and dont see an option to Re-Index..  Any other suggestions?  Up until just now, payments arrived in my wallet very fast..


p.s.  I even logged out of my wallet and back in..  Nothing..

[anden]

OK I just got hijacked to, but there was a user name mining at hashco called milone, isnt that the name of the person running cgwatcher?  Is everyone who has been jacked running cgwatcher?  I dont even mine there either.

http://i51.photobucket.com/albums/f380/smorrow5773/hijack.jpg

[minedout]

OK I just got hijacked to, but there was a user name mining at hashco called milone, isnt that the name of the person running cgwatcher?  Is everyone who has been jacked running cgwatcher?  I dont even mine there either.

Milone is the guy who created CGRemote and CGWatcher.

Guess you guys are automatically donating to him. hahahaha


Some more info:

https://bitcointalk.org/index.php?topic=495295.0

Looks like he has a hidden donate.

[minedit]

Not using cgwatcher...we might have different problems. My username stayed the same.

[fcmatt]

You prob did not disable some auto donate check box in the software.... Prob perfectly normal.

[utahjohn]

just fired off an email to kalroth gmail about what is happening, he probably has a better understanding about what can be done to solve this redirect problem as he is actively developing his fork of cgminer ...

[GalacticMiningCorp]

Returning false would make it break, and not read the next line with recv_line(pool), I don't know the code enough to guess if that means it would skip some valid stratum commands.

All in all I like your solution, gotta love opensource software, just because of situations like this.

You're right. In fact, I made it even simpler by just commenting out line 1686

Code:

//pool->stratum_url = pool->sockaddr_url;

This is the line that assigns the new pool url.

[Kalroth]

just fired off an email to kalroth@gmail.com about what is happening, he probably has a better understanding about what can be done to solve this redirect problem as he is actively developing his fork of cgminer ...

There's not much I can do other than disable the reconnect code, which several individuals already have done.
I'll do a quick update of my github and binaries soon enough.

From a quick glance, it looks like someone found a way to send a spoofed* JSON packet to stratum pools, which makes the pool send a redirect request to (some of?) its clients.
It does not look like it's a bug in the client software, merely an unfortunate feature.

* http://en.wikipedia.org/wiki/IP_address_spoofing

[JHammer]

ummmmm  Payouts sent a while back and still have not showed up in my wallet...  Are our payments now being Hijacked?

Or is there just a delay?

Please run a re-index on your wallet, payments should be fine.

I have a web based Wallet and just looked through all the options and dont see an option to Re-Index..  Any other suggestions?  Up until just now, payments arrived in my wallet very fast..


p.s.  I even logged out of my wallet and back in..  Nothing..

Hopefully just a coincidence as I can look up and see the TxNid's on the site of my wallet.....  So I assume issue or delay on the side of the Web based Wallet..   I have emailed them..


Sorry but with everything going on right now, I am scared to even answer my front door..

 

[utahjohn]

Someone needs to let the dev's of sgminer know also because I think I read somewhere that they are pulling from kalroth github ...

[Kalroth]

Someone needs to let the dev's of sgminer know also because I think I read somewhere that they are pulling from kalroth github ...

Veox selectively pulls from my branch, at least he used to when I was more active. Regardless, this is a minor change to the client and it is easy to implement.
I'm more worried about the stratum server software, if this exploit really is so widespread.

Regardless, I made a quick fix to my branch and the binaries on my page are also updated.
https://github.com/Kalroth/cgminer-3.7.2-kalroth/commit/d78f8c896010049a06275db13a2816c0e201e41e
http://k-dev.net/cgminer/

QUICK FIX: I've added a --no-client-reconnect command to disable the 'client.reconnect'
stratum functionality in the client. It looks like there's an exploit that abuses said command,
but it is still not clear exactly how.

There's also an additional message when the reconnect happens: "WARNING: POTENTIAL
CLIENT.EXPLOIT!", but it requires you to be actively monitoring your log to catch it, and in
which case you already get a "Reconnect requested from Pool 0 to 127.0.0.1" message.

Note that disabling 'client.reconnect' might affect some pools that rely on the feature, like
pools that you lease your rig to.

Oh and this is dry-coded. :)

[utahjohn]

Where do I find the new winblowz binaries?
http://k-dev.net/cgminer/ still shows 20140309 version as download ...

[Kalroth]

Where do I find the new winblowz binaries?
http://k-dev.net/cgminer/ still shows 20140309 version as download ...

Press CTRL+F5 or whatever to force a refresh. Maybe I'll create a real page some day .. :)

[JHammer]

PW..  Know your busy but could we get an update from you please?  Also are you by chance bouncing servers or is this the Hijack?   The last 3 hours I have been failing over(Not redirected) to other pools..  Would be nice to know if your bouncing servers?