fcmatt
Legendary
Offline
Activity: 2072
Merit: 1001
|
|
March 24, 2014, 04:06:43 PM |
|
May I suggest Prolexic?
as a previous pool operator waffle will have to choke up 1000-3000K per month for proper DDOS protection. Cloudflare was a joke. I tried it. Prolexic, which I got a quote and never went through with, appears to be better. Thanks for the numbers. They're actually not as high as I thought they would be, but still high enough to raise pool fees. I have four backup pools configured, and the ones with the lower fees are generally first on my list, provided they have a good operator and a proven track record of payout per hashrate (which many people around here know I prefer to refer to as BTC/MHD!) The price really does matter on how many different IPs he wishes to protect and any other custom services. The more regional servers you have the more it will cost. But once again Prolexic offers quotes based on what the customer wants and you can dicker with them a bit. Essentially 1200 dollars for an IP or two is what it will take money wise to get your foot in the door. 3-5 regional servers? double/triple it.
|
|
|
|
|
|
The forum was founded in 2009 by Satoshi and Sirius. It replaced a
SourceForge forum.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
bbbbbb2014
Member
Offline
Activity: 93
Merit: 10
|
|
March 24, 2014, 05:02:37 PM |
|
The price really does matter on how many different IPs he wishes to protect and any other custom services. The more regional servers you have the more it will cost. But once again Prolexic offers quotes based on what the customer wants and you can dicker with them a bit. Essentially 1200 dollars for an IP or two is what it will take money wise to get your foot in the door. 3-5 regional servers? double/triple it.
You're just talking about the mechanic of offering a security product. In reality, the product is worth as much as, or at least proportional to value of assets it protects. In this case, WP should calculate what is a loss since there are no miners and act accordingly. And again, it is difficult to hand out the money when the pool is small (and there is no plenty of miners). But the pool was huge and handing out such an amount of money is not a problem. Unless someone thinks - that DDOS attack will go away someday. Miners, too.
|
|
|
|
comeonalready
|
|
March 24, 2014, 05:10:51 PM |
|
The price really does matter on how many different IPs he wishes to protect and any other custom services. The more regional servers you have the more it will cost. But once again Prolexic offers quotes based on what the customer wants and you can dicker with them a bit. Essentially 1200 dollars for an IP or two is what it will take money wise to get your foot in the door. 3-5 regional servers? double/triple it.
You're just talking about the mechanic of offering a security product. In reality, the product is worth as much as, or at least proportional to value of assets it protects. In this case, WP should calculate what is a loss since there are no miners and act accordingly. And again, it is difficult to hand out the money when the pool is small (and there is no plenty of miners). But the pool was huge and handing out such an amount of money is not a problem. Unless someone thinks - that DDOS attack will go away someday. Miners, too. Another important consideration is that wafflepool is really only thought of as huge because it usually hosts one huge miner who contributes 20-25GH/s of the pool's total hashpower of 35GH/s, give or take. And that huge miner has shown that he is willing to actively move that power around to wherever it best suits him at the moment. It complicates the decision.
|
|
|
|
ElMariachi
Newbie
Offline
Activity: 51
Merit: 0
|
|
March 24, 2014, 05:50:37 PM |
|
Still, this sucks, my place is ice cold. Damn winter came back right when the DDOS started and kept my rig from heating, it's a conspiracy I tell you, and they're out to kill me.
|
|
|
|
oktay50000
|
|
March 24, 2014, 05:56:00 PM |
|
any news???/ when pool will be ok
|
BTC : bc1qqz9hvv806w2zs42mx4rn576whxmr202yxp00e9
feel free to buy me a bear
|
|
|
atomicchaos
|
|
March 24, 2014, 07:04:31 PM |
|
Still, this sucks, my place is ice cold. Damn winter came back right when the DDOS started and kept my rig from heating, it's a conspiracy I tell you, and they're out to kill me.
You deserve to freeze if you couldn't be bothered with a failover!
|
BTC:113mFe2e3oRkZQ5GeqKhoHbGtVw16unnw2
|
|
|
ungaro59
|
|
March 24, 2014, 07:33:41 PM |
|
Wafflepool : 0.00364643 DogeCoin : 0.00658029
Wafflepool = GOOD FOR HARDWARE BUT BIG IDIOT FOR PROFIT !
|
|
|
|
phzi
|
|
March 24, 2014, 07:41:04 PM |
|
Wafflepool : 0.00364643 DogeCoin : 0.00658029
Wafflepool = GOOD FOR HARDWARE BUT BIG IDIOT FOR PROFIT !
There is no way that Dogecoin profit figure is accurate. You will NOT earn that much from a Doge pool. As for WafflePool, it is being DDOSed and we aren't finding any blocks, so of course the.profitability figure is falling.
|
|
|
|
suchmoon
Legendary
Offline
Activity: 3654
Merit: 8922
https://bpip.org
|
|
March 24, 2014, 07:44:06 PM |
|
Seems to be back up...
|
|
|
|
LPCobris
|
|
March 24, 2014, 07:47:42 PM |
|
Seems to be back up...
And down again.... LPC
|
|
|
|
suchmoon
Legendary
Offline
Activity: 3654
Merit: 8922
https://bpip.org
|
|
March 24, 2014, 07:53:47 PM |
|
Seems to be back up...
And down again.... LPC My wafflepool stats are showing ~5% of the actual hashrate, which suggests that my rigs might be connecting to it briefly, and then falling back to other pools. Can't access cgminer logs right now to verify though.
|
|
|
|
ElMariachi
Newbie
Offline
Activity: 51
Merit: 0
|
|
March 24, 2014, 08:00:40 PM |
|
Still, this sucks, my place is ice cold. Damn winter came back right when the DDOS started and kept my rig from heating, it's a conspiracy I tell you, and they're out to kill me.
You deserve to freeze if you couldn't be bothered with a failover! Hey, I had 3 failovers configured! Unfortunately those were the other 3 WP servers And of course now that I bothered to set up a 5th pool mining LTC the EU pool is back up, I'm just plain bad luck. EDIT: And down again. Up, and down and up, and down and up, and down and up - and down. Wasn't there some trashy song in the 90s about this? Multipools falling like flies, coincidentally at the same time as others on this forum announced they'd take them (and lots of other stuff) down. How mysterious.
|
|
|
|
comeonalready
|
|
March 24, 2014, 08:15:27 PM |
|
Still, this sucks, my place is ice cold. Damn winter came back right when the DDOS started and kept my rig from heating, it's a conspiracy I tell you, and they're out to kill me.
You deserve to freeze if you couldn't be bothered with a failover! Hey, I had 3 failovers configured! Unfortunately those were the other 3 WP servers And of course now that I bothered to set up a 5th pool mining LTC the EU pool is back up, I'm just plain bad luck. EDIT: And down again. Up, and down and up, and down and up, and down and up - and down. Wasn't there some trashy song in the 90s about this? Multipools falling like flies, coincidentally at the same time as others on this forum announced they'd take them (and lots of other stuff) down. How mysterious. Kalroth cgminer for sure and sgminer I think have a configurable delay for how long to wait before returning back to a failed server that is back up again -- just in case you are bouncing around and don't like it happening.
|
|
|
|
paul.miner
Newbie
Offline
Activity: 7
Merit: 2
|
|
March 24, 2014, 08:22:45 PM |
|
If anyone has packet captures of work packets sent after their client was hijacked, could you post or send them? I'd be curious to see what they were mining. If it's DOGE, I'm also set up to extract the payout address from the coinbase parameters. A packet should look like this (I think this was an old packet capture from Clevermining): {"id":null,"method":"mining.notify","params":["3a61","34d9b767ab5f9e4270ca11e6f823da99af2b6da089d7cb21490c3cce4831ac63","01000000010000000000000000000000000000000000000000000000000000000000000000ffffffff2703780702062f503253482f0436221c5308","0d2f6e6f64655374726174756d2f0000000001241b6d23db1200001976a914312f0edfb1647e2f9ddbc6a0faacf3c3c8d1d21588ac00000000",["e8c40423f1291090ace9ac3a88469cf61561ad9b0f06de877f9309b846264b9b","446dea3005104d328824ae1d93b6b26d6c18c69ed6cf3d5aa8a585eeebea534a","032c4da808bf500177768605095431ee58b2773e6397db02e93eae0db86952a4","d5e6cc3bc5dc96786f97cf42a07dff996ac4b9e572844300a0065c719d9ef186","5d7d235e26d856e1bb70ea2b669fa50b6ecf3256fc26ff0ac52d2ea2de4f5c08","2ab06ed0f757226b38213aeeaca5281d013f38259cc22ae04721ab35534d83fe","f66308601f97700e503e8cea31e8d1b57f34530054a222b4bb6f99015fd462a3"],"00000002","1b33c012","531c2247",true]}
|
|
|
|
comeonalready
|
|
March 24, 2014, 08:48:11 PM |
|
If anyone has packet captures of work packets sent after their client was hijacked, could you post or send them? I'd be curious to see what they were mining. If it's DOGE, I'm also set up to extract the payout address from the coinbase parameters. A packet should look like this (I think this was an old packet capture from Clevermining): {"id":null,"method":"mining.notify","params":["3a61","34d9b767ab5f9e4270ca11e6f823da99af2b6da089d7cb21490c3cce4831ac63","01000000010000000000000000000000000000000000000000000000000000000000000000ffffffff2703780702062f503253482f0436221c5308","0d2f6e6f64655374726174756d2f0000000001241b6d23db1200001976a914312f0edfb1647e2f9ddbc6a0faacf3c3c8d1d21588ac00000000",["e8c40423f1291090ace9ac3a88469cf61561ad9b0f06de877f9309b846264b9b","446dea3005104d328824ae1d93b6b26d6c18c69ed6cf3d5aa8a585eeebea534a","032c4da808bf500177768605095431ee58b2773e6397db02e93eae0db86952a4","d5e6cc3bc5dc96786f97cf42a07dff996ac4b9e572844300a0065c719d9ef186","5d7d235e26d856e1bb70ea2b669fa50b6ecf3256fc26ff0ac52d2ea2de4f5c08","2ab06ed0f757226b38213aeeaca5281d013f38259cc22ae04721ab35534d83fe","f66308601f97700e503e8cea31e8d1b57f34530054a222b4bb6f99015fd462a3"],"00000002","1b33c012","531c2247",true]} I had set up packet capture on the outside of my firewall, and was dying to get a client.reconnect message and a connection to a rogue server followed by mining.notify messages, but I never received one. If you happen to track one down, please do share what you find here as I will be reading! It would be great to find a miner who was keeping share logs AND actually solved a block, as then we could trace it to a wallet address, perhaps seeing how much they were able to siphon and where it might ultimately have ended up.
|
|
|
|
Thirtybird
|
|
March 24, 2014, 08:49:18 PM |
|
So....
did anyone investigate the possibility that the API for pool manipulation was being abused? If can modify peoples pool settings to create a pool with specific settings and then switch to that pool - which probably points at an http URL which then sends the stratum reconnect command to point to whatever the wallet address is at the time...
this, in theory could be done via javascript in your browser, miner monitoring software, malware, etc.
this tactic seems much easier than a large-scale man in the middle attack.
anyone whose miner is currently redirected and is running the curses interface, hit "S" for settings, then hit "W" for write. Write it out to some config file and view it. If it has more information in it than you put into it, post it here for people to evaluate.
|
|
|
|
poolwaffle (OP)
|
|
March 24, 2014, 08:50:15 PM |
|
If anyone has packet captures of work packets sent after their client was hijacked, could you post or send them? I'd be curious to see what they were mining. If it's DOGE, I'm also set up to extract the payout address from the coinbase parameters. A packet should look like this (I think this was an old packet capture from Clevermining): {"id":null,"method":"mining.notify","params":["3a61","34d9b767ab5f9e4270ca11e6f823da99af2b6da089d7cb21490c3cce4831ac63","01000000010000000000000000000000000000000000000000000000000000000000000000ffffffff2703780702062f503253482f0436221c5308","0d2f6e6f64655374726174756d2f0000000001241b6d23db1200001976a914312f0edfb1647e2f9ddbc6a0faacf3c3c8d1d21588ac00000000",["e8c40423f1291090ace9ac3a88469cf61561ad9b0f06de877f9309b846264b9b","446dea3005104d328824ae1d93b6b26d6c18c69ed6cf3d5aa8a585eeebea534a","032c4da808bf500177768605095431ee58b2773e6397db02e93eae0db86952a4","d5e6cc3bc5dc96786f97cf42a07dff996ac4b9e572844300a0065c719d9ef186","5d7d235e26d856e1bb70ea2b669fa50b6ecf3256fc26ff0ac52d2ea2de4f5c08","2ab06ed0f757226b38213aeeaca5281d013f38259cc22ae04721ab35534d83fe","f66308601f97700e503e8cea31e8d1b57f34530054a222b4bb6f99015fd462a3"],"00000002","1b33c012","531c2247",true]} I've got one here, soon as I get these servers back up, remind me (email please) and I'll dig through the pcap.
|
|
|
|
comeonalready
|
|
March 24, 2014, 09:01:13 PM |
|
So....
did anyone investigate the possibility that the API for pool manipulation was being abused? If can modify peoples pool settings to create a pool with specific settings and then switch to that pool - which probably points at an http URL which then sends the stratum reconnect command to point to whatever the wallet address is at the time...
this, in theory could be done via javascript in your browser, miner monitoring software, malware, etc.
this tactic seems much easier than a large-scale man in the middle attack.
anyone whose miner is currently redirected and is running the curses interface, hit "S" for settings, then hit "W" for write. Write it out to some config file and view it. If it has more information in it than you put into it, post it here for people to evaluate.
From reviewing the code, it appeared to me that the client.reconnect message must have been received on an active stratum connection that had already passed the mining.subscribe, mining.authorize messages. So at the very least the server to which it was connected must have been able to emulate a stratum mining server up to that point. As for gathering the rest of that type of information from miners, it's not much unlike herding cats. I had posted a list of information for affected miners to supply in order to help narrow down the cause, but not a single reply was posted. Perhaps some might have sent directly to poolwaffle? (I really wanted to see it happen on one of my miners!)
|
|
|
|
ElMariachi
Newbie
Offline
Activity: 51
Merit: 0
|
|
March 24, 2014, 09:06:20 PM |
|
Kalroth cgminer for sure and sgminer I think have a configurable delay for how long to wait before returning back to a failed server that is back up again -- just in case you are bouncing around and don't like it happening. Thank you for the hint but it's not that bad, at least this whole situation gives me a reason to finally add useful pool controls to my pet coding project.
|
|
|
|
paul.miner
Newbie
Offline
Activity: 7
Merit: 2
|
|
March 24, 2014, 09:31:40 PM |
|
It would be great to find a miner who was keeping share logs AND actually solved a block, as then we could trace it to a wallet address, perhaps seeing how much they were able to siphon and where it might ultimately have ended up. Even if they didn't solve a block, the coinbase parameter in the packet contains a payout address, so we can at least see where the coins would have gone. Someone on Reddit posted a packet capture when it was mining Worldcoin, but a Litecoin or Dogecoin packet would be more interesting.
|
|
|
|
|