newunit16
Member
Offline
Activity: 133
Merit: 10
|
|
July 06, 2011, 02:06:25 AM |
|
Really starting to miss BTC. Not much you can really do to stop a dos, What I did 4 years back when one of my servers was getting dos was change the IP address and point the domain name to Microsoft for a day. They will see the attack then get there team on to it and hopefully it will go to there legal team and the attacker gets busted.
Lol what? I would have went after the dick sys admin who sent all the traffic my way and disrupted my website because he couldn't handle his own. +1 for this comment. Sending your negative traffic to someone else is not the way to do things. That was a very dick move, and would have been highly frowned upon in most of the professional circles. i work in networking and think its effing hilarious. a rather resourceful way to deal with a DDoS. lol! now, pointing it to some server without a shitton of bandwidth and poor management, would however, be wrong. Would you be saying the same thing if someone dumped a metric crap ton of DDoS traffic on YOUR network? Would you be so chipper about the situation with your Boss's Boss, and the CIO, and everyone else screaming at you about why they cant they get their webmail, or why the customers cant enter their orders on your website, especially if your job was on the line? like i said "now, pointing it to some server without a shitton of bandwidth and poor management, would however, be wrong." microsofts network has lots of pipe, and good management. in my case, if we were to get ddos'd it would be our ISP's job to fix this, as they are the ones that manage the outside hops. for me it would be "hey boss, were getting ddos'd, i called (isp) and they're on it." thats the call anyone would make. changing something on your "internal" network would only resolve an internal based DDoS.
|
|
|
|
newunit16
Member
Offline
Activity: 133
Merit: 10
|
|
July 06, 2011, 02:14:13 AM |
|
id say point it to microsoft as well, but after thinking about it id forward it to cisco lol. had a crappy linksys router, then a crapy cisco/linksys router, they deserve it for putting out crap products, they combined ciscos crap UI and with linksys crap hardware. but just kidding here, doing something like that could probably get ya in *loads* of trouble.
cisco isnt really known for their hardware. talk to any networking guru and they'll tell you. cisco owns because IOS is amazing. (also, combining cisco gui with linksys hardware? new one to me. maybe i just havent paid much attention, but the linksys config assistant doesnt resemble the cisco CME to me. but if you're using the cisco CME, you must be <CCENT) when it comes to linksys, i will say this. i have not had any trouble with linksys routers, but bad hardware comes random from any vendor. you know how much my aironet 1200 802.11B AP cost when it bought it? it wasnt 60$... and it still works to this day. theres no reason to complain when your 60$ router/wifi AP dies after a month. one of the biggest mistake the world ever made was to make routers cheap. if you want quality buy quality. lots of good EOL cisco stuff can be had cheaply. yes, i run 802.11B, i dont do much internal file transfers, and i only have about 3 nodes on the wifi. considering upgrading to 802.11G since alot of that cisco gear is getting EOL.
|
|
|
|
Clavulanic
|
|
July 06, 2011, 02:19:54 AM |
|
Maybe the botnets mining on the pool were causing my gpu usage to hover around 96-98%? Hopefully once this resolves I can point my systems to btc guild and they can stay at 99% usage. I'd love to come back, but it's not worth it unless I can stay at 99% usage like I do at other pools
|
|
|
|
██████████
████████
██████
████
██████
████████
██████████ | | | | | . Appreciate Coin | | | │ | Send and receive tokens in blogs and social media communities | │ | | | ▄▄█████████▄▄ ▄█████████████████▄ ▄███▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀███▄ ▄████ ███ █████ ███ ████▄ ▄█████▄▄ ▄▄▄▄ ▄▄▄▄ ▄▄█████▄ ██████▀▀ ▀▀▀▀ ▀▀▀▀ ▀▀██████ ██████ ███ █████ ███ ██████ ██████▄▄ ▄▄▄▄ ▄▄▄▄ ▄▄██████ ▀█████▀▀ ▀▀▀▀ ▀▀▀▀ ▀▀█████▀ ▀████ ███ █████ ███ ████▀ ▀███▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄███▀ ▀█████████████████▀ ▀▀█████████▀▀ | ▀▀▀▀▀▀▀▀ NO INFLATION . ▀▀▀▀▀▀▀▀ | | | | | ▄▄█████████▄▄ ▄███████▀▀▀███████▄ ▄████▀▀▀▀ ▄ ▀▀▀▀████▄ ▄████ ▄▄▄▄███▄▄▄▄ ████▄ ▄█████ ███████████ █████▄ ████▀ ▄██▀ ▀██▄ █████ ████ ████ ███ ████ ████ ████▄ ▀██▄ ▄██▀ █████ ▀█████ ███████████ █████▀ ▀████ ▀▀▀▀███▀▀▀▀ ████▀ ▀████▄▄▄▄ ▀ ▄▄▄▄████▀ ▀███████▄▄▄███████▀ ▀▀█████████▀▀ | ▀▀▀▀▀▀▀▀ TECHNICAL INTEGRATIONS . ▀▀▀▀▀▀▀▀ | | | ▄▄█████████▄▄ ▄█████████████████▄ ▄██████████▀██████████▄ ▄█████████▀ ▀█████████▄ ▄████████▀ ▀████████▄ █████████▄▄█▌ ▐█▄▄█████████ ████████████▌ ▐████████████ ████████████▌ ▐████████████ ▀███████████▌ ▐███████████▀ ▀██████████▌ ▐██████████▀ ▀█████████████████████▀ ▀█████████████████▀ ▀▀█████████▀▀ | ▀▀▀▀▀▀▀▀ GROWING USE CASES . ▀▀▀▀▀▀▀▀ | | | ▄▄█████████▄▄ ▄█████████████████▄ ▄████████▀ ▀████████▄ ▄████▀ ▄▄▄ ▀████▄ ▄█████ ███████████ █████▄ ████▀ ▄███████▀▀██▄ ▀████ ████ ████ ▀▀ ▄████ ████ ████▄ ▀███▄ ▄████▀ ▄████ ▀█████ ███████████ █████▀ ▀████▄ ▀▀▀ ▄████▀ ▀████████▄ ▄████████▀ ▀█████████████████▀ ▀▀█████████▀▀ | ▀▀▀▀▀▀▀▀ EASE OF CRYPTO TRADING . ▀▀▀▀▀▀▀▀ | | | | ██████████
████████
██████
████
██████
████████
██████████ |
|
|
|
Mike Moceri
Newbie
Offline
Activity: 38
Merit: 0
|
|
July 06, 2011, 02:20:00 AM |
|
To the botnet owner: Please stop, you're wasting BTC generation time. Either move to a different pool with the CPU miners or setup your own private pool.
I'm not saying your pax0ring power isn't impressive, I'm saying the bot's computer owners are going to wonder why their internet is crawling, and the ones that call their ISP will find out they need to disinfect their computer and you'll lose it. You're less likely to lose it by running the CPU miner on low priority since they can still browse foxnews.com and forward chain-letter-emails to their kids without slowdown.
$ We just want to make some money like you $
The hacker running the botnet is probably some asshole script kiddie. When I was studying computer hacking and security, we used to set up wargames servers and hack for fun and educational value. Hell, I'll even support the guys over at Anonymous and Lulzsec- at least they have principles. This script kiddie is just an antisocial douche.
|
|
|
|
smackdaddy
Newbie
Offline
Activity: 45
Merit: 0
|
|
July 06, 2011, 03:33:16 AM |
|
Any chance the DDOS is really just the unhandled mining traffic?
I'm wondering if maybe you published new DNS names for people to connect to, this would maybe ease up?
|
|
|
|
neotrino
Member
Offline
Activity: 63
Merit: 10
|
|
July 06, 2011, 03:34:02 AM |
|
Really starting to miss BTC. Not much you can really do to stop a dos, What I did 4 years back when one of my servers was getting dos was change the IP address and point the domain name to Microsoft for a day. They will see the attack then get there team on to it and hopefully it will go to there legal team and the attacker gets busted.
Love it!!!
|
|
|
|
eleuthria (OP)
Legendary
Offline
Activity: 1750
Merit: 1007
|
|
July 06, 2011, 03:49:51 AM |
|
Any chance the DDOS is really just the unhandled mining traffic?
I'm wondering if maybe you published new DNS names for people to connect to, this would maybe ease up?
