• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

Possible Malicious Front End on Github

Propulsion

The buck stops here.
(title to get clicks)
So my p2pool node has not sent a fee payout to my address in over three days. The only thing I've changed is the front end to a differnet theme.
https://github.com/justino/p2pool-ui-punchy
That should not affect the payout address in any way whatsoever though. It just seems odd that a pool with over 350MH/s has not sent one single fee. Now I'm thinking that it is not bad luck but possibly malicious code from the frontend which I have since removed.
Here is the p2pool in question: p2pool.darkcointalk.org Reverted back to old theme.
Here is the fee address: Xn71EFztHqAeCnGZvkipWh6rsV2q3YKFUT Has not received a payout since 2014-6-7 19:46:55
 
I have this UI as optional installed on my p2pool node.

I haven't seen a node payment in 7 days and I get 50-200 MH/s on my node!

Still, I can't imagine how the UI will cause this.
 
I was mining p2pool.darkcointalk.org for 3 days about a week and a half ago and never received any payouts, even though the miner was accepting shares and everything looked fine in the p2pool stats. I wonder if it's related.
 
I have this UI as optional installed on my p2pool node.

I haven't seen a node payment in 7 days and I get 50-200 MH/s on my node!

Still, I can't imagine how the UI will cause this.
Looking over the code on Github. Nothing is jumping out.
plambe Have you received a payout since installing that frontend?

raze Wasn't installed a week ago. What was your hashrate? You need to have accepted shares to receive a payout.
 
Last edited by a moderator:
plambe I'm going to wipe the p2pool source entirely. If the fee payout address starts receiving payments again, it's safe to say that there is malicious code in that repository.

Edit: ok done, lets see what happens.
Code:
retracted:/p2pool-drk/data/darkcoin$ grep "Xn71EFztHqAeCnGZvkipWh6rsV2q3YKFUT" log
2014-06-10 20:34:10.795384     ...success! Payout address: Xn71EFztHqAeCnGZvkipWh6rsV2q3YKFUT
 
Last edited by a moderator:
raze Wasn't installed a week ago. What was your hashrate? You need to have accepted shares to receive a payout.
~500-600 kh/s, low DOA %. I got quite a few accepted shares, at least according to my miner. I was mining for about 5 days total. First two days I got two payouts, the last one on May 27th. After that they stopped.
 
Not sure why you would not receive a payout if you were mining 24/7 with accepted shares. I've nuked the entire directory so I'm unable to check the logs.
 
I installed this UI on the 26th of May, though I published a link to it on my main p2pool web interface some time later - check my node to see how I installed (i.e. provided a link to) many UIs side by side. I had payments every day during the period 27th May - 3rd June and none since.
 
Yup. Before that I had similar large periods without luck.

I haven't yet made an actual calculation to see if it's consistent with luck. If that's not it I would think that the fee isn't calculated correctly (probably because it's less than 1%, idk) because of the previous dry periods.

Reading your thread gives me something to consider, however I doubt the UI is responsible. I also checked its code hastily and couldn't find anything malicious.
 
From what I've seen in other UIs, they only poll for data using javascript and visualize it using html and css, i.e. you could say (simplifying) they are read-only.

Interestingly, the suspected UI has a php file, which in contrast to the above is executed on the web-server side. I checked it - it seems it's not executed, but served raw when accessed from a browser, as I would have expected on a machine without php installed :)

EDIT: besides, p2pool's web-server is created by twisted afaik, so adding support for php would be an effort I doubt anyone has gone through.
 
plambe I've just recieved a payout after wiping out the p2pool directory and getting rid of that interface.
Transaction ID: 193c3a45e9efd0d31c71e64249c0a130819debdd96c2fa5112da5566638a8ad2
Coincidence?
 
I calculated how much I should be getting and how much I actually got in 15 days - about 15 times less than the expected. This is either cosmically bad luck or some issue.
Well, I deleted the suspected UI and the data dir about 8 hours ago. Still no payment.
 
plambe, I originally wiped only the frontend directory. Still did not receive a payout for a day. It was not until I did a fresh git clone that i started receiving fee's once again 4 hours later. My pool is back to normal now.
 
I renamed the old dir on Wednesday evening and got a fresh git clone. Still no payments.
Code:
$ ls -al | grep p2p
drwxr-xr-x 14 user user     4096 Jun 10 19:38 old-p2pool-drk
drwxr-xr-x 12 user user     4096 Jun 11 23:13 p2pool-drk

I'm using my own repo, but the difference compared to dstorm's is only two lines: https://github.com/plambe/p2pool-drk/commits/master, one gives me the worker name when the pool gives new work and the second fixes a stratum protocol incompatibility, stratum clients expect "result: true" or "result: false" while they were getting "result: null" when authorizing.
 
Last edited by a moderator:
I've always had intermittent luck with pool fees. At one time someone told me that the fee percentage isn't a flat percentage of everything mined, that it is actually a percentage chance to get a fee from any particular block or miner. I have little experience with python, so I don't know if this is true or not. It might be something to look at, though. I'd be interested to know if that was true or if that was just a misinterpretation.

One question: plambe, I see that your repository was updated to deal with the new masternode payment system. Is that ready to go now (i.e. can I plan on cloning your repository on the 20th)?
 
Back
Top