node-stratum-pool icon indicating copy to clipboard operation
node-stratum-pool copied to clipboard
verified publisher icon zone117x

Add bad-auth flood attack detection to IP banning feature

Open thunderwolf66102 opened this issue 11 years ago • 0 comments

Hello,

I have been testing NOMP/stratum-pool coming from python stratum-mining and do not see any immediate way I can catch an incoming flood of bad auths. With stratum-mining I can catch it in the logs with fail2ban which then automatically adds an appropriate iptables rule.

from a fail2ban config file for stratum

#2014-01-27 09:10:36,081 DEBUG DB_Mysql # Checking username/password for xxx.xxx
#2014-01-27 09:10:36,082 INFO DBInterface # Authentication for xxx.xxx failed
#2014-01-27 09:10:36,082 INFO mining # Worker is not authorized: IP xxx.xxx.xxx.xxx
#
#new stratum
failregex = Failed worker authorization: IP <HOST>
            Failed message: .*? from <HOST>

So fail2ban simply tails the log and looks for certain strings. Even if this was put to stdout I could use it with forever and redirect it to an appropriate log file.

And as I was DoSed with a flood of bad auths this would be important to have :)

Does an issue need to be opened for NOMP as well?

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

thunderwolf66102 avatar Apr 07 '14 10:04 thunderwolf66102