Author

Topic: [MOD EDIT: SCAM] [PPLNS] BTC Public Mining Pool (Read 2294 times)

legendary
Activity: 2483
Merit: 1482
-> morgen, ist heute, schon gestern <-
December 18, 2016, 10:49:30 AM
#19

Well i guess thats a stand up thing to do. its better then nothing so i appreciate your offer analpaper
and thank you philipma1957 for the suggestion.  lets see if he comes through. i sure could use it
Thank you very much

I am just curious about did he send you realy the 2 BTC?


legendary
Activity: 4634
Merit: 1851
Linux since 1997 RedHat 4
...
@bitsolutions: i do not wish to make use of your solutions.
Coz that would prove you are lying ...

i do not wish to chase nobody, and this issue already generated too much social interaction if you ask me.
for me the issue is permanently fixed (service down, miner compensated, poor maintenance warning), and i hope that at least chillfactr really feels compensated (enjoying today as another beautiful day).
btw feel free to leave the scam mark (im not looking for your approval).
You can check for yourself, your trust scam warning on your account does not include a rating from me.
I've lost nothing from this so the trust system doesn't deal with people making scam accusations, only those who lost BTC from you - in the case of chillfactr 10.5 BTC or (currently) about $7350 (assuming you send him 2 ...)
newbie
Activity: 36
Merit: 0
...
@bitsolutions: i do not wish to make use of your solutions.
Coz that would prove you are lying ...

i do not wish to chase nobody, and this issue already generated too much social interaction if you ask me.
for me the issue is permanently fixed (service down, miner compensated, poor maintenance warning), and i hope that at least chillfactr really feels compensated (enjoying today as another beautiful day).
btw feel free to leave the scam mark (im not looking for your approval).
legendary
Activity: 4634
Merit: 1851
Linux since 1997 RedHat 4
...
@bitsolutions: i do not wish to make use of your solutions.
Coz that would prove you are lying ...
newbie
Activity: 36
Merit: 0
btw kano, my ckpool repo was never deleted: https://github.com/ctubio/ckpool

if you mean the ckpool-1 repo at bitbucket, i created and deleted it for each pull request:
https://bitbucket.org/ckolivas/ckpool/pull-requests/?state=MERGED&author=ctubio
https://bitbucket.org/ckolivas/ckpool/pull-requests/?state=DECLINED&author=ctubio

but you are true saying that the pool was compromised for who knows what the fuck how long, you can imagine how much care i give to a pool with 0% fee and mininal statistics (yep, some ppl code just for fun).
newbie
Activity: 36
Merit: 0

Well i guess thats a stand up thing to do. its better then nothing so i appreciate your offer analpaper
and thank you philipma1957 for the suggestion.  lets see if he comes through. i sure could use it
Thank you very much

thank you for your agreement, please find soon the transaction confirmed in you wallet.
(i will not publish the tx id because you didnt published your btc addr above, feel free to let us know if you receive it)

about your suggestion to maintain the solo pool, if i ever recover the service (doubtfully action), i could provide you some access to kibana/grafana; but lets not discuss about it meanwhile the service remains down.

@bitsolutions: i do not wish to make use of your solutions.
full member
Activity: 637
Merit: 131

Well i guess thats a stand up thing to do. its better then nothing so i appreciate your offer analpaper
and thank you philipma1957 for the suggestion.  lets see if he comes through. i sure could use it
Thank you very much
newbie
Activity: 36
Merit: 0
so sad at least toss a coin or two at the guy you robbed.

Thank you philipma1957 thats what im talking about,   
Im just glad this POS cant scam another miner with the fake pool.

Thank you Kano for getting this kind of trash shut down even if its for a little bit!
Cheers!!!! Grin



you opened https://bitcointalksearch.org/topic/mod-edit-scam-solomining-pool-1675588 so i believe you are the affected miner who found a block.
please paste your btc address and i will follow philipma1957 suggestion and give you 2.
i think 2 is enough to demostrate that im not enjoying that nobody is begin sad and robbed (starting by myself, thats why give you 12.5 is not an option).

@kano: c'mon you are the expert, find a solution for miners to identify the remote hosts safely while blocking any suspicious connection, this is implemented in whatever other protocol out there. what is the interest in keeping this shit hackable? (btw you are true saying that mining-pool.io is not maintainted professionally, is just one of my weekend projects)
full member
Activity: 637
Merit: 131

Kano, thanks for keeping newbies and others aware of shady characters. Not that I would dream of moving from Kano.is, but some people could be taken in. As usual, good work!  Smiley

Yes, Thanks for the help shutting this scampool down Kano!
This would really suck if it kept going
 Cry
full member
Activity: 637
Merit: 131
so sad at least toss a coin or two at the guy you robbed.

Thank you philipma1957 thats what im talking about,   
Im just glad this POS cant scam another miner with the fake pool.

