Topic: Eligius: 0% Fee BTC, 105% PPS NMC, No registration, CPPSRB - page 43. (Read 1061417 times)

Greetings,

So, an update on last night's DDoS attack, in timeline form.

• at 04:01 UTC An email was received threatening to DoS eligius with 5 BTC ransom.  The full message was "you pay 5 bitcoin or x.x.x.x x.x.x.x x.x.x.x go down you have 1 hour" where x.x.x.x is replaced with some mostly non-public Eligius server IPs, specifically two core bitcoind nodes and the webserver's actual IP.  They didn't even provide a contact method or way to pay the ransom (not that I would have done so anyway).  Email was filtered as spam and I only found it after the fact also (sent from some bogus email address with a name of "Tina Turner")
• at 04:48 UTC There was a physical fiber connectivity issue at Eligius's primary data center.  This resulted in nearly 70% of the data center's local bandwidth capacity being lost.  Secondary connections were immediately put to use and were covering the mostly off-peak load and most services, including Eligius, were not impacted.  (Spoiler: this turned out to be unrelated to the attackers)
• at 05:16 UTC a DDoS began on Eligius.  External traffic saturated the secondary fiber connections from outside.  To make matters worse, some servers in the same facility as Eligius (unrelated to us) appear to have been compromised and used to DoS Eligius from inside the data center as well, causing latency, but not triggering my normal DDoS alerts since the external DDoS was mostly UDP amplification and filtered upstream.
• at 05:36 UTC Eligius miners, mostly unaffected by the DDoS's at this point aside from some work update latency, found a block, #387439 with hash 000000000000000008e051b41e7ada11e9931153a0bb02960ebb4a9e0374e404.  Eligius nodes attempted to submit this block to our primary nodes, secondary external nodes, and BlueMatt's relay network.  The first of these to be able to accept this block happened 46 seconds later due to extreme network latency within the data center.  By then the bitcoin P2P network had already seen a competing block, 000000000000000003e98e022c09c263e6b28f79cbc973a094444f649bbe4bcf by AntPool.  Eligius miners continued to mine on top of *e404, but about 10 minutes later BitFury found a block that built on top of AntPool's block and Eligius's block was officially stale.
• at 05:57 UTC The NOC staff, dealing mostly with the fiber loss issue, isolated the compromised machines inside the facility (no Eligius machines) that were contributing to the DDoS attack on Eligius.
• at 06:02 UTC The external DDoS against Eligius expanding to include core data center hardware and further saturated the secondary fiber connections beyond usability.
• at 06:03 UTC Eligius's mining servers automatically switched to a tertiary link with extremely limited bandwidth when connectivity was lost.  Coinbaser was disabled and block size limited while on this connection to save bandwidth, again all automatically.
• at 06:40 UTC Data center staff had mitigated the DDoS to the point where things were mostly stable on the secondary fiber link, with patches of extreme latency as the pipe was periodically saturated by either the DDoS or normal traffic.
• at 08:03 UTC The majority of the primary fiber connection was restored via a temporary link bypassing the physically damaged fiber link.  Latency with Eligius was back to normal at this point.
• at 11:02 UTC Primary fiber link was fully restored via a temporary link with full capacity.
• at 16:30 UTC Data center NOC staff's failure analysis concluded that faulty wiring in an underground conduit near to this section of fiber had caused excess heat which damaged the primary fiber link.

Initially I had thought it possible that the people threatening the attack may had been responsible for the fiber cut on the data center's primary connections.  After sharing the timing of the incident and the ransom note with the NOC, they were also skeptical of the coincidental timing.  Turns out the two were completely unrelated and were just independent issues.  However, if just one or the other had happened there would have been little to no impact to services, Eligius's or other's at the facility.  But since the attackers were able to leverage a partly crippled data center when they attacked, their attack was at least partly successful.  Fortunately non-Eligius servers at the data center were only mildly affected by this whole situation or I might be accelerating my migration to the new data center beyond my planned time table.

Total actual down time for Eligius's mining servers was under 45 seconds, measured from a remote monitoring server, around 06:02 UTC when the changeover to the tertiary link happened.  Unfortunately latency was very bad in bursts between 05:16 and 08:03 UTC, as high as 1 minute latency.  For the most part, miner connections were not affected aside from delayed work changes and delayed share submission responses.

The above is all for the mining servers.  The web server was unavailable for several minutes at a time while the lower priority DDoS mitigation for that setup took effect.

None of the "wake wizkid057 up" alerts I had setup triggered, since in the eyes of all of my monitoring the mining servers were all online, available, working on up to date work, etc, with DDoS mitigation doing its job correctly.  The switch to the tertiary link caused small connectivity loss, but not enough to drop all miner connections, and wasn't quite long enough to trigger an alert either.  Overall, the system performed well under the circumstances, IMO, and I'd be surprised if many other hosted services could survive such an incident.  Had I been awake and available from the beginning, I don't think there would have been much else I would have been able to do anyway.

But, in any case, I'm working on hardening the back end servers against a similar incident and adding even more redundancy to the block submission path out of Eligius's network.  Once the migration to our new data center is complete I'll even have a 4G LTE backup link available for this purpose.

TLDR:  There was a DDoS along with some data center network issues last night. All is well now.  No Eligius servers were compromised.

Greetings,

Eligius was subject to a rather complex (or possibly coincidental) set of DoS attacks in the early morning.  This resulted in a lot of fail-over to secondary networks and servers.  Logs show that mining connectivity was down for a grand total of about 45 seconds while this occurred.

Unfortunately there were some additional implications of the attacks which caused massive latency on the primary connections.

A full analysis is underway by myself and staff at our primary data center.  I'll post an update once I have a time line in order.

I'll note that no Eligius servers were compromised and everything is back to normal operation as of now.

no worries m8, no rush at all

It's ridiculous how one out-of-the-ordinary issue (not Eligius related) can set back my schedule so badly.  I went from having a good chunk of free time to work on some projects to being set back a couple of days worth of free time catching up on everything else.  *grumbles*

I'm going to do my best to squeeze in a few minutes to get my test servers online tonight.

no worries mind just sending me a pm when you do so i get an email and you didn't do it in vain, i typically dont check this forum too often.

Sorry, I've gotten held up with some issues unrelated to Eligius today, and I'm going to have to put off test server setup until tomorrow.

yeah even after just 10 mins on slush's pool at 16.4k min difficulty

https://imgur.com/80IOfGo

*starts to regret re-adding an NMC merged mining option...*

NMC payouts are done infrequently, manually, and basically amount to something like $0.05-$0.10 worth of NMC for most miners that do reach the NMC payout threshold (0.1NMC).

Bluntly, it's just not a priority, and I'll get to it eventually, I promise.  Even overpaying miners by using the lowest NMC difficulty since the last payout like I do, the actual value in NMC most miners end up with is still basically nothing.  It really is almost useless to bother these days, especially with NMC worth so much less than BTC and their difficulties not far off.


Thanks.  Give me a few hours to finish up some things I'm working on, and I'll get some stuff setup.

I like your pool and would like to mine at it if you could setup a test node i would really appreciate it maybe one at 16.4K and another at 32.8k?

NMC payout is manual and happens every few weeks. That's not much anyway, so don't hold your breath.

Eligius pays nmc? I do not receive any nmc.
Thank you

Well, still not a substantially long run, but honestly I have no idea what the issue is.  Nothing odd on the pool side, and others run S5+'s on Eligius without issues (which means the work difficulty isn't a factor).  So, very strange.  I really have no explanation.

I did try dropping the full coinbase transaction on the node your miner was connected to for a bit to see if maybe the large coinbase was causing a slow down (used to be a problem on some old ASIC hardware that caused issues with Eligius and p2pool), but doesn't appear to have made a difference.  With the coinbase transaction dropped to a 1tx coinbase you were literally mining work that would be the same as any other pool (besides p2pool).  So, I'm at a complete loss for what the issue would be.  I still have a feeling there is some misreporting happening somewhere.

Honestly, if you're *actually* getting more hash rate for some reason on another pool and being paid more based on that, by all means mine there.  No hard feelings here.  Makes no sense to me why there would be a difference, but hey, do what you have to do.  I really just have a feeling there is something weird at play with your hardware one way or another, but without actually tinkering with it I really don't know what the issue could be.

If you want to mess around with it anymore, tomorrow some time I can setup a test node just for you (you'll still get work credit and all) that has a higher default work difficulty.  That's really the only variable I can see different between the pools at this point, even though the normal difficulty settings work fine for everyone else.

I would also be curious to how you stats look on other pools besides antpool.

Also, I do appreciate the opportunity to help troubleshoot.

Not much point comparing it to p2pool since you are assuming the miner display is correct.

What you'd need to do is actually look at the pool display of what it accepted over the time period.
P2pool's stales will show that low anyway.

In cgminer I have the easy way to actually verify those numbers, my S1/S2/S3 versions display it on the web page, but it's easy to calculate.

I call it "GH/S(paid)"
It's simply the accepted shares over the elapsed time mining - which is what the pool will actually pay you no matter what numbers you see anywhere.

i.e. from the summary API it would: 2^32*"Difficulty Accepted"/"Elapsed"
would be your actual pool accepted hash rate (per second)
Of course divide it by 10^9 to get "GH/S(paid)"
Then as long as you are only getting Accepted shares from one pool, you know your performance on the pool.

Of course, yes you need to run it for quite a few hours to reduce variance.
12 should be enough

Indeed this is interesting, I think it would be useful to do at least 12-24 hours to see how the variance levels out.

For myself, I've found my 3 hour averages will swing a bit, but the 12 hour ones more closely track a local p2pool node (which is about as close to "I control everything" as it gets :-)

That looks interesting - would you mind to switch to another pool, Slush, for example, and post your results from this pool?

Yeah i get about 7,214.68 GH avg......1.56 TH less than on other pools

https://imgur.com/JMsXO7Q
https://imgur.com/1DbPGpW

Hey thanks for taking the time to look into it, my miner is overclocked from the stock freqs i was lucky and got a really good unit. The machined has mined for 30 days solid on antpool and i can assure you it averages 8.76TH.
Heres a picture http://imgur.com/lxc94q6


I have mined before on your pool, but i know for sure last time i tried your pool i switched back because of this   issue and i never bothered contacting you. ill move my miner over and post here again tommorow and you can have a look.

Thanks again i appreciate you taking the time to investigate.

Edit* the miner is now pointed at your pool and will be for the next bit so you can see what i mean with the low hash. (19yFw8qdYsfD4TJNZbeg3onHhifDfia8ks)

Interesting.  I just looked up your pool side stats for the worker in your image to get some data.

Your 7.7 Th/sec rated S5 Plus mined on Eligius for a total of 10 minutes 39 seconds in total submitting 1,161,728 difficulty 1 equivalent shares.  That comes out to 7,808,425,300,230 hashes per second, or 7.8 Th/sec, as seen by the pool for your worker in that time period.  This includes the time spent mining on difficulty 512 shares.

However, once your miner adjusted to difficulty 4096 (the appropriate difficulty to get meaningful stats for your machine) your average hash rate went up slightly.  You submitted 1,077,248 of those above shares in 9 minutes 37 seconds, or about 8 Th/sec over that time period.

So, basically your average hash rate was stabilizing, but you disconnected long before any meaningful stats could be realized... and interestingly took your screenshot 94 seconds earlier than your antpool screenshot, exaggerating this further (not saying this was on purpose).  Further, Eligius's share difficulty is lower, and thus results in more accurate stats over shorter periods.  I can pretty much guarantee your long term hash rate average at both pools would be much closer to your machine's rated 7.7 Th/sec.

Long story short:  10 minutes of stats are nearly useless.  Mine for at least a day on each pool and then let me know.  Pretty sure your results will be within a reasonable margin of error of each other (normal variance).  Variance over only 10 minutes with these high difficulty shares can be pretty high and skew stats by huge margins.  Even with that said, the results from your 10 minutes of mining on Eligius look completely normal for your hardware.

I'd like to mine at eleguis but your pool give me a very low hashrate.

Your pool only hands me out work with a difficulty of 4.1K and i get a hashrate of about 6.8TH

But on antpool that give me work from 16.4K to 32.8K diff i get about 8.76TH

See here:

http://imgur.com/a/SFaA2

I have slightly more time available than I did a few months ago, so using a lot of that for crossing some Eligius related items off of my mile-long TODO list.