Topic: [LTC] Is the Litecoin network being attacked ? (Read 2905 times)
Well nothing was really fixed. The fix wemineltc published was NOT about "bad pool luck". There is still some huge problem on the network. Since some days our pool has very bad pool luck. I think this is somehow a LTC network issue. Wemineltc never published any fix for this case.
Does anyone know of the official confirmed patch besides the one offered by a user in the litecoin forum post about this?
Since it is a bug in the server side code for the stratum protocol, patches should come from the maintainer of the version you are using for your pool ...
Does anyone know of the official confirmed patch besides the one offered by a user in the litecoin forum post about this?
What?
No this has not stopped happening. It is still happening every other hour or every 3 hours.
The real average time per block is more like 20 minutes currently and is off by about 30%.
I think you care about taking people's money and blaming it on bad luck, DDOS, or other attack vectors. Still never got back the few hundred LTC from when you were siphoning hash power, i mean had a bug that didn't report correctly.
No this has not stopped happening. It is still happening every other hour or every 3 hours.
The real average time per block is more like 20 minutes currently and is off by about 30%.
I think you care about taking people's money and blaming it on bad luck, DDOS, or other attack vectors. Still never got back the few hundred LTC from when you were siphoning hash power, i mean had a bug that didn't report correctly.
We, at give-me-ltc do care! 
That problem was addressed and fixed. And as nothing to do (at least in this case) with a network attack.
Cheers.
That problem was addressed and fixed. And as nothing to do (at least in this case) with a network attack.
Cheers.
The pools are still hitting abnormaly large blocks. Est time is 13-15 mins and it ends up being 30, 40, 50 minutes every other hour at least.
There was even a 10,000,000 share block on give-me-ltc.
Mining seems at least 10% less profitable due to the extended block times and no one seems to notice or care.
There was even a 10,000,000 share block on give-me-ltc.
Mining seems at least 10% less profitable due to the extended block times and no one seems to notice or care.
The pools are still hitting abnormaly large blocks. Est time is 13-15 mins and it ends up being 30, 40, 50 minutes every other hour at least.
There was even a 10,000,000 share block on give-me-ltc.
Mining seems at least 10% less profitable due to the extended block times and no one seems to notice or care.
There was even a 10,000,000 share block on give-me-ltc.
Mining seems at least 10% less profitable due to the extended block times and no one seems to notice or care.
Am I incorrect in believing that this news is relevant to all other pools, regardless of which scrypt coin?
The issue was with the stratum code, not Litecoin. Some flawed code allowed a modified miner to submit fake shares. Being the nice guys they are, the LTC Devs found the issue and help close it. All pools using stratum would be affected.
That's how I understood it.
~BCX~
P.S. LTCMine and give-me-ltc didn't used this.
Am I incorrect in believing that this news is relevant to all other pools, regardless of which scrypt coin?
I was mining on netcodes pool and we had over 16 hours for a block so it wasn't just wemineltc. Everyone had very abnormal luck. Sometuing was going on with the network.
Just be sure to spread the word, pools without this fix WILL be exploited, and the real miners will loose coins.
Thanks for the update and great job wemineltc !
Quoting the thread on litecoin.org :
Quoting the thread on litecoin.org :
Quote
Things are getting back to normal on our pool. The recent rumors of supposed problems on the Litecoin network we believe were actually multiple clever attacks on pool servers, there was no instability in the Litecoin network itself. Thanks to help from the Litecoin core devs, especially pooler of litecoinpool.org, we have found and fixed a share verification vulnerability in the pool server stratum implementation.
The affected code is found here:
Code: [Select]
def diff_to_target(self, difficulty):
'''Converts difficulty to target'''
diff1 = 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000
return diff1 / difficulty
https://github.com/viperaus/stratum-mining/blob/master/lib/template_registry.py#L145
We don’t use this specific build but we had similar code for this part of the template_registry code.
We found new users as of a few days ago that had been using this exploit to cheat the pool and to steal coins from the legitimate miners. We have taken appropriate steps to stop this from happening again. We are attempting to inform all Litecoin pools of the exploit as we believe many pools who work off the same base code may be affected. Suspected fake miners were clocking at up to150MH/s for 3-4 days. We suspect more cheaters were involved over the past 3-4 days which could have been at least partially to blame for the pools bad luck.
During deployment of the fix, we logged changes in valid hash rates. The biggest detected confirmed cheater was Cryptopower who went from 30MH/s to 1MH/s (someone who also tried to bash our pool in forums), the payout address for this account is LYVLrqSQyrDYN1QqQz2icbsF1rbihSAEmK - they stopped mining altogether about 3 hours after all their shares were being rejected. There are other accounts who we suspect may have been cheating, but without knowing for 100% sure, it would be dangerous and unfair to publish their information in case they are actually innocent. We are continuing to analyze the logs to identify accounts that may have been involved.
If we get more info we will post in the news asap. You will notice things have gone back to normal after sorting this out.
The affected code is found here:
Code: [Select]
def diff_to_target(self, difficulty):
'''Converts difficulty to target'''
diff1 = 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000
return diff1 / difficulty
https://github.com/viperaus/stratum-mining/blob/master/lib/template_registry.py#L145
We don’t use this specific build but we had similar code for this part of the template_registry code.
We found new users as of a few days ago that had been using this exploit to cheat the pool and to steal coins from the legitimate miners. We have taken appropriate steps to stop this from happening again. We are attempting to inform all Litecoin pools of the exploit as we believe many pools who work off the same base code may be affected. Suspected fake miners were clocking at up to150MH/s for 3-4 days. We suspect more cheaters were involved over the past 3-4 days which could have been at least partially to blame for the pools bad luck.
During deployment of the fix, we logged changes in valid hash rates. The biggest detected confirmed cheater was Cryptopower who went from 30MH/s to 1MH/s (someone who also tried to bash our pool in forums), the payout address for this account is LYVLrqSQyrDYN1QqQz2icbsF1rbihSAEmK - they stopped mining altogether about 3 hours after all their shares were being rejected. There are other accounts who we suspect may have been cheating, but without knowing for 100% sure, it would be dangerous and unfair to publish their information in case they are actually innocent. We are continuing to analyze the logs to identify accounts that may have been involved.
If we get more info we will post in the news asap. You will notice things have gone back to normal after sorting this out.
Yeah something was up because I had an awful day mining and these pools are too big to have any real variance...
Just to make sure it gets known for all pools to fix.
www.Wemineltc.com has found and fixed the problems. They are working to fix other pools too.
https://forum.litecoin.net/index.php/topic,4002.0.html
Thx
www.Wemineltc.com has found and fixed the problems. They are working to fix other pools too.
https://forum.litecoin.net/index.php/topic,4002.0.html
Thx
Actually it looks like something might have happened. Smaller pools maybe just do not have active enough management to notice?
I logged into multiple pools and all seemed to have become very "unlucky" - finding blocks 25%-33% less than you would expect given their displayed hashrates - going through the explorer though it does not seem that the blocks were "stolen" - maybe someone has found a way to artificially slow the network again?
I logged into multiple pools and all seemed to have become very "unlucky" - finding blocks 25%-33% less than you would expect given their displayed hashrates - going through the explorer though it does not seem that the blocks were "stolen" - maybe someone has found a way to artificially slow the network again?
Alright that makes sense then. Still the whole issue in itself does not make sense, as nobody else than those two pools are posting news on this.
Namecheap is probably the second largest domain name registrar in the world, so not that coincidental. I use them too. And yes - they accept BTC.
Well it's quite a coincidence that both pools are registered by the same registrar?
Well, it's a registrar that accepts BTC payments. Not many of those exist. So it's not so surprising that 2 crypto-currency related domains are registered with a registrar that accepts the #1 crypto-currency.
Well it's quite a coincidence that both pools are registered by the same registrar?
And also both have the troubles?
Maybe it's just something to do with their ISP.
And also both have the troubles?
Maybe it's just something to do with their ISP.
Give-Me-LTC:
Quote
27/May/2013
You may have noticed extremely large blocks and round times over the past 24hours. This was due to multiple issues with finding blocks. This issue was affecting multiple pools for most of the day. We are still unsure of the cause but we have no reason to suspect it was due to issues on the litecoin network, will continue our investigations on this and give more information when we have it. So far things seem back to normal but we are keeping a firm eye on things.
If you are experiencing frequent disconnections contact us ASAP.
You may have noticed extremely large blocks and round times over the past 24hours. This was due to multiple issues with finding blocks. This issue was affecting multiple pools for most of the day. We are still unsure of the cause but we have no reason to suspect it was due to issues on the litecoin network, will continue our investigations on this and give more information when we have it. So far things seem back to normal but we are keeping a firm eye on things.
If you are experiencing frequent disconnections contact us ASAP.
wemineltc and givemeltc seem to be owned by the same person:
http://whois.domaintools.com/wemineltc.com
http://whois.domaintools.com/give-me-ltc.com
They aren't, from where are you drawing that conclusion? Whois guard is just a privacy feature Namecheap offers.
Give-Me-LTC:
Quote
27/May/2013
You may have noticed extremely large blocks and round times over the past 24hours. This was due to multiple issues with finding blocks. This issue was affecting multiple pools for most of the day. We are still unsure of the cause but we have no reason to suspect it was due to issues on the litecoin network, will continue our investigations on this and give more information when we have it. So far things seem back to normal but we are keeping a firm eye on things.
If you are experiencing frequent disconnections contact us ASAP.
You may have noticed extremely large blocks and round times over the past 24hours. This was due to multiple issues with finding blocks. This issue was affecting multiple pools for most of the day. We are still unsure of the cause but we have no reason to suspect it was due to issues on the litecoin network, will continue our investigations on this and give more information when we have it. So far things seem back to normal but we are keeping a firm eye on things.
If you are experiencing frequent disconnections contact us ASAP.
wemineltc and givemeltc seem to be owned by the same person:
http://whois.domaintools.com/wemineltc.com
http://whois.domaintools.com/give-me-ltc.com
Jump to: