Pools and Locked Accounts

[TimFChavez]

  We all know there are people trying to using logins/passwords from different pools trying to access other pools. Can one of the pool OP's create a script that emails the user the username/password that were being tried when the account gets locked? Or even email if there are failed attemps.  If I got the username/password they are trying I can look down at my password cheat sheet and tell you which server got breached since I use a different password for every account. It is no point to use different login names since the 'hacker' can login with your email address. So if we got sent the passwords they were trying it will point out where the fault lies and which pool the breach is coming from or if the pool OPs are scammers/cheats. Something to think about.

You can even make that a user option. 'Send password(s) on failed attempts'

Tim

[CoinPopper]

In the case of my pool (http://www.mxpool.com) we have a good antibruteforce system together with a good anti-injection checking.

So you wouldn't run into issues there.

However, there are pools using common software everywhere, which just put the users in risk.

Not saying problems can't happen, but the chances are relatively small with own software !