Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Pools
Re: [6600Th] Eligius: 0% Fee BTC, 105% PPS NMC, No registration, CPPSRB (New Thread)
by
azdarknet
on 26/04/2014, 05:05:20 UTC
Quote from: eleuthria on April 26, 2014, 02:31:00 AM
Quote from: organofcorti on April 26, 2014, 02:26:17 AM
Quote from: Luke-Jr on April 26, 2014, 01:41:12 AM
Quote from: organofcorti on April 26, 2014, 01:11:25 AM
Quote from: Luke-Jr on April 25, 2014, 08:09:37 PM
Everyone, please check your miner is actually connected to Eligius.
It seems there are some MITM attacks going on to redirect Eligius miners to another pool Sad
Do you know which pool, or at least an IP address? It'd be interesting to try and tie the pool-in-the-middle to a reused generation address.
Redirected clients show "Connected to 46.28.205.80..." in the miner.
This seems to be a scrypt "Worldcoin" mining server, and it seems likely they are just automatically MITM'ing any stratum connections they can inject into, regardless of the destination pool.


So it's not just you but a number of different pools that all have the same problem? Or is it a stratum problem that is pool agnostic?

It's definitely a localized problem.  I've yet to see a single report of it on BTC Guild.  It *did* happen to ScryptGuild at the same time as CleverMining a few months back, but the number of users affected was so low I believe it was local malware.  If it's some kind of ARP poisoning to intercept the traffic, that's possible (ScryptGuild is run out of OVH, while BTC Guild is not run in a shitty datacenter like that).

It is not a stratum bug, that much is absolutely certain (there's no way to relay messages to an independent stratum connection).  It is using a stratum method (client.reconnect) to perform the attack though, and make it so once the connection does have the message injected (how that's done I still have no damn clue), the client connects directly to "evilserver.com".

Geee thanks for letting us know how awesome BTC Guild is!