Thank you Kano for getting this kind of trash shut down even if its for a little bit!
Cheers!!!! Grin

legendary
Activity: 4634
Merit: 1851
Linux since 1997 RedHat 4

Kano, thanks for keeping newbies and others aware of shady characters. Not that I would dream of moving from Kano.is, but some people could be taken in. As usual, good work!  Smiley

yep, good work killing a non-profit pool asking for donations to local charity organizations (<< to who did/enjoyed it).

im not able to proof that im not a scammer, but shady is effectively incorrect. just browse the internets.

also, im going to maintain online the website (pool service is killed and warning texts displayed), just to keep the memory alive, you know, for newbies.

i would like to suggest to kano to add a config option in cgminer to each pool to set a expected string that the coinbase must cointain.
cgminer must disconnect as soon as it is missing the expected string, and pool operators could notice quick any hack soon after all miners left the pool at once.
doesn't seems so dificult to implement this easy security condition (if you really wanna help newbies/operators).
This is bullshit.
You have the code to the proxy in your git to do exactly what you are doing.
https://github.com/ctubio/php-proxy-stratum
Code:
php-proxy-stratum

ReactPHP stratum+tcp proxy between miners and pools with database and minimal web interface.

Used to demostrate how pools steal your hash by renaming worker names and redirecting the hashrate.

Used² to recommend you to mine only on trusted (self owned!) pools.

the creation of php-proxy-stratum was what make me think of having my own bitcoind/ckpool (a year ago)
i wanted to create a proxy for merge many miner connections into a signle conn to a pool but meanwhile i discovered how easily pools steal the hash of the miners with the agreement of authors of mining software.

you (mining software authors), simply need to allow miners to have 2 new config options:
- expected coinbase
- expected btc address

why this config options do now exists? and why mining software is not interested into validate this?

btw, im not able to explain wtf happened here. since effectively solo.mining-pool.io was compromised, i took a snapshot of the disk and killed with fire the running instance.
An expected coinbase and btc address are pointless for 2 reasons:

1) Although avalon would add the changes if we added them, bitmain would not.
We have made many changes and improvements in cgminer since 2013 that bitmain have completely ignored to their own detriment.
The miner running in bitmain devices still has well known problems for years that we fixed for their driver.

2) I have changed the coinbase 5 times on my pool and will again soon.
That would require every miner on my pool to change settings in every miner.
Enforcing such a requirement would effectively mean that no pool could ever change their coinbase.
If it was optional, then almost no one would ever look at the messages saying it changed - as happens with the majority of miners.

Basically what you are saying here, if the compromise story isn't a scam, is that you didn't bother to keep an eye on the pool at all and want to be able to blame someone else for that ... even though you have written your own code to actually deal with hacking exactly that.

... and although I consider craphash to be exactly that, crap, no one would be able to mine there if the coinbase/address was checked ... that's the exact security risk of the #extranonce command that is not in master cgminer due to the issue of being able to completely change the coinbase randomly at any time, that most miners think is ok that use hacked cgminers on craphash ...

---

As for being "compromised" ... why would someone even bother to do that?
You had a tiny, next to unknown, pair of pools: solo running your hacking code, and a normal pool running our ckpool+ckdb.
(... and I do wonder why you deleted your ckpool+ckdb git on 4-Nov ...)
Even I had no idea about the connection between the solo pool and the normal pool, so didn't realise what was going on at first when someone reported your scam.

Such a hack on the solo pool would make hardly anything per day.
Are you saying your solo pool ran for weeks in this scam mode and you didn't even realise it?
They even compromised it (at least) twice without you even knowing?
Once when your hack was set to mine as xinxan on FUPool and a second time later when it was set to mine as zhangjia90 on FUPool after the block was found?
Have you contacted FUPool to find out what was going on?
So when your solo pool did find a block, (even if it was for some other pool) why did you not say anything at all anywhere until we were asked by the block finder, days later, what was going on?

Your story seems to imply you are a fool and don't know what you are doing, and yet you have code you wrote (and last updated in March) that knows exactly how to do this scam.

As bitsolutions said above, give someone access to the snapshot.
If you aren't lying, then that could help confirm your unlikely and convenient story.
sr. member
Activity: 261
Merit: 257
the creation of php-proxy-stratum was what make me think of having my own bitcoind/ckpool (a year ago)
i wanted to create a proxy for merge many miner connections into a signle conn to a pool but meanwhile i discovered how easily pools steal the hash of the miners with the agreement of authors of mining software.

you (mining software authors), simply need to allow miners to have 2 new config options:
- expected coinbase
- expected btc address

why this config options do now exists? and why mining software is not interested into validate this?

btw, im not able to explain wtf happened here. since effectively solo.mining-pool.io was compromised, i took a snapshot of the disk and killed with fire the running instance.
Those options do actually exist but are essentially unused.
Patches for checking generation address exist for cgminer:
https://github.com/ckolivas/cgminer/pull/638
BFGMiner mainline supports it since 2014:
https://github.com/luke-jr/bfgminer/pull/551

I don't believe you about it being compromised but send me the snapshot and I'll do a forensic analysis.
legendary
Activity: 4326
Merit: 8950
'The right to privacy matters'
so sad at least toss a coin or two at the guy you robbed.
newbie
Activity: 36
Merit: 0

Kano, thanks for keeping newbies and others aware of shady characters. Not that I would dream of moving from Kano.is, but some people could be taken in. As usual, good work!  Smiley

yep, good work killing a non-profit pool asking for donations to local charity organizations (<< to who did/enjoyed it).

im not able to proof that im not a scammer, but shady is effectively incorrect. just browse the internets.

also, im going to maintain online the website (pool service is killed and warning texts displayed), just to keep the memory alive, you know, for newbies.

i would like to suggest to kano to add a config option in cgminer to each pool to set a expected string that the coinbase must cointain.
cgminer must disconnect as soon as it is missing the expected string, and pool operators could notice quick any hack soon after all miners left the pool at once.
doesn't seems so dificult to implement this easy security condition (if you really wanna help newbies/operators).
This is bullshit.
You have the code to the proxy in your git to do exactly what you are doing.
https://github.com/ctubio/php-proxy-stratum
Code:
php-proxy-stratum

ReactPHP stratum+tcp proxy between miners and pools with database and minimal web interface.

Used to demostrate how pools steal your hash by renaming worker names and redirecting the hashrate.

Used² to recommend you to mine only on trusted (self owned!) pools.

the creation of php-proxy-stratum was what make me think of having my own bitcoind/ckpool (a year ago)
i wanted to create a proxy for merge many miner connections into a signle conn to a pool but meanwhile i discovered how easily pools steal the hash of the miners with the agreement of authors of mining software.

you (mining software authors), simply need to allow miners to have 2 new config options:
- expected coinbase
- expected btc address

why this config options do now exists? and why mining software is not interested into validate this?

btw, im not able to explain wtf happened here. since effectively solo.mining-pool.io was compromised, i took a snapshot of the disk and killed with fire the running instance.
legendary
Activity: 4634
Merit: 1851
Linux since 1997 RedHat 4

Kano, thanks for keeping newbies and others aware of shady characters. Not that I would dream of moving from Kano.is, but some people could be taken in. As usual, good work!  Smiley

yep, good work killing a non-profit pool asking for donations to local charity organizations (<< to who did/enjoyed it).

im not able to proof that im not a scammer, but shady is effectively incorrect. just browse the internets.

also, im going to maintain online the website (pool service is killed and warning texts displayed), just to keep the memory alive, you know, for newbies.

i would like to suggest to kano to add a config option in cgminer to each pool to set a expected string that the coinbase must cointain.
cgminer must disconnect as soon as it is missing the expected string, and pool operators could notice quick any hack soon after all miners left the pool at once.
doesn't seems so dificult to implement this easy security condition (if you really wanna help newbies/operators).
This is bullshit.
You have the code to the proxy in your git to do exactly what you are doing.
https://github.com/ctubio/php-proxy-stratum
Code:
php-proxy-stratum

ReactPHP stratum+tcp proxy between miners and pools with database and minimal web interface.

Used to demostrate how pools steal your hash by renaming worker names and redirecting the hashrate.

Used² to recommend you to mine only on trusted (self owned!) pools.
newbie
Activity: 36
Merit: 0

Kano, thanks for keeping newbies and others aware of shady characters. Not that I would dream of moving from Kano.is, but some people could be taken in. As usual, good work!  Smiley

yep, good work killing a non-profit pool asking for donations to local charity organizations (<< to who did/enjoyed it).

im not able to proof that im not a scammer, but shady is effectively incorrect. just browse the internets.

also, im going to maintain online the website (pool service is killed and warning texts displayed), just to keep the memory alive, you know, for newbies.

i would like to suggest to kano to add a config option in cgminer to each pool to set a expected string that the coinbase must cointain.
cgminer must disconnect as soon as it is missing the expected string, and pool operators could notice quick any hack soon after all miners left the pool at once.
doesn't seems so dificult to implement this easy security condition (if you really wanna help newbies/operators).
hero member
Activity: 658
Merit: 500
Visualize whirledps

Kano, thanks for keeping newbies and others aware of shady characters. Not that I would dream of moving from Kano.is, but some people could be taken in. As usual, good work!  Smiley
legendary
Activity: 4634
Merit: 1851
Linux since 1997 RedHat 4
newbie
Activity: 36
Merit: 0
 SITE at https://btc.mining-pool.io/

  POOL at stratum+tcp://stratum.mining-pool.io:3333

   IRC at ircs://irc.domirc.net:6697/#mining-pool.io

README at https://en.bitcoin.it/wiki/BTC_Public_Mining_Pool

 BLOCK count
0

 TODAY is a beautiful day



(this pool is not professionally maintained [is more like a weekend project], see alternatives at https://bitcointalksearch.org/topic/btc-mining-pools-list-104664)
Jump to: