|
Taek (OP)
|
 |
June 27, 2016, 09:42:53 PM |
|
when I got my first block stolen a few days back I was mining over the internet
The attacker is able to continue stealing because they were able to get your wallet seed. The only way to protect your coins is to create a new wallet with a new seed and to transfer all of your old coins to that wallet. The weird thing is (PLEASE EXPLAIN THIS) is why the hacker transaction gets displayed with a red $ instead of a red heart in the GUI wallet?
You are using the old GUI, which has a few bugs with regards to the way it displays the transaction. I'm not sure why it distinguishes them that way, as the person who wrote our GUI is gone. My best advice is that you shouldn't use v0.5.2 GUI and instead stick to the command line. The v1.0.0 GUI will be out sometime tomorrow barring some major incident. ---------------------------- I cannot verify that your internal connection is secure. I know that miners using only localhost have not been having problems. If the attacker is able to get past your firewall in any way, that may be enough for them to get access to your wallet api. I am not sure. If you exposing your api port over anything other than localhost, you are putting yourself at risk. Some people know enough about network security to do this safely, but if you can't say with certainty that you know how to expose your api in a secure way, you should not be doing it. We're looking at ways to make things more secure out-of-the-box, but security is very difficult and it's not something we can clean up in just a few days. There are a few things we can do but a sufficiently good attacker has a lot of tools to break into an exposed api. Simply adding a password may not be sufficient, and there are some significant issues with implementing TLS into the api - namely, you need a way to give both sides a key, and simply using Diffie-Helman isn't good enough because you have to distinguish between an attacker and your own client. Websites don't have this issue because they have user accounts. On the bright side, a few miners have reported that the weird transactions listed in the v0.5.2 GUI were not actually stolen transactions. On the less bright side, miners who are CLI-only have reported stolen coins. Yours might be in the former category. |
|
|
|
|
andyatcrux
Legendary
 Offline
Activity: 938
Merit: 1000
|
|
June 28, 2016, 12:45:32 AM |
|
So basically you downloaded a malicious miner. Why not use the official miner and start a new wallet that has not been compromised? I have seen several posts here where it has been asked if the person used the "official" miner and the answer has either been a no or not answered at all. Very strange. |
|
|
|
|
|
bluehorseshoe
|
|
June 28, 2016, 04:19:04 AM |
|
If I want to create a farm machine is there a startup for dummies I can follow?
|
|
|
|
|
|
devlin
|
|
June 28, 2016, 05:37:03 AM |
|
Upgrade to v 1.0.0 is mandatory?
|
|
|
|
|
|
king_pin
|
|
June 28, 2016, 06:41:00 AM |
|
when I got my first block stolen a few days back I was mining over the internet
The attacker is able to continue stealing because they were able to get your wallet seed. The only way to protect your coins is to create a new wallet with a new seed and to transfer all of your old coins to that wallet. The weird thing is (PLEASE EXPLAIN THIS) is why the hacker transaction gets displayed with a red $ instead of a red heart in the GUI wallet?
You are using the old GUI, which has a few bugs with regards to the way it displays the transaction. I'm not sure why it distinguishes them that way, as the person who wrote our GUI is gone. My best advice is that you shouldn't use v0.5.2 GUI and instead stick to the command line. The v1.0.0 GUI will be out sometime tomorrow barring some major incident. ---------------------------- I cannot verify that your internal connection is secure. I know that miners using only localhost have not been having problems. If the attacker is able to get past your firewall in any way, that may be enough for them to get access to your wallet api. I am not sure. If you exposing your api port over anything other than localhost, you are putting yourself at risk. Some people know enough about network security to do this safely, but if you can't say with certainty that you know how to expose your api in a secure way, you should not be doing it. We're looking at ways to make things more secure out-of-the-box, but security is very difficult and it's not something we can clean up in just a few days. There are a few things we can do but a sufficiently good attacker has a lot of tools to break into an exposed api. Simply adding a password may not be sufficient, and there are some significant issues with implementing TLS into the api - namely, you need a way to give both sides a key, and simply using Diffie-Helman isn't good enough because you have to distinguish between an attacker and your own client. Websites don't have this issue because they have user accounts. On the bright side, a few miners have reported that the weird transactions listed in the v0.5.2 GUI were not actually stolen transactions. On the less bright side, miners who are CLI-only have reported stolen coins. Yours might be in the former category. As you probably later read I did create new installs of my wallet yet the attacked managed to get to them too. Maybe once compromised my local network remains vulnerable to the attacker IDK too. When I set my wallet to localhost I can only mine with the local rig, other rigs on the same network can not find the wallet on the rig that it is installed... IDK why I have to bind it to the physical local address 192.168...:port instead of localhost:port  Also I get different balances and transactions when running the same wallet on different computers and get some weird transactions of -0.03 SIA or 0.00 SIA even on not compromised wallets... wtf?  You should address those issues, basically your coin is not mineable except on localhost, when using SSL tuneling or when lucky. If I can be of any assistance (mainly with more info PM me) |
|
|
|
andyatcrux
Legendary
Offline
Activity: 938
Merit: 1000
|
|
June 28, 2016, 01:04:43 PM
Last edit: June 28, 2016, 01:15:42 PM by andyatcrux |
|
when I got my first block stolen a few days back I was mining over the internet
The attacker is able to continue stealing because they were able to get your wallet seed. The only way to protect your coins is to create a new wallet with a new seed and to transfer all of your old coins to that wallet. The weird thing is (PLEASE EXPLAIN THIS) is why the hacker transaction gets displayed with a red $ instead of a red heart in the GUI wallet?
You are using the old GUI, which has a few bugs with regards to the way it displays the transaction. I'm not sure why it distinguishes them that way, as the person who wrote our GUI is gone. My best advice is that you shouldn't use v0.5.2 GUI and instead stick to the command line. The v1.0.0 GUI will be out sometime tomorrow barring some major incident. ---------------------------- I cannot verify that your internal connection is secure. I know that miners using only localhost have not been having problems. If the attacker is able to get past your firewall in any way, that may be enough for them to get access to your wallet api. I am not sure. If you exposing your api port over anything other than localhost, you are putting yourself at risk. Some people know enough about network security to do this safely, but if you can't say with certainty that you know how to expose your api in a secure way, you should not be doing it. We're looking at ways to make things more secure out-of-the-box, but security is very difficult and it's not something we can clean up in just a few days. There are a few things we can do but a sufficiently good attacker has a lot of tools to break into an exposed api. Simply adding a password may not be sufficient, and there are some significant issues with implementing TLS into the api - namely, you need a way to give both sides a key, and simply using Diffie-Helman isn't good enough because you have to distinguish between an attacker and your own client. Websites don't have this issue because they have user accounts. On the bright side, a few miners have reported that the weird transactions listed in the v0.5.2 GUI were not actually stolen transactions. On the less bright side, miners who are CLI-only have reported stolen coins. Yours might be in the former category. As you probably later read I did create new installs of my wallet yet the attacked managed to get to them too. Maybe once compromised my local network remains vulnerable to the attacker IDK too. When I set my wallet to localhost I can only mine with the local rig, other rigs on the same network can not find the wallet on the rig that it is installed... IDK why I have to bind it to the physical local address 192.168...:port instead of localhost:port Also I get different balances and transactions when running the same wallet on different computers and get some weird transactions of -0.03 SIA or 0.00 SIA even on not compromised wallets... wtf? You should address those issues, basically your coin is not mineable except on localhost, when using SSL tuneling or when lucky. If I can be of any assistance (mainly with more info PM me) You are using the official miner software directly from Nebulous Labs github repo? Or did you compile the gominer yourself? What miner software are you specifically using? A lot of us have been mining SC for a year now with no loss of coins, so it is perplexing you are having this issue. There is of course plenty of malicious software out there that could compromise your system. Namely, untrusted binaries of the various available mining software. |
|
|
|
|
|
Palaxidon
|
|
June 28, 2016, 01:21:37 PM |
|
what is total supply of siacoin?
|
|
|
|
andyatcrux
Legendary
Offline
Activity: 938
Merit: 1000
|
|
June 28, 2016, 01:25:42 PM |
|
|
|
|
|
|
|
rakesh1_90
|
|
June 28, 2016, 01:44:21 PM |
|
when I got my first block stolen a few days back I was mining over the internet
The attacker is able to continue stealing because they were able to get your wallet seed. The only way to protect your coins is to create a new wallet with a new seed and to transfer all of your old coins to that wallet. The weird thing is (PLEASE EXPLAIN THIS) is why the hacker transaction gets displayed with a red $ instead of a red heart in the GUI wallet?
You are using the old GUI, which has a few bugs with regards to the way it displays the transaction. I'm not sure why it distinguishes them that way, as the person who wrote our GUI is gone. My best advice is that you shouldn't use v0.5.2 GUI and instead stick to the command line. The v1.0.0 GUI will be out sometime tomorrow barring some major incident. ---------------------------- I cannot verify that your internal connection is secure. I know that miners using only localhost have not been having problems. If the attacker is able to get past your firewall in any way, that may be enough for them to get access to your wallet api. I am not sure. If you exposing your api port over anything other than localhost, you are putting yourself at risk. Some people know enough about network security to do this safely, but if you can't say with certainty that you know how to expose your api in a secure way, you should not be doing it. We're looking at ways to make things more secure out-of-the-box, but security is very difficult and it's not something we can clean up in just a few days. There are a few things we can do but a sufficiently good attacker has a lot of tools to break into an exposed api. Simply adding a password may not be sufficient, and there are some significant issues with implementing TLS into the api - namely, you need a way to give both sides a key, and simply using Diffie-Helman isn't good enough because you have to distinguish between an attacker and your own client. Websites don't have this issue because they have user accounts. On the bright side, a few miners have reported that the weird transactions listed in the v0.5.2 GUI were not actually stolen transactions. On the less bright side, miners who are CLI-only have reported stolen coins. Yours might be in the former category. As you probably later read I did create new installs of my wallet yet the attacked managed to get to them too. Maybe once compromised my local network remains vulnerable to the attacker IDK too. When I set my wallet to localhost I can only mine with the local rig, other rigs on the same network can not find the wallet on the rig that it is installed... IDK why I have to bind it to the physical local address 192.168...:port instead of localhost:port Also I get different balances and transactions when running the same wallet on different computers and get some weird transactions of -0.03 SIA or 0.00 SIA even on not compromised wallets... wtf? You should address those issues, basically your coin is not mineable except on localhost, when using SSL tuneling or when lucky. If I can be of any assistance (mainly with more info PM me) You are using the official miner software directly from Nebulous Labs github repo? Or did you compile the gominer yourself? What miner software are you specifically using? A lot of us have been mining SC for a year now with no loss of coins, so it is perplexing you are having this issue. There is of course plenty of malicious software out there that could compromise your system. Namely, untrusted binaries of the various available mining software. +1 - no issues for me too. But i dont mind price plummeting, i need a bigger piece of the pie. |
|
|
|
|
|
google98
|
|
June 28, 2016, 01:59:40 PM |
|
Is there any ETA for v1.0? And has contact been made to cointelegraph and the likes? Just to spread this real quickly  |
|
|
|
|
|
mirny
Legendary
Offline
Activity: 1108
Merit: 1005
|
|
June 28, 2016, 03:43:17 PM |
|
After 12 hours of solo mining in the local network, Siad (Sia-UI-win32-x64-5.2)were such inscriptions negative currency not allowed , what this means?  |
This is my signature...
|
|
|
clovis A.
Legendary
Offline
Activity: 1206
Merit: 1000
|
|
June 28, 2016, 03:47:50 PM |
|
After 12 hours of solo mining in the local network, Siad (Sia-UI-win32-x64-5.2)were such inscriptions negative currency not allowed , what this means? I asked the same question in Slack this morning. Here's a quote from Taek which was posted yesterday in the #bugs channel taek [10:27 AM]
it's a problem with the hostdb. It's already fixed on master. I don't think it's in RC2 though |
.
|
| .
| .
|
| s i a
| .
|
| .
| .
|
| .
| .
|
| .
| .
|
| .
| .
|
| .
Cloud storage is about to change
Are you ready?
|
|
|
|
mirny
Legendary
Offline
Activity: 1108
Merit: 1005
|
|
June 28, 2016, 04:31:05 PM |
|
OK, thank you for explanation, we will see soon it it's really fixed.
|
This is my signature...
|
|
|
metropolit
Sr. Member
Offline
Activity: 308
Merit: 250
Lisk will be #1 alt in 2019.
|
|
June 28, 2016, 07:59:57 PM |
|
Really excited about this one!!
"Decentralized encrypted hosting, cheaper than google/amazon and everyone can provide the service and earn from extra HDD space".
This might be revolutionary i hope for Sia team success!
|
|
|
|
|
Amph
Legendary
Offline
Activity: 3206
Merit: 1069
|
|
June 28, 2016, 09:30:03 PM |
|
mining in solo with sia gpu miner result in 100% cpu utilization, after the second instance, i'm missing something maybe on how to mine with multiple gpu?
|
|
|
|
|
|
Riseman
|
|
June 28, 2016, 10:04:12 PM |
|
I don't know if it was already discussed. If you connect to siad remotely for mining you can protect your wallet by a proper firewall setup. You have to allow connections to port 9980 only from your local IP. This won't help if some malware uses your PC to connect to siad or if you share your IP with the attacker but these are highly unlikely scenarios.
Also in case you've been running siad with port 9980 exposed for some time you must create a new wallet after setting up firewall and move your coins there, if any.
|
|
|
|
|
|
|
|
kjadB
|
|
June 29, 2016, 01:19:35 AM |
|
are siafunds visible on any sia block explorers
|
|
|
|
|
|
rakesh1_90
|
|
June 29, 2016, 01:54:39 AM |
|
Finally seems wait is over.  |
|
|
|
|
|
