Spike in Rejected shares/Problem connecting to servers

edited February 2014 in Pool Status

Hello all!


During the past hours some of you have noticed an increase in the rejected shares number and some even have problems connecting to our LTC stratum servers.
During that time the number of clients in our LTC servers as gone to 3x more, due to a botnet clearly used to "choke" our connections. 

We have implemented a security "fix" that it's creating an auto ban to all IP address used by this botnet (aprox. 15K different IP addresses on each server). 

If you still have problems connecting to ltc.give-me-coins.com/ltc-eu.give-me-coins.com I suggest you switch temporarly to vip.give-me-coins.com (ports 80/443/3333/3334)

Comments

  • edited February 2014

    What is the port # for the vip.give-me-coins.com server? That would really help guys. sheesh Are you new at this?

  • I missed the ports because we always use the same group of ports.


    I added them to original post.
  • Thank you khos.

  • All server going back to normal number of connections. Only change to vip.give-me-coins.com if having problems.

  • edited February 2014

    It seems that (at least one of) the ways they're trying to escape detection is by using 50 or so accounts.  It can be seen using the block explorer; dozens of small payouts going to the same wallet address.  Is the same payment address allowed to be used for multiple accounts?

  • Currently it is allowed. But even if I block it, it will be really easy to create a bunch of address and change them.


    Cheers.

  • edited February 2014

    Nvm

  • So this is going to drop the rejects down to 2 percent or under again hopefully?

  • Not for me, so?

  • Currently we have no issues on server. In case you still have problems with high rejects/stales, just check your configurations. 


    Cheers.

  • Okay, but It did not happened before the problem with the servers. Very strange...

  • same configuration since 24.January but now i having 9.44% reject!!
    Changing to vip server...
    This is a great pool. Dont wanna live

  • woke up this morning with this issue on one rig,  switched and back up will monitor close today.

  • only changing to vip server, rejects drop down from 9.44% to 2.5% in the last 7 hours!

  • same here .. I got 8.17% rejected ... can u fix this?

  • edited February 2014

    I still have not tried to change the working ltc.give-me-coins.com ltc-eu.give-me-coins.com vip.give-me-coins.com ports and I did not connect, my ip 93.84.88.238/

     [2014-02-17 17:46:55] Press any key to exit, or cgminer will try again in 15s.
     [2014-02-17 17:48:01] Pool 0 slow/down or URL or credentials invalid
     [2014-02-17 17:48:10] No servers were found that could be used to get work from
  • I can't connect to ltc-eu and vip, both ports 3333 and 3334.

  • I also can't connect to the ltc-eu and vip servers at the moment my ip is 81.168.73.116

    Any help greatly appreciated.

  • ltc.give-me-coins.com:3333 seems to work


  • ltc.give-me-coins.com:3333  and ltc.give-me-coins.com:3334 work, ltc-eu.give-me-coins.com not work

  • well, not anymore it seems :(

  • Seems fixed for me many thanks :)

  • How long can I ''temporarily'' stay on vip?

  • Until further notice you are welcome to use vip/mega. Looks like there's a second wave of the attack.

  • Thank you khaos

  • Thanks even thought this post is from Feb. 04 the issues is still around... anyway I have pointed all my miners toward the vip address and the rejected shares down instantly. 

  • It's a new wave of attacks targeting all pools. Wr had simillar reports from other pool admins.

  • Any idea who is causing this?

  • Well one thing I notice is my hashrate average is rising with the switch to the VIP pool so means less rejects equals to a higher hashrate average. 

  • my invalid still 58,99% my total hash rate 500 KH/s

  • Almost 60% of invalid is hardly a pool problem. Did you check your configuration?


  • is this still affecting the servers? the rejected raio is still abnormally high on my rigs. not to mention it took nearly 3 hours to find a single block on the LTC side. that's 10x the typical time frame,

  • Could filtering by MAC address prevent DDOS attacks?  The seems to be what's being suggested as the type of attack; if so, that seems like the easiest way to stop the attacks.  The pool attacks seem to occur when the LTC mining difficulty is relatively low.  The MAC 'authentication' would require some setup but would have to be less work on the firewall than any sort of dynamic system.

  • MAC filtering is not a solution for this kind of attacks. MAC addresses are visible only in the same logical network segment. 

    But filtering is not the answer, because a typical DDoS attack will throw at least a couple of Gbps to your servers, and even if you are able to filter it using a firewall, your network will be full of unwanted data and will slowdown all other connections.

  • Point taken.  Seems like more packets than say, iptbles, could sift through in real-time.  Not knowing your setup, one 'fall-back' solution that would permit 'allowed-addresses/spaces' would be a local VPN server.  But even that would just be on more thing that would need protection.  I suppose the days of bot-nets being using primarily for spam are now 'the good old days' and the increasing number of 'connected' devices being rushed to market, plus the end of XP support, will only provide more potential DOS proxies.

    Obviously I hadn't given it much thought but now I'm inclined to side with your way of thinking.  It's gonna get worse before it gets better and the only real tools in the meantime are BGP and vigilance.  Every rose...

  • Newb alert!

    Just checking.

    I have 3 machines, each with an Antminer U1 on it, and 3 workers.  I can only log in on worker 1 ( the original 1 ) as the other 2 show as ready on-site but cannot be logged into using the mining clients.  Is this the problem with servers?

    Also, I apparently have done no work at all.  Which seems kinda strange.  Again, is this the servers?

  • Try restart your servers and see if they normalize. If not, please open a support ticket so we can work it out.


    Cheers.

Sign In or Register to comment.