[CLOSED] BTC Guild - Pays TxFees+NMC, Stratum, VarDiff, Private Servers - page 116.

dazzling2865

newbie

Activity: 11

Merit: 0

Quote from: Taugeran on March 03, 2014, 12:19:37 PM

Quote from: dazzling2865 on March 03, 2014, 12:01:14 PM

Quote from: HellDiverUK on March 03, 2014, 11:54:00 AM

Quote from: dazzling2865 on March 03, 2014, 10:21:14 AM

I gain nothing by inventing a story like this. The fact is a BTCG member hacked my miner and I can't see how given the cgminer conf is intact. So I was hoping for a bit of help, like it's probably been done using X, Y, Z method and here's how to help avoid that. I posted in this forum as I think BTCG has some responsibility to stop it's members behaving in this way.

SSH to the miner, screen to the cgminer instance, change pool details, don't save config. That's how.

BTC Guild has zero responsibility. It's your responsibility to secure your equipment, not BTC Guilds. Roll Eyes

Thank you. That is helpful. All passwords changed and api-allow in cgminer now locked down to our PHP based web monitors server IP address. I named and shamed the BTCG user/worker and surprised that BTCG would not look at their account to see if this is widescale fraud.

Is there any way to allow 2 different IP address to access CG Miner? I want to run CGremote locally on LAN and PHP web based script remotely so that's 2 completely different IP addresses.

API-allow takes a comma separated list. If php and cgremote both need write access:

--API-allow W:xxx.xxx.xxx.xxx,yyy.yyy.yyy.yyy

Great. I do have 127.0.0.1 which I think if for the miners GUI to work i.e. to see itself followed by the remote IP but seems CGminer objects to 3 IPs? i.e. --API-allow W:127.0.0.1,yyy.yyy.yyy.yyy, zzz.zzz.zzz.zzz. Is there a limit of 2 IPs?

Cheers for the help.

mdude77

legendary

Activity: 1540

Merit: 1001

Quote from: dazzling2865 on March 03, 2014, 12:01:14 PM

Quote from: HellDiverUK on March 03, 2014, 11:54:00 AM

Quote from: dazzling2865 on March 03, 2014, 10:21:14 AM

I gain nothing by inventing a story like this. The fact is a BTCG member hacked my miner and I can't see how given the cgminer conf is intact. So I was hoping for a bit of help, like it's probably been done using X, Y, Z method and here's how to help avoid that. I posted in this forum as I think BTCG has some responsibility to stop it's members behaving in this way.

SSH to the miner, screen to the cgminer instance, change pool details, don't save config. That's how.

BTC Guild has zero responsibility. It's your responsibility to secure your equipment, not BTC Guilds. Roll Eyes

Thank you. That is helpful. All passwords changed and api-allow in cgminer now locked down to our PHP based web monitors server IP address. I named and shamed the BTCG user/worker and surprised that BTCG would not look at their account to see if this is widescale fraud.

Op hasn't spoke up yet. If he can see that there are worker activities coming in from multiple widely varying IP addresses then he may act upon it. That's his call.

M

Taugeran

hero member

Activity: 658

Merit: 500

CCNA: There i fixed the internet.

Quote from: dazzling2865 on March 03, 2014, 12:01:14 PM

Quote from: HellDiverUK on March 03, 2014, 11:54:00 AM

Quote from: dazzling2865 on March 03, 2014, 10:21:14 AM

I gain nothing by inventing a story like this. The fact is a BTCG member hacked my miner and I can't see how given the cgminer conf is intact. So I was hoping for a bit of help, like it's probably been done using X, Y, Z method and here's how to help avoid that. I posted in this forum as I think BTCG has some responsibility to stop it's members behaving in this way.

SSH to the miner, screen to the cgminer instance, change pool details, don't save config. That's how.

BTC Guild has zero responsibility. It's your responsibility to secure your equipment, not BTC Guilds. Roll Eyes

Thank you. That is helpful. All passwords changed and api-allow in cgminer now locked down to our PHP based web monitors server IP address. I named and shamed the BTCG user/worker and surprised that BTCG would not look at their account to see if this is widescale fraud.

Is there any way to allow 2 different IP address to access CG Miner? I want to run CGremote locally on LAN and PHP web based script remotely so that's 2 completely different IP addresses.

API-allow takes a comma separated list. If php and cgremote both need write access:

--API-allow W:xxx.xxx.xxx.xxx,yyy.yyy.yyy.yyy

dazzling2865

newbie

Activity: 11

Merit: 0

Quote from: HellDiverUK on March 03, 2014, 11:54:00 AM

Quote from: dazzling2865 on March 03, 2014, 10:21:14 AM

I gain nothing by inventing a story like this. The fact is a BTCG member hacked my miner and I can't see how given the cgminer conf is intact. So I was hoping for a bit of help, like it's probably been done using X, Y, Z method and here's how to help avoid that. I posted in this forum as I think BTCG has some responsibility to stop it's members behaving in this way.

SSH to the miner, screen to the cgminer instance, change pool details, don't save config. That's how.

BTC Guild has zero responsibility. It's your responsibility to secure your equipment, not BTC Guilds. Roll Eyes

Thank you. That is helpful. All passwords changed and api-allow in cgminer now locked down to our PHP based web monitors server IP address. I named and shamed the BTCG user/worker and surprised that BTCG would not look at their account to see if this is widescale fraud.

Is there any way to allow 2 different IP address to access CG Miner? I want to run CGremote locally on LAN and PHP web based script remotely so that's 2 completely different IP addresses.

HellDiverUK

hero member

Activity: 1246

Merit: 501

Quote from: dazzling2865 on March 03, 2014, 10:21:14 AM

I gain nothing by inventing a story like this. The fact is a BTCG member hacked my miner and I can't see how given the cgminer conf is intact. So I was hoping for a bit of help, like it's probably been done using X, Y, Z method and here's how to help avoid that. I posted in this forum as I think BTCG has some responsibility to stop it's members behaving in this way.

SSH to the miner, screen to the cgminer instance, change pool details, don't save config. That's how.

BTC Guild has zero responsibility. It's your responsibility to secure your equipment, not BTC Guilds. Roll Eyes

dazzling2865

newbie

Activity: 11

Merit: 0

Quote from: mdude77 on March 03, 2014, 10:28:48 AM

Quote from: dazzling2865 on March 03, 2014, 10:21:14 AM

Quote from: mdude77 on March 03, 2014, 10:10:26 AM

Quote from: hurricandave on March 03, 2014, 10:07:05 AM

I'm not certain he's pointing the finger solely at BTC Guild, and if he has a way to document that someone on the Guild is doing something like redirecting what equates to funds within the Guild, maybe it can be traced. Though I think it would be very difficult. Even if the funds generated were a wash, the question could be whether the offenders user account was freezable, or not. Could other people have also been victimized? Yes, he could simply create new accounts and try again but would have to do so without the ill gotten funds generated so far. Is it possible to share a potential threat IP address within the inner circles of the Pool Operators? Could a security lesson be shared among users to help prevent security breaches? If the matter appears legitimate, can/would the Guild really do anything? Huh

It's still a matter of my word vs your word. I could say your account has my funds, and your account should be frozen. How could I prove it, and you prove otherwise?

I'm curious how his Ant was hacked. It shouldn't be accessible externally. If it is, he needs to tighten up his security a bit.

M

I gain nothing by inventing a story like this. The fact is a BTCG member hacked my miner and I can't see how given the cgminer conf is intact. So I was hoping for a bit of help, like it's probably been done using X, Y, Z method and here's how to help avoid that. I posted in this forum as I think BTCG has some responsibility to stop it's members behaving in this way.

