Pages:
Author

Topic: [~1000 GH/sec] BTC Guild - 0% Fee Pool, LP, SSL, Full Precision, and More - page 68. (Read 379078 times)

member
Activity: 98
Merit: 10
Really starting to miss BTC. Not much you can really do to stop a dos, What I did 4 years back when one of my servers was getting dos was change the IP address and point the domain name to Microsoft for a day. They will see the attack then get there team on to it and hopefully it will go to there legal team and the attacker gets busted.
newbie
Activity: 52
Merit: 0
this guy is extremely anti social. he cares not about money, else he would have created his own pool to mine from. the display i have seen here is the worst ever. he mines, gets banned, then ddos's non-stop. no life, no friends, his mom likely hates him too.

the typical anti social "hacker" (and i use that term loosely) would have moved on by now. i am willing to bet he does not know how to setup his own pool.

the sad thing is theres not a lot you can do to stop data coming in. you can tell your router to ignore it, but when its ignoring data, its still getting flooded. the data has to be ignored several hops out, somewhere where there is enough bandwidth to eat the load, to be useful.


keep in mind, he is watching this thread. i wouldnt post any "pool is up" messages.

also, on the upside (is it really an upside since were finding less blocks/hr?) the difficulty rise wont be as bad next time:)
It's likely that they (bot wrangler) haven't noticed and the ongoing "DDoS" attacks are actually rogue zombie miners reporting shares, and the outgoing bandwidth would likely be either ACK's to those shares or LP requests.
member
Activity: 133
Merit: 10
this guy is extremely anti social. he cares not about money, else he would have created his own pool to mine from. the display i have seen here is the worst ever. he mines, gets banned, then ddos's non-stop. no life, no friends, his mom likely hates him too.

the typical anti social "hacker" (and i use that term loosely) would have moved on by now. i am willing to bet he does not know how to setup his own pool.

the sad thing is theres not a lot you can do to stop data coming in. you can tell your router to ignore it, but when its ignoring data, its still getting flooded. the data has to be ignored several hops out, somewhere where there is enough bandwidth to eat the load, to be useful.


keep in mind, he is watching this thread. i wouldnt post any "pool is up" messages.

also, on the upside (is it really an upside since were finding less blocks/hr?) the difficulty rise wont be as bad next time:)
legendary
Activity: 1750
Merit: 1007
Latest word from the DE servers is the servers there are getting hammered by 70-85k packets.  Per Second.
member
Activity: 78
Merit: 10
Brute-force bandwidth flooding is evil since there seems to be very little you can do about it at your end. For all that I know, unless you have a big, cooperative and probably expensive ISP that is prepared to handle such attacks before they even reach the server, you're SOL.
Eri
sr. member
Activity: 264
Merit: 250
i wonder if you can forward the traffic anywhere useful lol.might as well get Something out of this. too bad Traffic doesn't get ya bitcoins XD though it has shown me just how incredibly inefficient bitcoinplus is. was hoping to get my payout high enough to actually get the little btc i earned with them into my account :/ i don't see it happening *any* time soon lol.
legendary
Activity: 1750
Merit: 1007
Sux... server unreachable again from here. I guess you'd be wholly justified in keeping it offline until you've implemented some real whitelisting. Fucking kiddies.

There's no whitelisting.  They're flooding the pipes, and it happens even if I iptable block ALL ips:

http://i.imgur.com/7MBZf.png
member
Activity: 78
Merit: 10
Sux... server unreachable again from here. I guess you'd be wholly justified in keeping it offline until you've implemented some real whitelisting. Fucking kiddies.
legendary
Activity: 1750
Merit: 1007
DDoS is back in full swing flooding our bandwith to its full capacity.
member
Activity: 78
Merit: 10
Great Job eleuthria, my proxy picked it up automatically as soon as it came online... It's a like a pool hopper's wet dream, entering at 0 shares  Cheesy
sr. member
Activity: 383
Merit: 250
I wonder if the person behind the botnet/ddos was stupid enough to use his isp connection without tor to do the payouts? That would give his IP and he or she could be tracked down.
legendary
Activity: 1750
Merit: 1007
US East is coming back online as the DNS propagates.  Keeping a close eye on it.  I've completely rewritten the "getwork spam" logging to help identify problem IPs as well as potential botnets (high # of IPs on one worker).


US East is running, your shares are counting PERFECTLY.  The user stats are currently disabled just to stop the servers from constantly talking to each other until I know the DDoS is dying out.  You'll see the shares and rewards pop up on a new block as they always have.

I will be taking this unplanned downtime opportunity to rework the stats system to use cached user stats updated at regular intervals, rather than pulling live stats from all of the servers for a user everytime they load the API or My Account page.  This will allow the My Account and API to load almost instantly, the downside being information may be 1-5 minutes stale.
kjj
legendary
Activity: 1302
Merit: 1026
I've been with BTC Guild since round #28.  I'll be here for round #1464 and all the rest too.
sr. member
Activity: 464
Merit: 250
Manually setting the blocks as 120 confirms, even though a few of them aren't yet.  They're secure enough to allow people to get off the pool with 100% of their rewards if this DDoS has completely scared them away.

hell No your still my number 1 pool. And my miners will return when you get back on-line.

The way I see it you stopped a botnet from using your pool and you have the right to refuse anyone you want.

you have kept us updated with what was going on whenever you could.
member
Activity: 78
Merit: 10
A more general solution to this pretty funny (IMHO) problem is to set your local mining proxy to a non-standard port.

Yeah, I'm simply mining on port 80 now. It's open anyway so I can remotely access the administration functionality of the proxy. And none of the pools in my list use that so no danger of another short circuit... I hope!
member
Activity: 98
Merit: 10
Thanks eleuthria for all your trouble with this. One question, not for now but for the future, could you use some other invalid adress than 127.0.0.1 when you deactivate a server? My local mining proxy (cdhowie) started requesting work from itself and crashed, at least I think that was the reason. Thanks for your consideration!

A more general solution to this pretty funny (IMHO) problem is to set your local mining proxy to a non-standard port.
member
Activity: 78
Merit: 10
Thanks eleuthria for all your trouble with this. One question, not for now but for the future, could you use some other invalid adress than 127.0.0.1 when you deactivate a server? My local mining proxy (cdhowie) started requesting work from itself and crashed, at least I think that was the reason. Thanks for your consideration!
legendary
Activity: 1750
Merit: 1007
Manually setting the blocks as 120 confirms, even though a few of them aren't yet.  They're secure enough to allow people to get off the pool with 100% of their rewards if this DDoS has completely scared them away.
full member
Activity: 210
Merit: 100
I get a failed to connect message for btcguild.com, and my miners don't seem to be able to connect to any of the servers either.
legendary
Activity: 1750
Merit: 1007
Website has been restored.  My Account is in a temporary state since it can't poll the other servers reliably.  The Request Payout has been added to the temporary page, and it will give you a payout in FULL PRECISION (all 8 decimals).

In the end, all this DDoS "cost" users is:
  A) Idle mining time if no failover was setp
  B) One round of shares (Block 1464).


At this time I am unable to access DE2 and US Central due to ISPs nulling the IP addresses from the attacks flooding their servers.  DE1 and US East did not find Block 1464 yet, so technically no actual rewards have been lost, only the shares submitted in the current round (which has not yet completed unless DE1/East found a block during the first few moments of the DDoS before they went offline completely).
Pages:
Jump to: