[4+ EH] Slush Pool (slushpool.com); Overt AsicBoost; World First Mining Pool - page 336.

Lucko

hero member

Activity: 826

Merit: 1000

Quote from: KNK on April 27, 2014, 06:57:41 AM

Which DNS servers you use? Is there someone who have miners at the same location, but some are affected but some are not?
This will rule out DNS poisoning of the Goggle DNS-es (4.4.4.4 and 8.8.8. Cool

@Lucko same country as you, but no miners affected at 4 different locations, 3 ISPs (all using local DNS)

It is not DNS. I'm using ISP ones...

EDIT: Also other things points to it not being DNS related. Like changing pool. If it would be DNS there would be no need to change to IP with client.redirect but just say that any pool name is IP 46.28.205.80.

Mudbankkeith

hero member

Activity: 868

Merit: 1000

Quote from: Lucko on April 27, 2014, 06:40:32 AM

Quote from: necro_nemesis on April 27, 2014, 06:34:11 AM

For the record early on I set up minepeon on a raspberry pi and it got pirated when I had my firewall open to set it initially up. It was redirected to another pool which didn't appear in the webUI on inspection. It certainly can happen.

This is all closed to the internet... And CGminer and BFGminer still say they are connected to original pool if you go to pools. The only difrence is that you see on the top Connected to 46.28.205.80 diff 1K with stratum as *******

Like the postal worker stealing the letters with cheques in them. Take a few small ones and hope no one notices.
Now they are getting greedy and trying to steal them all.

KNK

hero member

Activity: 692

Merit: 502

Which DNS servers you use? Is there someone who have miners at the same location, but some are affected but some are not?
This will rule out DNS poisoning of the Goggle DNS-es (4.4.4.4 and 8.8.8. Cool

@Lucko same country as you, but no miners affected at 4 different locations, 3 ISPs (all using local DNS)

Lucko

hero member

Activity: 826

Merit: 1000

Quote from: necro_nemesis on April 27, 2014, 06:34:11 AM

For the record early on I set up minepeon on a raspberry pi and it got pirated when I had my firewall open to set it initially up. It was redirected to another pool which didn't appear in the webUI on inspection. It certainly can happen.

This is all closed to the internet... And CGminer and BFGminer still say they are connected to original pool if you go to pools. The only difrence is that you see on the top Connected to 46.28.205.80 diff 1K with stratum as *******

necro_nemesis

full member

Activity: 224

Merit: 100

For the record early on I set up minepeon on a raspberry pi and it got pirated when I had my firewall open to set it initially up. It was redirected to another pool which didn't appear in the webUI on inspection. It certainly can happen.

Lucko

hero member

Activity: 826

Merit: 1000

Quote from: Mudbankkeith on April 27, 2014, 06:17:27 AM

Quote from: Lucko on April 27, 2014, 05:54:18 AM

Not sure if your issue is the same but if you are redirected to ip 46.28.205.80 it is a "pirate" pool that somehow redirect you to them... It is happening to me too on 4 different pools with 19 rigs 4 locations and 2 ISP (BTCGuild, ScryptGuild, Ghesh and Eligius).

Can you list the devices being "attacked" by this pirate?

It is not device specific... PC, Minepeons, Antminers, TL-MR3020. CGminer, BFGminer and Slush mining proxy. SHA and Scrypt...

According to kano it is MITM attack... https://bitcointalksearch.org/topic/eligius-0-fee-btc-105-pps-nmc-no-registration-cppsrb-441465 Command doesn't came from the pool but it somehow gets into TCP connection...

Mudbankkeith

hero member

Activity: 868

Merit: 1000

Quote from: Lucko on April 27, 2014, 05:54:18 AM

Not sure if your issue is the same but if you are redirected to ip 46.28.205.80 it is a "pirate" pool that somehow redirect you to them... It is happening to me too on 4 different pools with 19 rigs 4 locations and 2 ISP (BTCGuild, ScryptGuild, Ghesh and Eligius).

Can you list the devices being "attacked" by this pirate?

Mentalfloss

newbie

Activity: 47

Merit: 0

Quote from: MCTV on April 26, 2014, 06:15:33 PM

Does everyone's daily reward graph go up and down with peaks and valleys based on the Luck factor? I'm surprised it's not a smoother curve!

Not here, at this small of a pool, but you would see a much smoother flow of smaller rewards at BTC Guild.

A few months ago I split my miners for a few weeks between here and BTC, and the amount earned here at Slush's pool was slightly higher.

Lucko

hero member

Activity: 826

Merit: 1000

Not sure if your issue is the same but if you are redirected to ip 46.28.205.80 it is a "pirate" pool that somehow redirect you to them... It is happening to me too on 4 different pools with 19 rigs 4 locations and 2 ISP (BTCGuild, ScryptGuild, Ghesh and Eligius).

Sir Alan

full member

Activity: 221

Merit: 100

I sometimes see this issue when scrypt mining with CGminer: everything goes fine for days, weeks - then suddenly shares stop being recorded by the server, although the miner is still processing happily. It used to happen when mining Bitcoin with Slush or BTCguild using CGminer: the miner was still processing, but no shares were recorded. The shares are going - where? Perhaps they are simply evaporating. After I switched to BFGminer the problem went away, or at any rate it hasn't yet reappeared.

As is usual with such issues, it generally happens either in the early hours of the morning or when I am away from home, giving a nice long run without reward before I can restart the miner.

Gabr1el

newbie

Activity: 19

Merit: 0

-Dave
[/quote]

Not been affected yet by this, thank you for heads up, but what I have done is put a block in my router from communicating with that dot addy, so hopefully the worst that would happen now is they would go offline rather than mine for someone else.

-Graham
[/quote]

This is what happened to 2 and a half of my usb erupters who weren't giving shares
to my workers on slush pool.It Was Friday night Central European time.Most likely it was my gear going bonkers but I checked for most usual mistakes and everything was fine except erupters although they were working full capacity weren't submitting to Slush.MOST PROBABLY it was my gear and lack of experience though

P.S. Only pool visible in BFGMiner was startum.slush , hope this helps ...
P.P.S. Rest of them (more than 70 % of all of my Mhs) was accepting shares from
Slush and working fine.

Moria

newbie

Activity: 18

Merit: 0

Quote from: DaveF on April 26, 2014, 06:26:50 PM

Quote from: MrTeal on April 26, 2014, 06:16:31 PM

Quote from: LoneStar43 on April 26, 2014, 04:20:32 PM

I have had the same issue the last 2 days as well. Same ip as above, a restart of my ants or cgminer/bfgminer cures it. My miners are in 3 different locations, running differnet software and on different ips all using unique Worker names. Antminer S1, BFL LS, BFL Jala and Red Fury's.

Out of curiosity, do you have Teamviewer installed?

I'm a bit more active on this on the Eligius thread, but I don't have TeamViewer installed.

-Dave

Not been affected yet by this, thank you for heads up, but what I have done is put a block in my router from communicating with that dot addy, so hopefully the worst that would happen now is they would go offline rather than mine for someone else.

-Graham

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: MrTeal on April 26, 2014, 06:16:31 PM

Quote from: LoneStar43 on April 26, 2014, 04:20:32 PM

I have had the same issue the last 2 days as well. Same ip as above, a restart of my ants or cgminer/bfgminer cures it. My miners are in 3 different locations, running differnet software and on different ips all using unique Worker names. Antminer S1, BFL LS, BFL Jala and Red Fury's.

Out of curiosity, do you have Teamviewer installed?

I'm a bit more active on this on the Eligius thread, but I don't have TeamViewer installed.

-Dave

MrTeal

legendary

Activity: 1274

Merit: 1004

Quote from: LoneStar43 on April 26, 2014, 04:20:32 PM

I have had the same issue the last 2 days as well. Same ip as above, a restart of my ants or cgminer/bfgminer cures it. My miners are in 3 different locations, running differnet software and on different ips all using unique Worker names. Antminer S1, BFL LS, BFL Jala and Red Fury's.

Out of curiosity, do you have Teamviewer installed?

MCTV

newbie

Activity: 3

Merit: 0

Does everyone's daily reward graph go up and down with peaks and valleys based on the Luck factor? I'm surprised it's not a smoother curve!

LoneStar43

newbie

Activity: 23

Merit: 0

I have had the same issue the last 2 days as well. Same ip as above, a restart of my ants or cgminer/bfgminer cures it. My miners are in 3 different locations, running differnet software and on different ips all using unique Worker names. Antminer S1, BFL LS, BFL Jala and Red Fury's.

Namnuta

newbie

Activity: 26

Merit: 0

Quote from: vodic62 on April 26, 2014, 02:15:38 PM

Quote from: Alexiandar on April 26, 2014, 01:11:16 PM

Quote from: vodic62 on April 26, 2014, 11:52:24 AM

Quote from: MrTeal on April 26, 2014, 10:23:53 AM

Pool users should check their connections to Slush. I noticed with two miners that I hadn't submitted a share in the last ten minutes. My miners were showing that they were still connected to pool 0, but 46.28.205.80 instead of the normal address. There is talk on Eligius about a malicious player doing a man in the middle attack, it's worth reading up on.

I had this problem about 3 times in last few days. 15 minutes ago my both antminers were submitting work and nothing looked different, but for about one hour they were sending results somewhere else, because slush pool was reporting 0 shares. After reconnection everything is ok again... I really hate how many thieves are attracted around bitcoin.

It might be that the password is left to default, so it's the same password to all ants if it wasn't changed. I guess the 'thief' needs to find the IP and then log into that ant's account using the well known default password. Or maybe the other 2 pools weren't changed, so if Slush is down, it switches to the other default pool which was preset by Bitmain. Just a thought.

No it's not my case. I don't have default passwords and antminer was showing that he is submitting work to Slush pool. And my only failover pool in ant configuration is my bitcoin wallet a it wasn't used.

Following this as i was affected. It does not appear to be hardware specific. Im Running BFL hardware.

vodic62

newbie

Activity: 11

Merit: 0

Quote from: Alexiandar on April 26, 2014, 01:11:16 PM

Quote from: vodic62 on April 26, 2014, 11:52:24 AM

Quote from: MrTeal on April 26, 2014, 10:23:53 AM

Pool users should check their connections to Slush. I noticed with two miners that I hadn't submitted a share in the last ten minutes. My miners were showing that they were still connected to pool 0, but 46.28.205.80 instead of the normal address. There is talk on Eligius about a malicious player doing a man in the middle attack, it's worth reading up on.

I had this problem about 3 times in last few days. 15 minutes ago my both antminers were submitting work and nothing looked different, but for about one hour they were sending results somewhere else, because slush pool was reporting 0 shares. After reconnection everything is ok again... I really hate how many thieves are attracted around bitcoin.

It might be that the password is left to default, so it's the same password to all ants if it wasn't changed. I guess the 'thief' needs to find the IP and then log into that ant's account using the well known default password. Or maybe the other 2 pools weren't changed, so if Slush is down, it switches to the other default pool which was preset by Bitmain. Just a thought.

No it's not my case. I don't have default passwords and antminer was showing that he is submitting work to Slush pool. And my only failover pool in ant configuration is my bitcoin wallet a it wasn't used.

Namnuta

newbie

Activity: 26

Merit: 0

Quote from: vodic62 on April 26, 2014, 11:52:24 AM

Quote from: MrTeal on April 26, 2014, 10:23:53 AM

Pool users should check their connections to Slush. I noticed with two miners that I hadn't submitted a share in the last ten minutes. My miners were showing that they were still connected to pool 0, but 46.28.205.80 instead of the normal address. There is talk on Eligius about a malicious player doing a man in the middle attack, it's worth reading up on.

I had this problem about 3 times in last few days. 15 minutes ago my both antminers were submitting work and nothing looked different, but for about one hour they were sending results somewhere else, because slush pool was reporting 0 shares. After reconnection everything is ok again... I really hate how many thieves are attracted around bitcoin.

Has happening twice to me so far. Same IP. Bah!!!!

Alexiandar

newbie

Activity: 6

Merit: 0

Quote from: vodic62 on April 26, 2014, 11:52:24 AM

Quote from: MrTeal on April 26, 2014, 10:23:53 AM

Pool users should check their connections to Slush. I noticed with two miners that I hadn't submitted a share in the last ten minutes. My miners were showing that they were still connected to pool 0, but 46.28.205.80 instead of the normal address. There is talk on Eligius about a malicious player doing a man in the middle attack, it's worth reading up on.

I had this problem about 3 times in last few days. 15 minutes ago my both antminers were submitting work and nothing looked different, but for about one hour they were sending results somewhere else, because slush pool was reporting 0 shares. After reconnection everything is ok again... I really hate how many thieves are attracted around bitcoin.

It might be that the password is left to default, so it's the same password to all ants if it wasn't changed. I guess the 'thief' needs to find the IP and then log into that ant's account using the well known default password. Or maybe the other 2 pools weren't changed, so if Slush is down, it switches to the other default pool which was preset by Bitmain. Just a thought.

Topic: [4+ EH] Slush Pool (slushpool.com); Overt AsicBoost; World First Mining Pool - page 336. (Read 4382810 times)