Um, I disagree. I don't see how BTCG is responsible for a user's actions. I'm sure if there was definitive proof something could be done to the account, but there's certainly nothing BTCG can do to prevent malicious activity by one of the users. That's like saying someone stole my car, but I managed to get it back, and Ford needs needs to do something about it.

Your ant shouldn't be reachable by anyone except those on your internal network. If it's reachable externally, then you open yourself up to hack attempts.

M

Laughable!

mdude77

legendary

Activity: 1540

Merit: 1001

Quote from: dazzling2865 on March 03, 2014, 10:21:14 AM

Quote from: mdude77 on March 03, 2014, 10:10:26 AM

Quote from: hurricandave on March 03, 2014, 10:07:05 AM

I'm not certain he's pointing the finger solely at BTC Guild, and if he has a way to document that someone on the Guild is doing something like redirecting what equates to funds within the Guild, maybe it can be traced. Though I think it would be very difficult. Even if the funds generated were a wash, the question could be whether the offenders user account was freezable, or not. Could other people have also been victimized? Yes, he could simply create new accounts and try again but would have to do so without the ill gotten funds generated so far. Is it possible to share a potential threat IP address within the inner circles of the Pool Operators? Could a security lesson be shared among users to help prevent security breaches? If the matter appears legitimate, can/would the Guild really do anything? Huh

It's still a matter of my word vs your word. I could say your account has my funds, and your account should be frozen. How could I prove it, and you prove otherwise?

I'm curious how his Ant was hacked. It shouldn't be accessible externally. If it is, he needs to tighten up his security a bit.

M

I gain nothing by inventing a story like this. The fact is a BTCG member hacked my miner and I can't see how given the cgminer conf is intact. So I was hoping for a bit of help, like it's probably been done using X, Y, Z method and here's how to help avoid that. I posted in this forum as I think BTCG has some responsibility to stop it's members behaving in this way.

Um, I disagree. I don't see how BTCG is responsible for a user's actions. I'm sure if there was definitive proof something could be done to the account, but there's certainly nothing BTCG can do to prevent malicious activity by one of the users. That's like saying someone stole my car, but I managed to get it back, and Ford needs needs to do something about it.

Your ant shouldn't be reachable by anyone except those on your internal network. If it's reachable externally, then you open yourself up to hack attempts.

M

hurricandave

legendary

Activity: 966

Merit: 1003

Quote from: mdude77 on March 03, 2014, 10:10:26 AM

Quote from: hurricandave on March 03, 2014, 10:07:05 AM

I'm not certain he's pointing the finger solely at BTC Guild, and if he has a way to document that someone on the Guild is doing something like redirecting what equates to funds within the Guild, maybe it can be traced. Though I think it would be very difficult. Even if the funds generated were a wash, the question could be whether the offenders user account was freezable, or not. Could other people have also been victimized? Yes, he could simply create new accounts and try again but would have to do so without the ill gotten funds generated so far. Is it possible to share a potential threat IP address within the inner circles of the Pool Operators? Could a security lesson be shared among users to help prevent security breaches? If the matter appears legitimate, can/would the Guild really do anything? Huh

It's still a matter of my word vs your word. I could say your account has my funds, and your account should be frozen. How could I prove it, and you prove otherwise?

I'm curious how his Ant was hacked. It shouldn't be accessible externally. If it is, he needs to tighten up his security a bit.

M

Yes, there must be supporting documentation and if "warranted" further review before any action was taken. I'm also curious too, was the Ant hacked? Or was the user's account modified. Of course "IF" the claim is legitimate. Proof is on the shoulders of the accuser.

dazzling2865

newbie

Activity: 11

Merit: 0

Quote from: mdude77 on March 03, 2014, 10:10:26 AM

Quote from: hurricandave on March 03, 2014, 10:07:05 AM

I'm not certain he's pointing the finger solely at BTC Guild, and if he has a way to document that someone on the Guild is doing something like redirecting what equates to funds within the Guild, maybe it can be traced. Though I think it would be very difficult. Even if the funds generated were a wash, the question could be whether the offenders user account was freezable, or not. Could other people have also been victimized? Yes, he could simply create new accounts and try again but would have to do so without the ill gotten funds generated so far. Is it possible to share a potential threat IP address within the inner circles of the Pool Operators? Could a security lesson be shared among users to help prevent security breaches? If the matter appears legitimate, can/would the Guild really do anything? Huh

It's still a matter of my word vs your word. I could say your account has my funds, and your account should be frozen. How could I prove it, and you prove otherwise?

I'm curious how his Ant was hacked. It shouldn't be accessible externally. If it is, he needs to tighten up his security a bit.

M

I gain nothing by inventing a story like this. The fact is a BTCG member hacked my miner and I can't see how given the cgminer conf is intact. So I was hoping for a bit of help, like it's probably been done using X, Y, Z method and here's how to help avoid that. I posted in this forum as I think BTCG has some responsibility to stop it's members behaving in this way.

mdude77

legendary

Activity: 1540

Merit: 1001

Quote from: hurricandave on March 03, 2014, 10:07:05 AM

I'm not certain he's pointing the finger solely at BTC Guild, and if he has a way to document that someone on the Guild is doing something like redirecting what equates to funds within the Guild, maybe it can be traced. Though I think it would be very difficult. Even if the funds generated were a wash, the question could be whether the offenders user account was freezable, or not. Could other people have also been victimized? Yes, he could simply create new accounts and try again but would have to do so without the ill gotten funds generated so far. Is it possible to share a potential threat IP address within the inner circles of the Pool Operators? Could a security lesson be shared among users to help prevent security breaches? If the matter appears legitimate, can/would the Guild really do anything? Huh

It's still a matter of my word vs your word. I could say your account has my funds, and your account should be frozen. How could I prove it, and you prove otherwise?

I'm curious how his Ant was hacked. It shouldn't be accessible externally. If it is, he needs to tighten up his security a bit.

M

dazzling2865

newbie

Activity: 11

Merit: 0

Quote from: mdude77 on March 03, 2014, 09:22:06 AM

Quote from: dazzling2865 on March 03, 2014, 08:29:40 AM

Can someone help. I am furious. BTCG user/worker benutzer_1 has hacked my antminer and changed a script file somewhere to redirect to his worker. What will BTC Guild do about this? Short of changing my SSH password which I have now done what else can I do?

UPDATE: Config file for cgminer did not show his pool/worker (priority 0) and a reboot has deleted killed his worker. Now very confused.

Thanks

I'm sorry you appear to have been hacked. But I don't see how BTCG can help?

I could say my worker was hacked and I should get credit for someone else's work too. My point is, how can you prove it?

M

Well, I was hoping for some advice as to how to avoid this given that CGminer config had not been modified. Also I will be keeping firewall logs from my router from now on and any further attempts from this user I will forward these to the users ISP with reference to his BTG worker name.

hurricandave

legendary

Activity: 966

Merit: 1003

I'm not certain he's pointing the finger solely at BTC Guild, and if he has a way to document that someone on the Guild is doing something like redirecting what equates to funds within the Guild, maybe it can be traced. Though I think it would be very difficult. Even if the funds generated were a wash, the question could be whether the offenders user account was freezable, or not. Could other people have also been victimized? Yes, he could simply create new accounts and try again but would have to do so without the ill gotten funds generated so far. Is it possible to share a potential threat IP address within the inner circles of the Pool Operators? Could a security lesson be shared among users to help prevent security breaches? If the matter appears legitimate, can/would the Guild really do anything? Huh

mdude77

legendary

Activity: 1540

Merit: 1001

Quote from: dazzling2865 on March 03, 2014, 08:29:40 AM

Can someone help. I am furious. BTCG user/worker benutzer_1 has hacked my antminer and changed a script file somewhere to redirect to his worker. What will BTC Guild do about this? Short of changing my SSH password which I have now done what else can I do?

UPDATE: Config file for cgminer did not show his pool/worker (priority 0) and a reboot has deleted killed his worker. Now very confused.

Thanks

I'm sorry you appear to have been hacked. But I don't see how BTCG can help?

I could say my worker was hacked and I should get credit for someone else's work too. My point is, how can you prove it?

M

dazzling2865

newbie

Activity: 11

Merit: 0

Can someone help. I am furious. BTCG user/worker benutzer_1 has hacked my antminer and changed a script file somewhere to redirect to his worker. What will BTC Guild do about this? Short of changing my SSH password which I have now done what else can I do?

UPDATE: Config file for cgminer did not show his pool/worker (priority 0) and a reboot has deleted killed his worker. Now very confused.

Thanks

joeofall

newbie

Activity: 47

Merit: 0

Black Monday!

AussieHash

hero member

Activity: 692

Merit: 500

Quote from: ericisback on March 02, 2014, 11:53:06 PM

Finally, anyone think there is actually any shot of the difficulty increase actually slowing down:

365 / 12 months = 30.4 days "per month"
Compound Daily growth of 1.5% = 1.015^30.4 = +57% per month

organofcorti

donator

Activity: 2058

Merit: 1007

Poor impulse control.

Quote from: ericisback on March 02, 2014, 11:42:16 PM

Quote from: eleuthria on March 02, 2014, 11:26:28 PM

The even easier version (doesn't factor in the current shift): Check how many open shifts currently have 0 blocks. Multiply that by shift length (4 billion as of my previous post, 4.5 billion going forward), and compare that number to network diff.

At the risk of looking like a complete idiot, I'll ask this...

So, if the current network difficulty is 3,815,723,799, and with ZERO variance, how do you compute the number of shares it should take to find a block (is it just the network difficultly number)? Asked another way, what math do you use to to see if you are above or below 100%, on your "luck chart"?

You need on average 3,815,723,799 difficulty-1 equivalent shares to solve a 3,815,723,799 difficulty block.

The "luck" measurement BTCGuild uses is expected d1 shares / actual d1 shares, do if it only took 300,000,000 d1 shares to solve a 3,815,723,799 difficulty block, it would have a "luck" of 3,815,723,799 / 300,000,000 * 100 = 1271.908%

ericisback

newbie

Activity: 35

Merit: 0

Finally, anyone think there is actually any shot of the difficulty increase actually slowing down:

http://i650.photobucket.com/albums/uu229/ericisback1/2014-03-02_234625.jpg

ericisback

newbie

Activity: 35

Merit: 0

Quote from: ericisback on March 02, 2014, 11:42:16 PM

Quote from: eleuthria on March 02, 2014, 11:26:28 PM

The even easier version (doesn't factor in the current shift): Check how many open shifts currently have 0 blocks. Multiply that by shift length (4 billion as of my previous post, 4.5 billion going forward), and compare that number to network diff.

At the risk of looking like a complete idiot, I'll ask this...

So, if the current network difficulty is 3,815,723,799, and with ZERO variance, how do you compute the number of shares it should take to find a block (is it just the network difficultly number)? Asked another way, what math do you use to to see if you are above or below 100%, on your "luck chart"?

Man, I hate being the dumbest guy in the room....

ericisback

newbie

Activity: 35

Merit: 0

Quote from: eleuthria on March 02, 2014, 11:26:28 PM

The even easier version (doesn't factor in the current shift): Check how many open shifts currently have 0 blocks. Multiply that by shift length (4 billion as of my previous post, 4.5 billion going forward), and compare that number to network diff.

At the risk of looking like a complete idiot, I'll ask this...

So, if the current network difficulty is 3,815,723,799, and with ZERO variance, how do you compute the number of shares it should take to find a block (is it just the network difficultly number)? Asked another way, what math do you use to to see if you are above or below 100%, on your "luck chart"?

Topic: [CLOSED] BTC Guild - Pays TxFees+NMC, Stratum, VarDiff, Private Servers - page 116. (Read 903163 times)