Topic: [ANN][AUTO-SWITCH] Profit-switch auto-exchange pool: CleverMining.com - page 150. (Read 554401 times)

I would hope serious miners calculated their electricity costs and don't let themselves caught off guard like that

Most certainly... but for many miners, that shutoff point will occur anywhere from one day to two months or more after gpu mining becomes unprofitable as far too many miners will not realize their lack of profits until one or two electricity bills arrive.

This is quite puzzling.

Particularly because of how there have been reports from pretty much all multipools (which are the most likely targets, or rather the most likely to report it due to having the majority of all scrypt miners).

I'm not buying the idea the stratums themselves are compromised at least. Especially on multipools the stratum servers are quite custom. It's unlikely all of these have a common attack vector.

Has anyone reported having this issue using a miner that is not based/derived from cgminer? Like a cudaminer user?


But yes, looks like we're going to need some packet logs from before through after a switch occurred.


On a serious note though, we'll hit a shut-off point for GPU users in countries with high electricity costs soon.
These users might actually do well in selling off their GPUs to recoup some of the investment.

Those who have gridseed units (and didn't pay stupidly much for it) will be able to survive a much larger profitability drop before reaching a point where they have to shut down.
As long as they bring in more than they cost in electricity (which is really low for these units), they'll keep running.
Of course the owner might not see ROI if profitability keeps dropping, but that still won't cause the owner to shut down the unit. At most they'll sell the unit and it'll keep on chugging for a new owner.

Nutshell: Total scrypt hashrate is going to keep climbing for a while.

Sounds like a good time to use WireShark, or a good packet sniffer.


As for the dude that says its not worth it mining, I think you should start a facebook page and get others to join so you guys can sell your GPU's on ebay.  If you get enough miners onboard, our profits should go up quite a bit.   


I am all for OTHER people getting out of this gig.

I have no open ports for API, or Web Management. I use PFSense for my router/firewall. I have a dedicated laptop with fresh install of Win 7 with Logmein, then SSH onto the Rigs from that point.

I believe adding ** "no-client-reconnect" : true  ** to your config file may stop the redirect/hijack.  I have been redirected twice prior to using this line in my config file. 

That was my first thought also, that either the API or the API manager was breeched.
- open port for the API, API web management with weak or no password, etc

Let's look at this from a different vector.

I don't use cgminer, but these miners come with a certain amount of remote management right?

Can affected users confirm these ports are exposed to the internet? Possibly you use it yourself to monitor your miner while away from the house?

Wouldn't it be more plausible an exploit was found in the miner's API that allows an attacker to issue such commands?
Try changing your API password to something much stronger?

Are you sure you are still connected to CleverMining? There are a lot of hijack attacks going on lately.

Well something is wrong
My hashrate is Zero on the speedo yet my average is normal over 24hours??....I have earnt 0.00725 BTC when Im usually around 0.023BTC for the same time period, I have a 4.2 mhash rig, Im running BAMT 1.5.2 and nothing has changed in my config over the last few days

Mine is set to mine NET, on www.bitcoop.tk as backup, good returns.

Back in the day we called it a juke.

My CGminer is old (3.1) so does not support client.reconnect command. just got a dead pool and switched to my backup pool (coinshift i think).

maybe you guys can use older version

ok, all these mumbo jumbo you guys are talking about, hacking or phishing or whatever, let's say its solved tomorrow. will it increase the pool profitability or gpu scrypt mining? its going lower and lower these days. if the profit keep diminishing, what's the point in all these talks? gpu scrypt is still dying slowly, or its already are. peace.

I just had a thought.

Let's say that this is only rarely occurring not by choice, but by necessity.

When you lose connectivity there will be likely be a small window during which the server isn't responding.

What if you were monitoring the network, and when you see a loss of connectivity you spring into action, responding to the reconnection request pretending to be the other server?  Spoofing/monitoring is a pain, and besides once they reply again then things are going to get messy.  So the very first thing that you do is redirect to your own (local) server (which also stops attempting to reconnect to the primary), then once the connected to you then you can redirect to the proper server without having to spoof or monitor the network.

If this isn't triggered, and only happens during a natural disconnect then it would explain why it happens to so few people.

Perhaps people can try to intentionally cause a disconnect from their primary server, momentary firewall rule or just rebooting your gateway could do it.  See if anything attempts a redirect?

Middlecoin
HashCows

Is it just cgminer?

Anyone on BAMT affected?

Has anyone been affected that has api mode disabled?

I'm sorry, I'm sure these answers are out there already, but I don't have time to read through all the threads (hence why I asked if there's a consolidated page somewhere).

If it was MITM couldn't this be completely transparent, as it could pretend and report that it's on pool X when it's actually funnelling requests to pool Z.  Hell, if it was smart and only redirected 5% of the hash nobody would probably notice.  Rounded pennies on bank interest payments anyone? 

What if it is malware, the malware itself hosts a stripped down pool, the reconnect goes there then the redirect goes to the malicious pool?  Could be done with local DNS spoofing.

I wonder if we can just ask the NSA to forward us a copy of our network traffic so we can analyze what happened 

For anyone using karolth version of cgminer (or willing to switch): he just released a new version with --no-client-reconnect option which disables redirect command used to hijack miners. If you're not using this version but had your miners hijacked, you might want to think about switching to it, at least until this issue is explained/solved.

However i'm not sure how much it will be helpful, as core of the problem is that miner is reconnecting to a fake pool instead of legitimate pool. Even if it won't respond to reconnect/redirect command received from the fake pool, it will still be connected to this fake pool.

But it's possible that this fake pool isn't actually a full pool software but only tries to look like a pool - and in that case it won't send any actual work to solve besides this initial first mining.notify which is immediately followed by reconnect request (which will be ignored by your miner). In that case your miner should disconnect from this fake pool very soon because of not receiving any work and hopefully reconnect to legitimate pool.

there is no man in the middle attack going on and this is quite obvious.

Thanks Terk for all your help thus far!

Just to clarify, what sort of MITM attack are you thinking of?  It would essentially have to be router based, no?