Author

Topic: Electrum servers are currently under a DoS attack (Read 389 times)

legendary
Activity: 916
Merit: 1003
The Electrum server DDoS attack appears to be mitigated for the time being since the IP blacklist was released.
HCP
legendary
Activity: 2086
Merit: 4363
I've personally used that "electrs" server... It seemed to run OK, even tho I was possibly "abusing" it a bit by running it in the Ubuntu "app" on Windows 10!!?! Tongue (the one that uses the "Windows subsystem for Linux").

Obviously, it requires a Bitcoin Core Full Node, but otherwise the requirements are relatively low. After the initial indexing time (took a few hours from memory)... it actually ran pretty well.
legendary
Activity: 3612
Merit: 5297
https://merel.mobi => buy facemasks with BTC/LTC
I had never heared about https://github.com/romanz/electrs, but after looking into it, it seemed like a nice service to setup since it didn't require me to enable txindex and reindex all blocks (i use my node as a lightning backend, so i don't want to stop it for an extended period of time).

I'm currently running electrs and it's building an index, i've setup nginx as reverse proxy and i've setup a manual ip whitelist in nginx so i can block every connection exept the manually whitelisted ones... So if the indexing is finished, and the server starts properly (i can't make any promises), i'll be able to offer a private electrum server in a couple of hours.

Do note the following restrictions apply:
  • The server will only run for as long as there's a need for a private electrum server. As soon as the DDos'ing stops, the server goes down
  • No guarantees for uptime or load whatsoever... I can take the service down at any moment i want without warning
  • No other guarantees either.. Either use my service or don't, but if you do: do not complain!
  • You'll need to trust me... You'll be connecting to my service directly AND you'll need to send me your public ip since i'll have to add it to the whitelist (don't post your ip in this thread... Use privnote or encrypt it using pgp and send it to me using a PM and ONLY after i've announced the server to be up and running)

I realise ip's can be spoofed, but this setup was the easyest one i could come up with...
legendary
Activity: 3472
Merit: 10611
some short time ago someone posted a new project about re-implementation of Electrum servers[1]. the project seems to be active and moderately popular on GitHub[2] so i am wondering whether anybody is actually running a server using that implementation in which case are they also affected by the DoS attack since the vulnerability is only in ElectrumX implementation in python[3]? if so then it can be a very easy solution to the current problem until they merge the PRs in ElectrumX and servers upgrade to new versions you could manually connect to those types of server.

[1] https://bitcointalksearch.org/topic/an-efficient-re-implementation-of-electrum-server-in-rust-4589797
[2] https://github.com/romanz/electrs
[3] https://github.com/kyuupichan/electrumx
HCP
legendary
Activity: 2086
Merit: 4363
No, it's not blocked... and DNS hasn't changed... just different servers are being DoS'd I guess... yesterday hsmiths and xskyx were fine... today, they won't connect. However, hodlister and jochen-hoenicke (which didn't work yesterday), are working OK.

That's the problem with this sort of thing... the goalposts are constantly moving... what works for me right now, probably isn't working for others (or me) in 2 hours Tongue
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
I previously didn't have any issues... but this morning seems relatively "bad"... Several servers which show up in the list will just result in "not connected" if I attempt to connect to them. I've managed to find one or two that seem to work OK at this time.
I experienced this an hour ago but right now seems working fine to me and I noticed that more server is added to the server list.

Your Electrum might be blocked did you change your DNS recently?
HCP
legendary
Activity: 2086
Merit: 4363
I confirm the same, I did not have any problems with sync - it take 5-10 seconds and I always have it on automatic. Is there any explanation why some users have big problems to connect to server and sync, while others do not have such problems? Except those who use versions older then 3.3.4, all users with latest version should have the same user experience. Is there something else what influence on sync problems, except fact that servers are under DoS attack?
Not necessarily. There are many factors at play other than just Electrum version. Things like:
- Number of transactions/addresses needed to sync
- Network speed/latency
- Local computer speed
- Server load

Even prior to the DoS attack, users who were attempting to sync wallets with thousands of addresses/transactions would also face really long sync times.

I previously didn't have any issues... but this morning seems relatively "bad"... Several servers which show up in the list will just result in "not connected" if I attempt to connect to them. I've managed to find one or two that seem to work OK at this time.
copper member
Activity: 236
Merit: 17
By the way, it does connect (my one is set to auto) and allow to do transaction

It's still not functional for me. It says either stuck at synchronization or shows "Not connected" all the time even after changing servers.

On my laptop it just says "not connected". I can get it to work on my phone (at least my multisig is strong as I can't be bothered trying to test whether it works on my laptop anymore Grin.

I'll load my phone up and send you a pm of the server that works if I can find it. I'll do the same for anyone who has earnt at least 100 merits (just in case).

Edit: my laptop says "not connected" because the server has anti ddos protection and my wifi can't support it (as the routing table is broken, I've finally worked out why it doesn't work)...
giveme 100 merits, so you could tell me that server
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
By the way, it does connect (my one is set to auto) and allow to do transaction

It's still not functional for me. It says either stuck at synchronization or shows "Not connected" all the time even after changing servers.

On my laptop it just says "not connected". I can get it to work on my phone (at least my multisig is strong as I can't be bothered trying to test whether it works on my laptop anymore Grin.

I'll load my phone up and send you a pm of the server that works if I can find it. I'll do the same for anyone who has earnt at least 100 merits (just in case).

Edit: my laptop says "not connected" because the server has anti ddos protection and my wifi can't support it (as the routing table is broken, I've finally worked out why it doesn't work)...
staff
Activity: 3500
Merit: 6152
By the way, it does connect (my one is set to auto) and allow to do transaction

It's still not functional for me. It says either stuck at synchronization or shows "Not connected" all the time even after changing servers.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
I had a complete outage yesterday (I think) it still won't load currency data now.

Electrum servers are currently under a DoS attack. We are working on a more robust version of the electrum server. In the meantime, affected users should disable auto-connect, and select their server manually.

https://twitter.com/ElectrumWallet/status/1114987055736655873

Perhaps they could use something like Andrea's schildbach added to android electrum and get them. To ping compatible core nodes?
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
i honestly have not yet encountered any problems so far with connectivity in the past couple of days since the news about DoS attacks came out. every time i open Electrum (3.3.4) it automatically connects to multiple servers (currently Cool and syncs easily.

I confirm the same, I did not have any problems with sync - it take 5-10 seconds and I always have it on automatic. Is there any explanation why some users have big problems to connect to server and sync, while others do not have such problems? Except those who use versions older then 3.3.4, all users with latest version should have the same user experience. Is there something else what influence on sync problems, except fact that servers are under DoS attack?
legendary
Activity: 3472
Merit: 10611
Non of the servers seem to be working ATM. Seems like the network is dead.

i honestly have not yet encountered any problems so far with connectivity in the past couple of days since the news about DoS attacks came out. every time i open Electrum (3.3.4) it automatically connects to multiple servers (currently Cool and syncs easily.
HCP
legendary
Activity: 2086
Merit: 4363
Seems to be working fine for me ... 2019-04-09 03:22 UTC

Granted, it took a few minutes to finish syncing, but it definitely connected and synced up OK... I just created a new copy of Ledger Hardware wallet (following OS reinstall).
legendary
Activity: 3710
Merit: 1586
Non of the servers seem to be working ATM. Seems like the network is dead.
full member
Activity: 519
Merit: 197
Quote
In the meantime, affected users should disable auto-connect, and select their server manually.
are no problem when generate new wallet offline?, because first time open have choose auto or manually server
legendary
Activity: 3710
Merit: 1586
AWS is premium web hosting. If you want to run electrumx what you need is a bargain basement dedi from ovh, online.net or hetzner. Most public servers run in hetzner's DCs.  If you want to run electrum personal server a 4GB ram VPS from ramnode, vultr or DO will suffice. Make sure to enable pruning in bitcoin core to save space.

However unless you need the special features of electrum there is little point in running a complicated setup like above. Much easier to just switch to bitcoin core.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
Vod tried running a full node on an aws instance, I think he said it cost him $200/month.

How do you manage to break a raspberry pi!? I mean I couldn't install bitcoin core on mine but still...
~snip~

Too expensive to run a full node on AWS instance I thought $20 per month is enough or maybe it depends on the machine specs?
What is the minimum required to run a full node?

What I mean about my Raspberry Pi it's totally dead after my son drops it into the water salt then after one day when I opened it all parts are rusty.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
My raspberry is currently broken so my plan is to run it in AWS or DO with their free credit.

Vod tried running a full node on an aws instance, I think he said it cost him $200/month.

How do you manage to break a raspberry pi!? I mean I couldn't install bitcoin core on mine but still...

And actually there was a thread where I was asking about making a vps instance from yself to run a full node and it got quite a lot of good suggestions, I think most of those were valued at aroun 10 to 20 euros a month. I didn't go through with the idea because I'll just run my own node when I get roujnd to it, I'm in the process of configuring an old laptop for it.
legendary
Activity: 916
Merit: 1003
Can I downgrade electrum for it to connect. I've completely emptied my wallet so there's no risk of a phishing attack doing anything..

It's good to hear you're trying to find a solution.

Bitmaxz, is cloudflare capable of that? I though since clients connect to electrum in a manner that is similar to a bot then therell be a load of issues... If anyone has a private electrum node set up and fancies giving someone a hand the let me know. (also why don't we just try dosing that bad electrum server)....

All Electrum clients were forced to upgrade recently due to phishing vulnerabilities so downgrading won't help.

I've found that Electrum does connect but you have to be patient and wait a few minutes.  It's annoying because it used to connect instantly but not a show-stopper.

Cloudflare probably won't help in this situation.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
More/less just like budget required to run Bitcoin full nodes. You can run Bitcoin full nodes + electrum server on Raspberry Pi 3.

I've no idea about cloudflare integration, but there are many ways to protect server from DDoS attack such as block known malicious IP and limit request amount.
My raspberry is currently broken so my plan is to run it in AWS or DO with their free credit.

Well, I don't have much knowledge of other software only Cloudflare that I know to use to protect it from DDoS attack.


Bitmaxz, is cloudflare capable of that?

I don't know but it might be possible?

Temporarily I'm using https//coinb.in for making transaction from electrum offline and get hex then broadcast it to coinb.in just to make a transaction.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Can I downgrade electrum for it to connect. I've completely emptied my wallet so there's no risk of a phishing attack doing anything..

It's good to hear you're trying to find a solution.

Bitmaxz, is cloudflare capable of that? I though since clients connect to electrum in a manner that is similar to a bot then therell be a load of issues... If anyone has a private electrum node set up and fancies giving someone a hand the let me know. (also why don't we just try dosing that bad electrum server)....
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
I thought I'm the only one who experienced syncing issue lately that is why I created transaction temporarily in coinb.in.

I was planning weeks ago to have my own Electrum server to contribute and to keep it safe to DDOS attacks and Phishing attacks but the problem how much I could spend to start a server and I don't have much knowledge protecting a server but I have little knowledge using cloudflare.

Do you have any idea how much budget do I need to start my own Electrum server and let me know if there is a guide to make a server that includes cloudflare to add a server and protect the server to DDOS attacks?
legendary
Activity: 2464
Merit: 3878
Hire Bitcointalk Camp. Manager @ r7promotions.com
Okay now I understand why I was/am having this connection issue. From the morning I noticed it keeps synchronising and running slow like s**t LOL

Thanks for the post.

Cheers :-)

Did anyone manage to find servers that are not being ddosed? I disabled the auto connect and I've been trying to connect to at least 10-15 servers and I still can't.
By the way, it does connect (my one is set to auto) and allow to do transaction

legendary
Activity: 2702
Merit: 4002
usually, those attacks don't continue that long...
There have been some syncing problems yesterday "it took more than 15 minutes" but today the wallet works well even with auto connect server.
Perhaps such solutions may be useful in the future but the situation is safe for now.
sr. member
Activity: 770
Merit: 268
this issue is not yet resolved? who the hell do this? the one who run malicious server maybe?

lots of my friends are having problems with electrum since yesterday. though there's a solution for this, they prefer to use auto-selection as usual.
legendary
Activity: 3612
Merit: 5297
https://merel.mobi => buy facemasks with BTC/LTC
If the DDos attack continues, we can probably setup a private electrumX node for bitcointalk users... It's all written in python, so it shouldn't be that hard to add some authentication so non-invited users cannot connect. But usually those attacks don't continue that long...
staff
Activity: 3500
Merit: 6152
Did anyone manage to find servers that are not being ddosed? I disabled the auto connect and I've been trying to connect to at least 10-15 servers and I still can't.
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
Electrum servers are currently under a DoS attack. We are working on a more robust version of the electrum server. In the meantime, affected users should disable auto-connect, and select their server manually.

https://twitter.com/ElectrumWallet/status/1114987055736655873
Jump to: