Author

Topic: [POOL][Scrypt][Scrypt-N][X11] Profit switching pool - wafflepool.com - page 134. (Read 465769 times)

hero member
Activity: 630
Merit: 500
Someone needs to let the dev's of sgminer know also because I think I read somewhere that they are pulling from kalroth github ...
member
Activity: 112
Merit: 10
ummmmm  Payouts sent a while back and still have not showed up in my wallet...  Are our payments now being Hijacked?

Or is there just a delay?

Please run a re-index on your wallet, payments should be fine.

I have a web based Wallet and just looked through all the options and dont see an option to Re-Index..  Any other suggestions?  Up until just now, payments arrived in my wallet very fast..


p.s.  I even logged out of my wallet and back in..  Nothing..




Hopefully just a coincidence as I can look up and see the TxNid's on the site of my wallet.....  So I assume issue or delay on the side of the Web based Wallet..   I have emailed them..


Sorry but with everything going on right now, I am scared to even answer my front door..

 
newbie
Activity: 51
Merit: 0
just fired off an email to [email protected] about what is happening, he probably has a better understanding about what can be done to solve this redirect problem as he is actively developing his fork of cgminer ...
There's not much I can do other than disable the reconnect code, which several individuals already have done.
I'll do a quick update of my github and binaries soon enough.

From a quick glance, it looks like someone found a way to send a spoofed* JSON packet to stratum pools, which makes the pool send a redirect request to (some of?) its clients.
It does not look like it's a bug in the client software, merely an unfortunate feature.

* http://en.wikipedia.org/wiki/IP_address_spoofing
newbie
Activity: 31
Merit: 0

Returning false would make it break, and not read the next line with recv_line(pool), I don't know the code enough to guess if that means it would skip some valid stratum commands.

All in all I like your solution, gotta love opensource software, just because of situations like this.

You're right. In fact, I made it even simpler by just commenting out line 1686

Code:
//pool->stratum_url = pool->sockaddr_url;

This is the line that assigns the new pool url.
hero member
Activity: 630
Merit: 500
just fired off an email to kalroth gmail about what is happening, he probably has a better understanding about what can be done to solve this redirect problem as he is actively developing his fork of cgminer ...
legendary
Activity: 2072
Merit: 1001
You prob did not disable some auto donate check box in the software.... Prob perfectly normal.
newbie
Activity: 2
Merit: 0
Not using cgwatcher...we might have different problems. My username stayed the same.
member
Activity: 98
Merit: 10
OK I just got hijacked to, but there was a user name mining at hashco called milone, isnt that the name of the person running cgwatcher?  Is everyone who has been jacked running cgwatcher?  I dont even mine there either.



Milone is the guy who created CGRemote and CGWatcher.

Guess you guys are automatically donating to him. hahahaha


Some more info:

https://bitcointalksearch.org/topic/cgremote-hidden-donate-495295

Looks like he has a hidden donate.
newbie
Activity: 11
Merit: 0
OK I just got hijacked to, but there was a user name mining at hashco called milone, isnt that the name of the person running cgwatcher?  Is everyone who has been jacked running cgwatcher?  I dont even mine there either.

http://i51.photobucket.com/albums/f380/smorrow5773/hijack.jpg
member
Activity: 112
Merit: 10
ummmmm  Payouts sent a while back and still have not showed up in my wallet...  Are our payments now being Hijacked?

Or is there just a delay?

Please run a re-index on your wallet, payments should be fine.

I have a web based Wallet and just looked through all the options and dont see an option to Re-Index..  Any other suggestions?  Up until just now, payments arrived in my wallet very fast..


p.s.  I even logged out of my wallet and back in..  Nothing..

hero member
Activity: 630
Merit: 500
If you who know more than I do about coding and can provide a fix for the reconnect issue it would be a major feather in the hat for wafflepool and would probably draw a lot more miners to our pool Smiley
legendary
Activity: 2212
Merit: 1038
I'm on multipool.us and all 3 of my miners got hijacked and redirected to 190.97.165.179  Cry
newbie
Activity: 2
Merit: 0
If you're using cgminer, start it with 2>cgminer.log to enable logging to a file. I did this and found the following line in the log after two of my rigs were highjacked:

 [2014-03-23 11:34:15] Reconnect requested from pool 2 to 190.97.165.179:3333

If you've compiled your own cgminer source, you can disable the reconnect command. Open util.c and look for this around line 1668:

Code:
static bool parse_reconnect(struct pool *pool, json_t *val)
{
        char *url, *port, address[256];

Right below the opening curly bracket enter:

Code:
static bool parse_reconnect(struct pool *pool, json_t *val)
{
        return false;
        char *url, *port, address[256];

Recompile cgminer and re-run it. It should now ignore any client.reconnect messages from stratum.

Note: I'm still testing this out. This is fly-by-the-seat-of-my-pants work right now, so I'm not sure of the possible implications on how this might affect legit client.reconnect messages, although PW says wafflepool doesn't use this feature.



I just did this, on linux (sorry guy above me, I can't send you the binaries). CGminer works ok.  I only wander if it would be safer to do 'return true;' than 'return false;'.

The diffeence would be at auth_stratum method:

Code:
	/* Parse all data in the queue and anything left should be auth */
while (42) {
sret = recv_line(pool);
if (!sret)
return ret;
if (parse_method(pool, sret))
free(sret);
else
break;
}

Returning false would make it break, and not read the next line with recv_line(pool), I don't know the code enough to guess if that means it would skip some valid stratum commands.

All in all I like your solution, gotta love opensource software, just because of situations like this.
hero member
Activity: 630
Merit: 500
If you're using cgminer, start it with 2>cgminer.log to enable logging to a file. I did this and found the following line in the log after two of my rigs were highjacked:

 [2014-03-23 11:34:15] Reconnect requested from pool 2 to 190.97.165.179:3333

If you've compiled your own cgminer source, you can disable the reconnect command. Open util.c and look for this around line 1668:

Code:
static bool parse_reconnect(struct pool *pool, json_t *val)
{
        char *url, *port, address[256];

Right below the opening curly bracket enter:

Code:
static bool parse_reconnect(struct pool *pool, json_t *val)
{
        return false;
        char *url, *port, address[256];

Recompile cgminer and re-run it. It should now ignore any client.reconnect messages from stratum.

Note: I'm still testing this out. This is fly-by-the-seat-of-my-pants work right now, so I'm not sure of the possible implications on how this might affect legit client.reconnect messages, although PW says wafflepool doesn't use this feature.



Can someone compile a windows x86-64 binary for cgminer-kalroth with this fix in it and provide a link to binary please
sr. member
Activity: 322
Merit: 254
ummmmm  Payouts sent a while back and still have not showed up in my wallet...  Are our payments now being Hijacked?

Or is there just a delay?

Please run a re-index on your wallet, payments should be fine.
newbie
Activity: 31
Merit: 0
Interestingly enough, I don't have a pool 2 defined. I have uswest.poolwaffle.com and useast.poolwaffle.com as the only 2 pools defined (unless the log isn't zero-indexed for the pools - I haven't looked at that part of the code)
member
Activity: 84
Merit: 10
If you're using cgminer, start it with 2>cgminer.log to enable logging to a file. I did this and found the following line in the log after two of my rigs were highjacked:

 [2014-03-23 11:34:15] Reconnect requested from pool 2 to 190.97.165.179:3333


Which pool is pool 2 in your case?
member
Activity: 93
Merit: 10
mine as well 190.97.165.179 diff 1.02K, using tomato firmware on my router, thinking about adding my pfsense box to the mix.  I'm sure it's not a hack of my router or malware (not used for anything besides updating OS & mining) as my s1's & a rig using crypo slax v0.1 has been unaffected, mining on a different pool.

I blocked all communications of my rigs to all external network (Internet), except for:

eu.wafflepool.com 95.85.61.208
useast.wafflepool.com 162.243.89.19
uswest.wafflepool.com 192.241.211.125
litecoinpool.org 151.236.218.211 80.69.77.111
us.litecoinpool.org 142.4.202.112 107.170.24.54
us2.litecoinpool.org 192.214.197.116 198.251.80.29
us3.litecoinpool.org 107.170.24.54
us4.litecoinpool.org 198.251.80.29

There was one IP address I was not able to identify who it belongs to:
37.58.69.218-static.reverse.softlayer.com:3333 (ESTABLISHED)

It seems it's litecoinpools address - but was unsure so it got blocked.

Waffle -do something - as it seems a mass of hashrate is lost.
newbie
Activity: 31
Merit: 0
If you're using cgminer, start it with 2>cgminer.log to enable logging to a file. I did this and found the following line in the log after two of my rigs were highjacked:

 [2014-03-23 11:34:15] Reconnect requested from pool 2 to 190.97.165.179:3333

If you've compiled your own cgminer source, you can disable the reconnect command. Open util.c and look for this around line 1668:

Code:
static bool parse_reconnect(struct pool *pool, json_t *val)
{
        char *url, *port, address[256];

Right below the opening curly bracket enter:

Code:
static bool parse_reconnect(struct pool *pool, json_t *val)
{
        return false;
        char *url, *port, address[256];

Recompile cgminer and re-run it. It should now ignore any client.reconnect messages from stratum.

Note: I'm still testing this out. This is fly-by-the-seat-of-my-pants work right now, so I'm not sure of the possible implications on how this might affect legit client.reconnect messages, although PW says wafflepool doesn't use this feature.

member
Activity: 112
Merit: 10
ummmmm  Payouts sent a while back and still have not showed up in my wallet...  Are our payments now being Hijacked?

Or is there just a delay?


Jump to: