Possible Malicious Front End on Github

Propulsion

The buck stops here.
Feb 26, 2014
1,008
468
183
Dash Address
XerHCGryyfZttUc6mnuRY3FNJzU1Jm9u5L
(title to get clicks)
So my p2pool node has not sent a fee payout to my address in over three days. The only thing I've changed is the front end to a differnet theme.
https://github.com/justino/p2pool-ui-punchy
That should not affect the payout address in any way whatsoever though. It just seems odd that a pool with over 350MH/s has not sent one single fee. Now I'm thinking that it is not bad luck but possibly malicious code from the frontend which I have since removed.
Here is the p2pool in question: p2pool.darkcointalk.org Reverted back to old theme.
Here is the fee address: Xn71EFztHqAeCnGZvkipWh6rsV2q3YKFUT Has not received a payout since 2014-6-7 19:46:55
 

plambe

New Member
May 23, 2014
36
2
8
I have this UI as optional installed on my p2pool node.

I haven't seen a node payment in 7 days and I get 50-200 MH/s on my node!

Still, I can't imagine how the UI will cause this.
 

raze

King of the Morlocks
Foundation Member
Masternode Owner/Operator
Mar 9, 2014
337
372
233
Dash Address
Xtrdw361DvoyDhxL5XoeAvTxTPvM4dXuLW
I was mining p2pool.darkcointalk.org for 3 days about a week and a half ago and never received any payouts, even though the miner was accepting shares and everything looked fine in the p2pool stats. I wonder if it's related.
 

Propulsion

The buck stops here.
Feb 26, 2014
1,008
468
183
Dash Address
XerHCGryyfZttUc6mnuRY3FNJzU1Jm9u5L
I have this UI as optional installed on my p2pool node.

I haven't seen a node payment in 7 days and I get 50-200 MH/s on my node!

Still, I can't imagine how the UI will cause this.
Looking over the code on Github. Nothing is jumping out.
plambe Have you received a payout since installing that frontend?

raze Wasn't installed a week ago. What was your hashrate? You need to have accepted shares to receive a payout.
 
Last edited by a moderator:

Propulsion

The buck stops here.
Feb 26, 2014
1,008
468
183
Dash Address
XerHCGryyfZttUc6mnuRY3FNJzU1Jm9u5L
plambe I'm going to wipe the p2pool source entirely. If the fee payout address starts receiving payments again, it's safe to say that there is malicious code in that repository.

Edit: ok done, lets see what happens.
Code:
retracted:/p2pool-drk/data/darkcoin$ grep "Xn71EFztHqAeCnGZvkipWh6rsV2q3YKFUT" log
2014-06-10 20:34:10.795384     ...success! Payout address: Xn71EFztHqAeCnGZvkipWh6rsV2q3YKFUT
 
Last edited by a moderator:

raze

King of the Morlocks
Foundation Member
Masternode Owner/Operator
Mar 9, 2014
337
372
233
Dash Address
Xtrdw361DvoyDhxL5XoeAvTxTPvM4dXuLW
raze Wasn't installed a week ago. What was your hashrate? You need to have accepted shares to receive a payout.
~500-600 kh/s, low DOA %. I got quite a few accepted shares, at least according to my miner. I was mining for about 5 days total. First two days I got two payouts, the last one on May 27th. After that they stopped.
 

Propulsion

The buck stops here.
Feb 26, 2014
1,008
468
183
Dash Address
XerHCGryyfZttUc6mnuRY3FNJzU1Jm9u5L
Not sure why you would not receive a payout if you were mining 24/7 with accepted shares. I've nuked the entire directory so I'm unable to check the logs.
 

plambe

New Member
May 23, 2014
36
2
8
I installed this UI on the 26th of May, though I published a link to it on my main p2pool web interface some time later - check my node to see how I installed (i.e. provided a link to) many UIs side by side. I had payments every day during the period 27th May - 3rd June and none since.
 

Propulsion

The buck stops here.
Feb 26, 2014
1,008
468
183
Dash Address
XerHCGryyfZttUc6mnuRY3FNJzU1Jm9u5L
That's a whole week. Are you attributing it to bad luck?
 

plambe

New Member
May 23, 2014
36
2
8
Yup. Before that I had similar large periods without luck.

I haven't yet made an actual calculation to see if it's consistent with luck. If that's not it I would think that the fee isn't calculated correctly (probably because it's less than 1%, idk) because of the previous dry periods.

Reading your thread gives me something to consider, however I doubt the UI is responsible. I also checked its code hastily and couldn't find anything malicious.
 

plambe

New Member
May 23, 2014
36
2
8
From what I've seen in other UIs, they only poll for data using javascript and visualize it using html and css, i.e. you could say (simplifying) they are read-only.

Interestingly, the suspected UI has a php file, which in contrast to the above is executed on the web-server side. I checked it - it seems it's not executed, but served raw when accessed from a browser, as I would have expected on a machine without php installed :)

EDIT: besides, p2pool's web-server is created by twisted afaik, so adding support for php would be an effort I doubt anyone has gone through.
 

Propulsion

The buck stops here.
Feb 26, 2014
1,008
468
183
Dash Address
XerHCGryyfZttUc6mnuRY3FNJzU1Jm9u5L
plambe I've just recieved a payout after wiping out the p2pool directory and getting rid of that interface.
Transaction ID: 193c3a45e9efd0d31c71e64249c0a130819debdd96c2fa5112da5566638a8ad2
Coincidence?
 

plambe

New Member
May 23, 2014
36
2
8
I calculated how much I should be getting and how much I actually got in 15 days - about 15 times less than the expected. This is either cosmically bad luck or some issue.
Well, I deleted the suspected UI and the data dir about 8 hours ago. Still no payment.
 

Propulsion

The buck stops here.
Feb 26, 2014
1,008
468
183
Dash Address
XerHCGryyfZttUc6mnuRY3FNJzU1Jm9u5L
plambe, I originally wiped only the frontend directory. Still did not receive a payout for a day. It was not until I did a fresh git clone that i started receiving fee's once again 4 hours later. My pool is back to normal now.
 

Propulsion

The buck stops here.
Feb 26, 2014
1,008
468
183
Dash Address
XerHCGryyfZttUc6mnuRY3FNJzU1Jm9u5L
Still no fee payments for my node...
Did you wipe the old one completely and start fresh? Mine looked like this:
Code:
new/p2pool-drk <-- new and using
/p2pool-drk <--wiped
 

plambe

New Member
May 23, 2014
36
2
8
I renamed the old dir on Wednesday evening and got a fresh git clone. Still no payments.
Code:
$ ls -al | grep p2p
drwxr-xr-x 14 user user     4096 Jun 10 19:38 old-p2pool-drk
drwxr-xr-x 12 user user     4096 Jun 11 23:13 p2pool-drk
I'm using my own repo, but the difference compared to dstorm's is only two lines: https://github.com/plambe/p2pool-drk/commits/master, one gives me the worker name when the pool gives new work and the second fixes a stratum protocol incompatibility, stratum clients expect "result: true" or "result: false" while they were getting "result: null" when authorizing.
 
Last edited by a moderator:

HammerHedd

Member
Mar 10, 2014
182
34
88
I've always had intermittent luck with pool fees. At one time someone told me that the fee percentage isn't a flat percentage of everything mined, that it is actually a percentage chance to get a fee from any particular block or miner. I have little experience with python, so I don't know if this is true or not. It might be something to look at, though. I'd be interested to know if that was true or if that was just a misinterpretation.

One question: plambe, I see that your repository was updated to deal with the new masternode payment system. Is that ready to go now (i.e. can I plan on cloning your repository on the 20th)?
 

plambe

New Member
May 23, 2014
36
2
8
HammerHead, you are correct about the way p2pool fees are calculated. Not that I've seen the code, but from what I've read the idea is that each share submitted by workers has x% chance to be considered created by the p2pool owner, where x is the fee percentage. My p2pool node makes (roughly) about 163 shares (no DOA or orphaned in this number) in 60 hours. My fee is 0.4%, 1/0.004=250, IDK how to explain my calculation, but basically it means my p2pool node has a 50% chance to get a share once out of every 125 submitted shares (I think, correct me if I'm wrong). Therefore, once for every 45 hours I have a 50% chance to get paid p2pool fee. I haven't been paid in 11 days=264 hours (which is almost 6*45=270), this means that if it's pure luck, it had ((0.5**6)*100=) 1.5625% chance of happening, not astronomically low. I have never studied probability theory, so feel free to correct me. My calculations are wrong.

About the repo - I would suggest you use vertoe's because his is already announced and I consider it "the official repo". He also merged everything (basically two-three lines) I had added.
 
Last edited by a moderator:

vertoe

Three of Nine
Mar 28, 2014
2,573
1,652
1,283
Unimatrix Zero One
About the repo - I would suggest you use vertoe's because his is already announced and I consider it "the official repo". He also merged everything (basically two-three lines) I had added.
I still prefer to use dstorm's as "official", cause he is more capable of maintaining the code, but if he does not show up i will take over. I prepared the repository to make sure we have a working p2pool for the next hard fork.
 

plambe

New Member
May 23, 2014
36
2
8
FYI: I have my first p2pool node payment since the 3rd!

BTW if someone doesn't know that from elsewhere, dstorm's p2pool repository is up to date and should work without stopping for the fork.
 

Propulsion

The buck stops here.
Feb 26, 2014
1,008
468
183
Dash Address
XerHCGryyfZttUc6mnuRY3FNJzU1Jm9u5L
FYI: I have my first p2pool node payment since the 3rd!
BTW if someone doesn't know that from elsewhere, dstorm's p2pool repository is up to date and should work without stopping for the fork.
Wow! Your patience is amazing.
How are you handling the memory management if you don't mind me asking?
I'm using 5gb of ram for one node at the moment but even that gets run over and requires a manual restart.
 

plambe

New Member
May 23, 2014
36
2
8
Rebooting when needed and I have 32 GB of RAM (16 of them for the p2pool VM atm) that have nothing better to be used for. Using a swap area doesn't seem to work IMO (at least in a VM), when I'm nearing full physical memory getblocktemplate latency deteriorates badly, so it's time for reboot.

Also, I'm tinkering with the code, I even read a book (well, half tbh) about python to better understand it and to find ways to find the memory leak - it's totally outside my usual IT competence so I'm not bored by that yet.

Moreover, I have a Windows Server VM installed only for p2pool (with the same fee address), so I'm redirecting the p2pool ports to it when necessary.

EDIT: One more thing, I found p2pool is the most cost efficient way to mine, so I need a p2pool node anyway, then - why not make it public with a fee? I really want to increase it (from 0.4% to 1%) not so much for the money, but mostly to see whether I will get more steady payments, i.e. to test the tech, but I'm not doing it for the moment, because I announced another number in this forum.
 
Last edited by a moderator:

Propulsion

The buck stops here.
Feb 26, 2014
1,008
468
183
Dash Address
XerHCGryyfZttUc6mnuRY3FNJzU1Jm9u5L
Oddly enough, my server is using a lot more memory after switching to dstorms repo. Something added between then and chaeplins will be the largest culprit I think.

Here is my p2pool fee address. As you can see, it is almost always reliably consistent. This is with a 1% fee.
 

f0ad

New Member
Jul 16, 2014
1
3
3
I'm the author of the UI in question.
It seems you guys have figured out by now that it in NOT my UI.
Plambe is correct, the UI is read only. It polls the p2pool server for data and displays it in an easier to read format. It cannot touch anything related to payments.
The php file that was mentioned is for use when you are running the p2pool server on one machine, and the UI on a different machine. Since the UI works via web calls, it can run anywhere, it just needs tiny bit of help when talking cross-domain.

It's unfortunate that you guys tried to use the UI at the same time as the p2pool server code was busted.