KanoPool since 2014 🐈 - PPLNS and Solo 0.5% fee - Worldwide - 2436 blocks

[Waztim]

31.76% of Diff achieved,  can we get a super lucky, 50/50, flip flop coin toss block for Christmas? I just talked again with my four Antpoo's and they have assured "The Boss" they are working as hard as they can to Get 'R done. Come On Block and Mine On with Kano-San, the best BTC mining pool on earth. 

[1715162995]

1715162995

[1715162995]

1715162995

[brad2388]

How low does everyone think bitcoin will go?
Was reading a post about it dropping back to 3500.00?

[kano]

How low does everyone think bitcoin will go?
Was reading a post about it dropping back to 3500.00?

I guess they didn't see it go back up in the last hour

[brad2388]

I hope they are wrong. Said by dec 29th it would be 11k.

[dracora]

Good plan but I do have one suggestion... maybe show a message when you ban them that tells them how to get unbanned - something like wait 24 hours or contact you or something.

This one today has gone on for well over 2 hours so far ... I don't want to be giving them any hints about "best bot practices"

Better yet can you redirect them to an infected site with malware or something?  

Heh - no - probably need to redirect them to microsoft defender web page ...
They already have a virus

Edit: seems to have trickled down to only one or two bans every minute or so, (instead of every second) so that always-ban change seems to work ok.
Of course I wont post when I've set the setting back to normal, but no doubt that will be soon

Awesome. It's like an advanced game of whack-a-mole.

Actually - it's exactly that

I coded in the event/ovent ban code to KanoDB long ago, but every so often some new bot comes along and I have to think of how I can change the settings in the ban code (i.e. modify the limits via the KanoDB API) to best match the bot.
I've ended up mainly relying on the "no logins" switch, but that's a problem when it goes on for a long time and no one can login normally.

I think from now on I'll rely on switching on/off the "zero tolerance" ban, since it doesn't affect anyone logging in normally unless they forget their password or can't type their own username
Most people don't have the problem, and the few that do can always contact me to check why they were banned and clear their ban if they weren't part of the bot attack

check out fail2ban - you're able to create custom filters

[Veladrin]

Good plan but I do have one suggestion... maybe show a message when you ban them that tells them how to get unbanned - something like wait 24 hours or contact you or something.

This one today has gone on for well over 2 hours so far ... I don't want to be giving them any hints about "best bot practices"

Better yet can you redirect them to an infected site with malware or something?  

Heh - no - probably need to redirect them to microsoft defender web page ...
They already have a virus

Edit: seems to have trickled down to only one or two bans every minute or so, (instead of every second) so that always-ban change seems to work ok.
Of course I wont post when I've set the setting back to normal, but no doubt that will be soon

Awesome. It's like an advanced game of whack-a-mole.

Actually - it's exactly that

I coded in the event/ovent ban code to KanoDB long ago, but every so often some new bot comes along and I have to think of how I can change the settings in the ban code (i.e. modify the limits via the KanoDB API) to best match the bot.
I've ended up mainly relying on the "no logins" switch, but that's a problem when it goes on for a long time and no one can login normally.

I think from now on I'll rely on switching on/off the "zero tolerance" ban, since it doesn't affect anyone logging in normally unless they forget their password or can't type their own username
Most people don't have the problem, and the few that do can always contact me to check why they were banned and clear their ban if they weren't part of the bot attack

Maybe obvious, but exponential backoff in addition to whatever screening you do could probably weed out bots vs humans actually fat-fingering as efficiently without requiring manual switching or locking the fathands out.  There's also an nginx module to rate limit by filter if you want to avoid putting it on your backend. People should be using password management systems these days though...

edit: ah yea as @dracora suggested, fail2ban++

[dzimmerm56]

I use 2FA to login in, the only drawback is having to remember to bring my smart phone downstairs with me where my man cave is. I can manage the 2FA on the phone itself, it is just a little trickier due to the short time a number is valid. If everyone used 2FA you could disable non 2FA logins and probably eliminate most of the evil bot nuisance traffic.

 Bitcoin price is floating above 15k at the moment.

[dzimmerm56]

Featuring Yama-No-Shinbo the goddess of  luck, wealth, prosperity, protection and joy.
Lets have a nice block for after Holiday festivities.

[kano]

...

Maybe obvious, but exponential backoff in addition to whatever screening you do could probably weed out bots vs humans actually fat-fingering as efficiently without requiring manual switching or locking the fathands out.  There's also an nginx module to rate limit by filter if you want to avoid putting it on your backend. People should be using password management systems these days though...

edit: ah yea as @dracora suggested, fail2ban++

Well I only switch the "zero tolerance" on when needed (though it's still on coz there's still a couple of new IP addresses added every minute that get banned immediately

The web server is simply a web server.
My KanoDB/Code decides all the rules.

There are no known/expected exploits in the web site, it's all to do with logins.
People try "known exploits" regularly and none have ever succeeded, due to the fact that all the code is my own code, not some humongous dump of code written by dozens of  people, each trying to outperform every other dump of common code that people use and thus adding all sorts of risks and problems into the mix.
There's no offsite scripts to open up all the easy to exploit problems they cause, there's not even any CSS from offsite - it's also actually inline to reduce I/O.

The event/ovent code is all in that public git run by that god-complex guy, if you are curious about it's design - but it's controlled by settings that are more lenient than the default in code settings that would shut down the web site all the time

[subie]

happy holidays everyone!

@kano
what does luck 5, luck 10, luck 25, luck 50 means?

[MattMell]

My estimate for next BTC mining difficulty:  drop between -1% to 0% around 2018/01/01 14:00

1 869 539 787 755    -0.19% .     18/01/01 14:33

Any other estimates ?

[kano]

happy holidays everyone!

@kano
what does luck 5, luck 10, luck 25, luck 50 means?

If you mean the "Luck%" column in the "Block Statistics" table:
It's just the "Luck%" over the Last "than many" Blocks.

Of course the 5,10,25 and probably also the 50 numbers are pretty much meaningless in the realm of useful statistical samples (and I have considered removing them in the past) but they are still there none-the-less

[AerialGopher]

Is there a way to create a white list of Ip addresses of people that are actually mining to the pool, and can make the assumption that they are using the same IP address for their web login since it would be on the same connection.  If the IP address exists in that DB, then you can have multiple wrong password attempts, if you are not on that list you have 0 tolerance.

Or to have even more fun, when there is a bad set of credentials sent, it sends the user to a completely different server just to make the bots stop attempting to login.  Or just allow the bots on the IP addresses that you have collected log in ( By redirecting to another site ) and so they will stop hopefully.    They are probably coded to just hammer the site, but not coded on what to do after a "successful" login to the fake site.

[kano]

Is there a way to create a white list of Ip addresses of people that are actually mining to the pool, and can make the assumption that they are using the same IP address for their web login since it would be on the same connection.  If the IP address exists in that DB, then you can have multiple wrong password attempts, if you are not on that list you have 0 tolerance.

Or to have even more fun, when there is a bad set of credentials sent, it sends the user to a completely different server just to make the bots stop attempting to login.  Or just allow the bots on the IP addresses that you have collected log in ( By redirecting to another site ) and so they will stop hopefully.    They are probably coded to just hammer the site, but not coded on what to do after a "successful" login to the fake site.

Firstly, the banning is working fine, and this is the first time I've enabled this extra blocking, that already existed in the code when I first wrote it all, and it's working fine also.

This banning might ban someone, while it's active, who makes a mistake, but I think that's way better than stopping everyone logging in.
... and anyone who gets on by mistake, can always contact me to get off the ban list very quickly.
There's only been about 700 banned IPs, but I did completely block a bunch of large subnets before hand that were all bots.

Most of the previous banning has been either IP subnets that had very large numbers of bots, or simply disabling logins for a short while until they got bored having no effect on anything.
This one has sorta gone on all day, so this solution is the best in this case, in my opinion.

Lastly, most people with more than a few miners, have a different place/places for their miners.

[minergain.com]

Firstly, the banning is working fine, and this is the first time I've enabled this extra blocking, that already existed in the code when I first wrote it all, and it's working fine also.

This banning might ban someone, while it's active, who makes a mistake, but I think that's way better than stopping everyone logging in.
... and anyone who gets on by mistake, can always contact me to get off the ban list very quickly.
There's only been about 700 banned IPs, but I did completely block a bunch of large subnets before hand that were all bots.

Most of the previous banning has been either IP subnets that had very large numbers of bots, or simply disabling logins for a short while until they got bored having no effect on anything.
This one has sorta gone on all day, so this solution is the best in this case, in my opinion.

Lastly, most people with more than a few miners, have a different place/places for their miners.

If the banning is happening in your apache script, perhaps you could just ban for a day.  If the blocks are happening in your firewall, that also can be done but not as easily since you would have to allow the apache server to have access to the ban list and manually parse through the logs to get the time.  Ok, I just read all the previous and see it is in your code and it sounds like you are doing a day.  
Personally in my code, I allow 3 attempts, then lock for 5 minutes then 15 on the next, then 60 on the next and a day one the next.  I have detection for all kinds of hacker things (injection, arrays, etc) and if the server detects those, then the ip is blocked for a day.  As with yours, I do most in my code although my servers also have a firewall that blocks on ssh attempts, etc.  It seems that it would be good if you had something in place all the time rather than manually turning on and off your systems when threats are detected.  I suspect that even you need to sleep once in a while.

[rifleman74]

MINE ON!!!

[VRobb]

Time for that Boxing Day block and subsequent BitGeld! 

[AerialGopher]

YAAAAAAAAAAAYYYYYYYYYYY!!!!!!!!!!!!!!!!!

I got the Rude awkening from DHL auto call for owing money...  I was like WTF!...  Not yet...

I owed them money so I paid then went, lets see - only bitmain supposed to send me stuff...  Could it be.....
Log into bitmain thinking they just sent the power supply only, you know, a funny joke maybe?


NOPE!!!!  They Sent ALL 4 of my S9's and power supplies!   I actually got another DHL Duties and taxes call while writing this!

SOOOOO Excited!!!


EDIT:  I have a voip system that can handle 25 calls to one phone - They made 3 calls at the same time, two of which went to voicemail for the duties and taxes for the other packages!  

Its like CHRISTMAS on the 26th!  and the 27th when they are to be delivered!

This was the Jan 21-30 Batch of S9's that I ordered!  I started the orders in Nov around the 25th until first week in dec, all on different days over 2 weeks or so.

[wavelengthsf]

Time to get a few blocks in before the new year!

[Veladrin]

Firstly, the banning is working fine, and this is the first time I've enabled this extra blocking, that already existed in the code when I first wrote it all, and it's working fine also.

This banning might ban someone, while it's active, who makes a mistake, but I think that's way better than stopping everyone logging in.
... and anyone who gets on by mistake, can always contact me to get off the ban list very quickly.
There's only been about 700 banned IPs, but I did completely block a bunch of large subnets before hand that were all bots.

Most of the previous banning has been either IP subnets that had very large numbers of bots, or simply disabling logins for a short while until they got bored having no effect on anything.
This one has sorta gone on all day, so this solution is the best in this case, in my opinion.

Lastly, most people with more than a few miners, have a different place/places for their miners.

If the banning is happening in your apache script, perhaps you could just ban for a day.  If the blocks are happening in your firewall, that also can be done but not as easily since you would have to allow the apache server to have access to the ban list and manually parse through the logs to get the time.  Ok, I just read all the previous and see it is in your code and it sounds like you are doing a day.  
Personally in my code, I allow 3 attempts, then lock for 5 minutes then 15 on the next, then 60 on the next and a day one the next.  I have detection for all kinds of hacker things (injection, arrays, etc) and if the server detects those, then the ip is blocked for a day.  As with yours, I do most in my code although my servers also have a firewall that blocks on ssh attempts, etc.  It seems that it would be good if you had something in place all the time rather than manually turning on and off your systems when threats are detected.  I suspect that even you need to sleep once in a while.

This is precisely the kind of solution and motivation I meant earlier. It's up to you (Kano) how you want to manage your system as it's your time and property, but the point is not about the code quality but rather the process: As noted you can get careless humans as well as bots. Newbies may also think that UX is a bug. The manual aspect of enabling/disabling plus dealing with individuals is a side effect of that process.  Automating this process is an added efficiency that should solve both UX and operational concerns. Of course that means changes to working code, and depending on the code it may not be so straightforward, I get that. Not trying to pile on or argue, but merely suggest - small manual processes add up over time, enough of those compounding take away time from getting real work (or sleep) done.