Mikellev



Offline



Activity: 308

Merit: 250









Sr. MemberActivity: 308Merit: 250 [MPOS] [Sratum]These stratum attacks have to stop ! Poolowners unite. January 26, 2014, 12:20:47 PM

Last edit: January 26, 2014, 05:13:04 PM by Mikellev #1 Ok,



maybe some of you MPOS / stratum pool-ops is also attacked recently and knows the problem.



Attacks come and go, as the attacker wants to sell you his solution in form of a app.

Price for poolerino.com was 80.000 Doge.



He wont sell the source just the compiled app, so we didnt buy it.



Edit: next attacker wants 200k doge..... see original mail below

Edit2: This time they aint using Tor. Some Bot net.



Type of attacks:



Using TOR Network random exit points, so blocking the IP is useless.

Sending thousand of wrong usernames to stratum so that stratum stresses the database to much and goes down.



Thank you for your support / help / ideas



Mike



ocminer



Offline



Activity: 2520

Merit: 1236









LegendaryActivity: 2520Merit: 1236 Re: [MPOS] [Sratum]These stratum attacks have to stop ! Poolowners unite. January 26, 2014, 12:43:56 PM #2 Hey Mike,



count me in, same problems here.



Done so far:



If a IP locks more than 2 accounts, it gets banned.

Using geoip database to block suspicious IPs from countrys like the Philippines and so on, probably does not help much because of TOR.

Added Re-Captcha's to sign-ups and logins. (done party, as I dont like this solution)

IP Banning in Stratum much faster than the defaults, I'm banning already after 5 seconds of sending "nonsense" - which works quite well.



What is planned:

Google Authenticator for all logins/payouts/adress changes/everything





Maybe we should start a Pool OP Forum for this - maybe even invite only, as the attackers read here too...

- FOLLOW us @ Twitter ! twitter.com/SuprnovaPools suprnova pools - reliable mining pools - #suprnova on freenet https://www.suprnova.cc - FOLLOW us @ Twitter ! twitter.com/SuprnovaPools

Mikellev



Offline



Activity: 308

Merit: 250









Sr. MemberActivity: 308Merit: 250 Re: [MPOS] [Sratum]These stratum attacks have to stop ! Poolowners unite. January 26, 2014, 02:31:44 PM #4 Quote from: ocminer on January 26, 2014, 12:43:56 PM Hey Mike,



count me in, same problems here.



Done so far:



If a IP locks more than 2 accounts, it gets banned.

Using geoip database to block suspicious IPs from countrys like the Philippines and so on, probably does not help much because of TOR.

Added Re-Captcha's to sign-ups and logins. (done party, as I dont like this solution)

IP Banning in Stratum much faster than the defaults, I'm banning already after 5 seconds of sending "nonsense" - which works quite well.



What is planned:

Google Authenticator for all logins/payouts/adress changes/everything





Maybe we should start a Pool OP Forum for this - maybe even invite only, as the attackers read here too...



Hey,



can you help us with your 2 accounts banned solution ? Sounds great , can you offer source for that ?



Thank you in advance!



Mike Hey,can you help us with your 2 accounts banned solution ? Sounds great , can you offer source for that ?Thank you in advance!Mike

Honourablequest



Offline



Activity: 149

Merit: 100







Full MemberActivity: 149Merit: 100 Re: [MPOS] [Sratum]These stratum attacks have to stop ! Poolowners unite. January 26, 2014, 02:59:51 PM #5



Its a sad day when people resort to unethical behaviour to get some dogecoin - they should earn it like the rest of us!









Keep up the good work to keep the pools working. Its a sad day when people resort to unethical behaviour to get some dogecoin - they should earn it like the rest of us!Keep up the good work to keep the pools working.

Mikellev



Offline



Activity: 308

Merit: 250









Sr. MemberActivity: 308Merit: 250 Re: [MPOS] [Sratum]These stratum attacks have to stop ! Poolowners unite. January 27, 2014, 04:10:32 PM #11



Until yesterday we got attacked by the famous "Zer0byte" team. Yes. We must be very important for them.



Then, yesterday, we got attacked by "Zetatron Networks", as you can see in the post b4.



but today, Zer0byte team (Im still wondering if these groups run around in superhero costumes..?!) send another mail:



Quote



Senders Email:



Subject: stratum attacks



Personal message:



Hello mike, my name is c3m0 from the Zer0byte team. I saw you crying @ c3m0 Sent you a messageSenders Email: stratum@poolers.com Subject: stratum attacksPersonal message:Hello mike, my name is c3m0 from the Zer0byte team. I saw you crying @ https://bitcointalk.org/index.php?topic=432997 Let me tell u something... All the attacks we made were just testing whats possible. The attacks were done by a single machine (dualcore/ 2GB RAM /tor upstream). Now we got a hole botnet with over 100.000 machines. Way enough power to take down the hole dogecoin network. Zer0byte team was the inventor of this stratum exploit and we got a lot more varieties that can take down every pool setup. Just droped 4 loadbalanced stratum servers on teamdoge.de with a single 6 year old machine in 30 sec. So girls of "poolowners unite" got a fair offer for you: You pay 500.000 Dogecoin and we will publish the fix for this vulnerability. Open source. Attacks will stop. Including a tutorial how to secure stratum with kernel modules. Pls post this to this buthurt bitcointalk thread... and answer me there... expect us! c3m0



Well, I just did mail them that Zetatron Networks was lot cheaper.



Can these guys pls get their stuff together and maybe reunite to some other cool name ? And now to the NEWS !Until yesterday we got attacked by the famous "Zer0byte" team. Yes. We must be very important for them.Then, yesterday, we got attacked by "Zetatron Networks", as you can see in the post b4.but today, Zer0byte team (Im still wondering if these groups run around in superhero costumes..?!) send another mail:Well, I just did mail them that Zetatron Networks was lot cheaper.Can these guys pls get their stuff together and maybe reunite to some other cool name ?