It is not mining traffic. If you look at the imgur link in the previous page, you'll see what i mean. The DDoS is hitting all of our pools and the webserver. The 100 mbps port on all of our servers was being capped. A botnet of CPU miners does not generate 300k packets/sec.
|
RIP BTC Guild, April 2011 - June 2015
|
|
|
Mike Moceri
Newbie
Offline
Activity: 38
Merit: 0
|
|
July 06, 2011, 04:23:22 AM |
|
I definitely support the idea of pointing the traffic at M$. Let their legal boys handle it.
|
|
|
|
TurdHurdur
|
|
July 06, 2011, 04:44:36 AM |
|
What's next, 1Gbp/s pipe?
|
|
|
|
btcsquirrel
Newbie
Offline
Activity: 22
Merit: 0
|
|
July 06, 2011, 05:28:13 AM |
|
I don't know if this has already been brought up or not (this thread is friggin huge), but it seems to me like the logical culprit is someone who either has a lot of mining capacity in another pool or actually runs a pool. That would be the two types of people with the most to gain right?
|
|
|
|
gmannn
|
|
July 06, 2011, 05:31:14 AM |
|
Just want to thank you for your hard work and I'll be back with a high donate percentage when things settle down. After trying all the pools, BTCguild has won me over with the user interface and stats.
|
|
|
|
zenmetsu
Newbie
Offline
Activity: 11
Merit: 0
|
|
July 06, 2011, 10:01:40 AM |
|
Perhaps to deal with this in the future, you can go down this dark and shady road...
Put a notice on the site that only miners pulling in at least 10MH/sec are welcome.
This will not keep out the cpumining botnet, but it will establish the terms of your pool and the botnet would be violating those terms. Then, once you identify a future botnet, invalidate 2/3 of all shares submitted by miners running less than 10MH/sec and just pretend like they didn't happen. Net result, the rest of us benefit from the work of the botnet and the impact to the botnet's profitability might be low enough that they don't even notice.
|
|
|
|
Thor
Newbie
Offline
Activity: 27
Merit: 0
|
|
July 06, 2011, 12:41:47 PM |
|
For all the people about to say or who have already said: "I havn't read this whole thread but..." First: if you go to #btcguild on freenode, typically the topic line will answer what you're about to ask/suggest Second: here is the current topic line: The official channel of BTC Guild ( www.btcguild.com). We have been/are being DDoS'd. There is no ETA yet for the pools coming back, but they will. No, CloudFlare would not solve this. No, we're not using EC2 unless you feel like paying for it. Round Robin DNS is a sin against humanity. No, your IPtables script will not help. A VPS cannot host a pool. I need a hug =( Third: The DDoS started within an hour of a botnet being banned from the pool, it is overwhelmingly likely that it is out of spite, rather than profit motive from [insert the person you think might profit here]. Especially seeing as how [Tycho, Slush, dbitcoin, etc] All have much more to gain by having a good reputation in the community than by DDoSing another pool. Fourth: Why do I even still read this thread?
|
|
|
|
khamark
Member
Offline
Activity: 72
Merit: 10
|
|
July 06, 2011, 01:32:29 PM |
|
-hug- keep the good work, isn't your fault...
btw the 8 decimals withdraw idea was greathope you could implement that in the future..
|
|
|
|
zerokwel
|
|
July 06, 2011, 01:42:44 PM |
|
For all the people about to say or who have already said: "I havn't read this whole thread but..." First: if you go to #btcguild on freenode, typically the topic line will answer what you're about to ask/suggest Second: here is the current topic line: The official channel of BTC Guild ( www.btcguild.com). We have been/are being DDoS'd. There is no ETA yet for the pools coming back, but they will. No, CloudFlare would not solve this. No, we're not using EC2 unless you feel like paying for it. Round Robin DNS is a sin against humanity. No, your IPtables script will not help. A VPS cannot host a pool. I need a hug =( Third: The DDoS started within an hour of a botnet being banned from the pool, it is overwhelmingly likely that it is out of spite, rather than profit motive from [insert the person you think might profit here]. Especially seeing as how [Tycho, Slush, dbitcoin, etc] All have much more to gain by having a good reputation in the community than by DDoSing another pool. Fourth: Why do I even still read this thread? Agree +1 btw never knew we had a irc chat room . I may have to idle there
|
|
|
|
GimEEE
Member
Offline
Activity: 112
Merit: 10
Ride or Die
|
|
July 06, 2011, 02:24:01 PM |
|
Deepbit apparently also banned the botnets also last night deepbit went down for several minutes
those are the facts I observed, not drawing any conclusions. . .
|
The only way to make sure people you agree with can speak is to support the rights of people you don't agree with.
|
|
|
Eri
|
|
July 06, 2011, 03:13:49 PM |
|
Perhaps to deal with this in the future, you can go down this dark and shady road...
Put a notice on the site that only miners pulling in at least 10MH/sec are welcome.
This will not keep out the cpumining botnet, but it will establish the terms of your pool and the botnet would be violating those terms. Then, once you identify a future botnet, invalidate 2/3 of all shares submitted by miners running less than 10MH/sec and just pretend like they didn't happen. Net result, the rest of us benefit from the work of the botnet and the impact to the botnet's profitability might be low enough that they don't even notice.
and what about the Legit users under 10 mh a sec? oh right 'they are not important'. how could i forget..
|
|
|
|
neotrino
Member
Offline
Activity: 63
Merit: 10
|
|
July 06, 2011, 03:23:06 PM |
|
Perhaps to deal with this in the future, you can go down this dark and shady road...
Put a notice on the site that only miners pulling in at least 10MH/sec are welcome.
This will not keep out the cpumining botnet, but it will establish the terms of your pool and the botnet would be violating those terms. Then, once you identify a future botnet, invalidate 2/3 of all shares submitted by miners running less than 10MH/sec and just pretend like they didn't happen. Net result, the rest of us benefit from the work of the botnet and the impact to the botnet's profitability might be low enough that they don't even notice.
and what about the Legit users under 10 mh a sec? oh right 'they are not important'. how could i forget.. They are not worth... probably they cause more problems (bandwidth/resources consumption) than their benefits (Mhash/sec). So I think it's a good idea that larger pools allow only "gpu" users meanwhile "cpu" users must be confined to smaller polls where they are welcome. My 2 cents
|
|
|
|
Eri
|
|
July 06, 2011, 04:28:07 PM |
|
so rather then me shoving your 2 cents .... back in your pocket... what makes you think some of these botnets run programs that cant take advantage of GPU's?
|
|
|
|
zenmetsu
Newbie
Offline
Activity: 11
Merit: 0
|
|
July 06, 2011, 04:38:06 PM |
|
I am not saying that <10MH/s is not important. What I am saying is that the pool admin will likely want to make a determination as to how to manage the pool resources. This is a free pool and the admins have to rely upon donations made in good will. No one has unlimited bandwidth and, unfortunately, bandwidth costs money. Also, unfortunately, it is more effective for a single client to connect to the pool and hash away at 400MH/sec than it is for 800 clients to connect and bang away at 0.5MH/sec. so rather then me shoving your 2 cents .... back in your pocket... what makes you think some of these botnets run programs that cant take advantage of GPU's?
As of yet, I'm unaware of any zombie computers actually using GPU to mine; they all appear to be cpuminers. I'm not saying that they can't, but that they usually do not. For reference: Put in some filters to stop the botnet(s) that were pointed at the servers. IMMEDIATELY saw a performance boost to the servers. Will monitor the results overnight to see if banning THOUSANDS of CPU miners cures the problems.
If you're having trouble connecting after the filters were put in place, send me a PM. Botnets need not apply.
Registrations have been re-opened due to the servers showing an incredible recovery after the bans.
The account balance of the botnet has been donated to Bitcoin Faucet.
Perhaps 10MH/sec was too strict, but surely 1M/sec should be considered, with the option for an exception to be made for legitimate users after registration. This, however, raises the question as to how to limit an account to a single worker since the botnet controller can simply request an exception posing as a legitimate user and the use that account for all the zombies. DDoS is a pain, unfortunately. I'm not trying to be a jerk so don't be hostile. I'm trying to offer suggestions to help get our pool back up and running and prevent future problems.
|
|
|
|
|