Author

Topic: [POOL][Scrypt][Scrypt-N][X11] Profit switching pool - wafflepool.com - page 128. (Read 465769 times)

hero member
Activity: 693
Merit: 500
So....

did anyone investigate the possibility that the API for pool manipulation was being abused?  If can modify peoples pool settings to create a pool with specific settings and then switch to that pool - which probably points at an http URL which then sends the stratum reconnect command to point to whatever the wallet address is at the time...

this, in theory could be done via javascript in your browser, miner monitoring software, malware, etc.  

this tactic seems much easier than a large-scale man in the middle attack.

anyone whose miner is currently redirected and is running the curses interface, hit "S" for settings, then hit "W" for write.  Write it out to some config file and view it.  If it has more information in it than you put into it, post it here for people to evaluate.
full member
Activity: 168
Merit: 100
If anyone has packet captures of work packets sent after their client was hijacked, could you post or send them? I'd be curious to see what they were mining. If it's DOGE, I'm also set up to extract the payout address from the coinbase parameters. A packet should look like this (I think this was an old packet capture from Clevermining):

Code:
{"id":null,"method":"mining.notify","params":["3a61","34d9b767ab5f9e4270ca11e6f823da99af2b6da089d7cb21490c3cce4831ac63","01000000010000000000000000000000000000000000000000000000000000000000000000ffffffff2703780702062f503253482f0436221c5308","0d2f6e6f64655374726174756d2f0000000001241b6d23db1200001976a914312f0edfb1647e2f9ddbc6a0faacf3c3c8d1d21588ac00000000",["e8c40423f1291090ace9ac3a88469cf61561ad9b0f06de877f9309b846264b9b","446dea3005104d328824ae1d93b6b26d6c18c69ed6cf3d5aa8a585eeebea534a","032c4da808bf500177768605095431ee58b2773e6397db02e93eae0db86952a4","d5e6cc3bc5dc96786f97cf42a07dff996ac4b9e572844300a0065c719d9ef186","5d7d235e26d856e1bb70ea2b669fa50b6ecf3256fc26ff0ac52d2ea2de4f5c08","2ab06ed0f757226b38213aeeaca5281d013f38259cc22ae04721ab35534d83fe","f66308601f97700e503e8cea31e8d1b57f34530054a222b4bb6f99015fd462a3"],"00000002","1b33c012","531c2247",true]}

I had set up packet capture on the outside of my firewall, and was dying to get a client.reconnect message and a connection to a rogue server followed by mining.notify messages, but I never received one.  If you happen to track one down, please do share what you find here as I will be reading!

It would be great to find a miner who was keeping share logs AND actually solved a block, as then we could trace it to a wallet address, perhaps seeing how much they were able to siphon and where it might ultimately have ended up.
newbie
Activity: 7
Merit: 2
If anyone has packet captures of work packets sent after their client was hijacked, could you post or send them? I'd be curious to see what they were mining. If it's DOGE, I'm also set up to extract the payout address from the coinbase parameters. A packet should look like this (I think this was an old packet capture from Clevermining):

Code:
{"id":null,"method":"mining.notify","params":["3a61","34d9b767ab5f9e4270ca11e6f823da99af2b6da089d7cb21490c3cce4831ac63","01000000010000000000000000000000000000000000000000000000000000000000000000ffffffff2703780702062f503253482f0436221c5308","0d2f6e6f64655374726174756d2f0000000001241b6d23db1200001976a914312f0edfb1647e2f9ddbc6a0faacf3c3c8d1d21588ac00000000",["e8c40423f1291090ace9ac3a88469cf61561ad9b0f06de877f9309b846264b9b","446dea3005104d328824ae1d93b6b26d6c18c69ed6cf3d5aa8a585eeebea534a","032c4da808bf500177768605095431ee58b2773e6397db02e93eae0db86952a4","d5e6cc3bc5dc96786f97cf42a07dff996ac4b9e572844300a0065c719d9ef186","5d7d235e26d856e1bb70ea2b669fa50b6ecf3256fc26ff0ac52d2ea2de4f5c08","2ab06ed0f757226b38213aeeaca5281d013f38259cc22ae04721ab35534d83fe","f66308601f97700e503e8cea31e8d1b57f34530054a222b4bb6f99015fd462a3"],"00000002","1b33c012","531c2247",true]}
full member
Activity: 168
Merit: 100
Still, this sucks, my place is ice cold. Damn winter came back right when the DDOS started and kept my rig from heating, it's a conspiracy I tell you, and they're out to kill me.

You deserve to freeze if you couldn't be bothered with a failover! Wink

Hey, I had 3 failovers configured! Unfortunately those were the other 3 WP servers Tongue And of course now that I bothered to set up a 5th pool mining LTC the EU pool is back up, I'm just plain bad luck. EDIT: And down again. Up, and down and up, and down and up, and down and up - and down. Wasn't there some trashy song in the 90s about this?

Multipools falling like flies, coincidentally at the same time as others on this forum announced they'd take them (and lots of other stuff) down. How mysterious.

Kalroth cgminer for sure and sgminer I think have a configurable delay for how long to wait before returning back to a failed server that is back up again -- just in case you are bouncing around and don't like it happening.
newbie
Activity: 51
Merit: 0
Still, this sucks, my place is ice cold. Damn winter came back right when the DDOS started and kept my rig from heating, it's a conspiracy I tell you, and they're out to kill me.

You deserve to freeze if you couldn't be bothered with a failover! Wink

Hey, I had 3 failovers configured! Unfortunately those were the other 3 WP servers Tongue And of course now that I bothered to set up a 5th pool mining LTC the EU pool is back up, I'm just plain bad luck. EDIT: And down again. Up, and down and up, and down and up, and down and up - and down. Wasn't there some trashy song in the 90s about this?

Multipools falling like flies, coincidentally at the same time as others on this forum announced they'd take them (and lots of other stuff) down. How mysterious.
legendary
Activity: 3654
Merit: 8909
https://bpip.org
Seems to be back up...

And down again....

Sad

LPC

My wafflepool stats are showing ~5% of the actual hashrate, which suggests that my rigs might be connecting to it briefly, and then falling back to other pools. Can't access cgminer logs right now to verify though.
full member
Activity: 129
Merit: 100
legendary
Activity: 3654
Merit: 8909
https://bpip.org
Seems to be back up...
hero member
Activity: 700
Merit: 500
Wafflepool : 0.00364643
DogeCoin : 0.00658029

Wafflepool = GOOD FOR HARDWARE BUT BIG IDIOT FOR PROFIT !
There is no way that Dogecoin profit figure is accurate. You will NOT earn that much from a Doge pool.

As for WafflePool, it is being DDOSed and we aren't finding any blocks, so of course the.profitability figure is falling.
hero member
Activity: 679
Merit: 507
Wafflepool : 0.00364643
DogeCoin : 0.00658029

Wafflepool = GOOD FOR HARDWARE BUT BIG IDIOT FOR PROFIT !
hero member
Activity: 630
Merit: 500
Still, this sucks, my place is ice cold. Damn winter came back right when the DDOS started and kept my rig from heating, it's a conspiracy I tell you, and they're out to kill me.

You deserve to freeze if you couldn't be bothered with a failover! Wink
sr. member
Activity: 560
Merit: 250
any news???/ when pool will be ok
newbie
Activity: 51
Merit: 0
Still, this sucks, my place is ice cold. Damn winter came back right when the DDOS started and kept my rig from heating, it's a conspiracy I tell you, and they're out to kill me.
full member
Activity: 168
Merit: 100
The price really does matter on how many different IPs he wishes to protect and any other custom services.
The more regional servers you have the more it will cost. But once again Prolexic offers quotes based on what
the customer wants and you can dicker with them a bit. Essentially 1200 dollars for an IP or two is what it will
take money wise to get your foot in the door. 3-5 regional servers? double/triple it.

You're just talking about the mechanic of offering a security product. In reality, the product is worth as much as, or at least proportional to value of assets it protects.

In this case, WP should calculate what is a loss since there are no miners and act accordingly.

And again, it is difficult to hand out the money when the pool is small (and there is no plenty of miners). But the pool was huge and handing out such an amount of money is not a problem.

Unless someone thinks - that DDOS attack will go away someday. Miners, too.

Another important consideration is that wafflepool is really only thought of as huge because it usually hosts one huge miner who contributes 20-25GH/s of the pool's total hashpower of 35GH/s, give or take.  And that huge miner has shown that he is willing to actively move that power around to wherever it best suits him at the moment.  It complicates the decision.
member
Activity: 93
Merit: 10
The price really does matter on how many different IPs he wishes to protect and any other custom services.
The more regional servers you have the more it will cost. But once again Prolexic offers quotes based on what
the customer wants and you can dicker with them a bit. Essentially 1200 dollars for an IP or two is what it will
take money wise to get your foot in the door. 3-5 regional servers? double/triple it.

You're just talking about the mechanic of offering a security product. In reality, the product is worth as much as, or at least proportional to value of assets it protects.

In this case, WP should calculate what is a loss since there are no miners and act accordingly.

And again, it is difficult to hand out the money when the pool is small (and there is no plenty of miners). But the pool was huge and handing out such an amount of money is not a problem.

Unless someone thinks - that DDOS attack will go away someday. Miners, too.
legendary
Activity: 2072
Merit: 1001
May I suggest Prolexic?

as a previous pool operator waffle will have to choke up 1000-3000K per month for proper DDOS protection.
Cloudflare was a joke. I tried it. Prolexic, which I got a quote and never went through with, appears to be better.

Thanks for the numbers.  They're actually not as high as I thought they would be, but still high enough to raise pool fees.

I have four backup pools configured, and the ones with the lower fees are generally first on my list, provided they have a good operator and a proven track record of payout per hashrate  (which many people around here know I prefer to refer to as BTC/MHD!)


The price really does matter on how many different IPs he wishes to protect and any other custom services.
The more regional servers you have the more it will cost. But once again Prolexic offers quotes based on what
the customer wants and you can dicker with them a bit. Essentially 1200 dollars for an IP or two is what it will
take money wise to get your foot in the door. 3-5 regional servers? double/triple it.
full member
Activity: 168
Merit: 100
May I suggest Prolexic?

as a previous pool operator waffle will have to choke up 1000-3000K per month for proper DDOS protection.
Cloudflare was a joke. I tried it. Prolexic, which I got a quote and never went through with, appears to be better.

Thanks for the numbers.  They're actually not as high as I thought they would be, but still high enough to raise pool fees.

I have four backup pools configured, and the ones with the lower fees are generally first on my list, provided they have a good operator and a proven track record of payout per hashrate  (which many people around here know I prefer to refer to as BTC/MHD!)
legendary
Activity: 2072
Merit: 1001
May I suggest Prolexic?

as a previous pool operator waffle will have to choke up 1000-3000K per month for proper DDOS protection.
Cloudflare was a joke. I tried it. Prolexic, which I got a quote and never went through with, appears to be better.
full member
Activity: 168
Merit: 100
People ddos for many reasons, this is likely a competitor trying to drive miners away from waffle. They probably figure if they frustrate the miners enough, then they will jump ship. This used to be a very common tactic when doge was beginning to get super popular...

Or most likely - the global hash rate increases - thus pushing profits down. If someone mines at the right pool (not necessary a profit switching one) - everyone else is in shit, but the smart guy mines some extra profits.

I expect DDOSes will continue to be executed.
Yeah, unless PW add some protection.

I don't think that the ddos would stop if poolwaffle put on a condom.  For one, how would the attackers even know?

All joking aside, most ddos attackers eventually get bored and move onto another target.  ddos protection services often cost a lot of money, and poolwaffle would likely have to raise fees significantly in order to employ them.  And that would send many miners elsewhere too.  Wafflepool is a good pool with a good operator and this situation is only temporary and mining software can automatically switch to backup pools for when these attacks do occur.
newbie
Activity: 16
Merit: 0
May I suggest Prolexic?
Jump to: