organofcorti
Donator
Legendary
 Offline
Activity: 2058
Merit: 1007
Poor impulse control.
|
 |
April 21, 2013, 04:30:05 AM |
|
IM BATMAN!
Compromised account? Might explain a number of things if a similar/same password was used for the coding he did. No just Wayno being Wayno In other news the police computer crime division only works Monday to Friday 9am -5pm, I'll call again during office hours Just as well computer crimes are only committed between Monday to Friday, 9 - 5. Not sure what we'd do if those criminals started keeping odd hours. |
|
|
|
Graet (OP)
VIP
Legendary
Offline
Activity: 980
Merit: 1001
|
|
April 21, 2013, 04:52:00 AM |
|
IM BATMAN!
Compromised account? Might explain a number of things if a similar/same password was used for the coding he did. No just Wayno being Wayno In other news the police computer crime division only works Monday to Friday 9am -5pm, I'll call again during office hours Just as well computer crimes are only committed between Monday to Friday, 9 - 5. Not sure what we'd do if those criminals started keeping odd hours. ROFL gotta try eh :/ Good news is server is ready to go back into colocation, it ill be in "maintainance mode" while we finish up some stuff and shares catch up. More news as it comes to hand Cheers Graet |
|
|
|
|
kaerf
|
|
April 21, 2013, 06:36:52 AM |
|
do you know how you were compromised? putting the same code back up might just let the hacker back in...
|
|
|
|
|
Graet (OP)
VIP
Legendary
Offline
Activity: 980
Merit: 1001
|
|
April 21, 2013, 07:01:24 AM |
|
do you know how you were compromised? putting the same code back up might just let the hacker back in...
yes we do...would be silly eh? |
|
|
|
zebedee
Donator
Hero Member
Offline
Activity: 668
Merit: 500
|
|
April 21, 2013, 09:19:52 AM |
|
do you know how you were compromised? putting the same code back up might just let the hacker back in...
yes we do...would be silly eh? Can you share what happened? Might be useful for others. |
|
|
|
|
kslavik
Sr. Member
Offline
Activity: 441
Merit: 250
GET IN - Smart Ticket Protocol - Live in market!
|
|
April 21, 2013, 02:37:14 PM |
|
Graet,
I'm very sorry for what happened, You run the great pool and I hope that your pool would survive for the sake of the bitcoin network.
Nevertheless: What do you use to store passwords inside the database. Is there a possibility that password hashes were compromised during the last break in? What algorithm do you use to store password hashes inside the database: SHA1, SHA256, do you use salt? I'm asking because many users are using the same password and username with many pools and online accounts.
Thank you
|
████
███ ███
████ ███
███ ███ ███
████ ███ ███
███ ███ ███ ███
████ ███ ███ ██
███ ███ █████████████████
███ ███ ███ ██
███ ███ ██ ██
███ ██████████ ███
███ ██████ ███
███ ██ ███
███ ███
███ ███
███ ███
████
| |
GUTS | | ███
███
███
███
███
███
███
███
███
███
███
███
███
███
| |
smart-ticket protocol for events
✔ live product with market traction! | | ███
███
███
███
███
███
███
███
███
███
███
███
███
███
| |
▶ BTC ANN
▶ WEBSITE
▶ BLOG
| |
▶ SANDBOX
▶ WHITEPAPER
▶ BOUNTY
| |
|
|
|
|
roomservice
|
|
April 21, 2013, 02:48:53 PM |
|
Graet,
I'm very sorry for what happened, You run the great pool and I hope that your pool would survive for the sake of the bitcoin network.
Nevertheless: What do you use to store passwords inside the database. Is there a possibility that password hashes were compromised during the last break in? What algorithm do you use to store password hashes inside the database: SHA1, SHA256, do you use salt? I'm asking because many users are using the same password and username with many pools and online accounts.
Thank you
ozcoin uses drupal 7 function user_hash_password: http://api.drupal.org/api/drupal/includes!password.inc/function/user_hash_password/7Drupal 7 use SHA512 by default with a salt. It runs the hash through PHP's hash function numerous times to increase the computation cost of generating a password's final hash (a security technique called stretching). |
"Tonight's the night. And it's going to happen again, and again. It has to happen. Nice night."
|
|
|
|
Inspector 2211
|
|
April 21, 2013, 05:36:49 PM |
|
do you know how you were compromised? putting the same code back up might just let the hacker back in...
yes we do...would be silly eh? So - pray tell! |
|
|
|
Graet (OP)
VIP
Legendary
Offline
Activity: 980
Merit: 1001
|
|
April 21, 2013, 09:00:35 PM |
|
Main server is back up but in "maintainance mode" Cached shares are being counted at the moment a bit more to do before we can make the site live getting close though  Best wishes Graet |
|
|
|
|
felente
|
|
April 22, 2013, 02:43:10 AM |
|
i'm not a regular miner at ozcoin but respect it and Graet - based on his posts at this forum.
it would be very pity to let this pool disappear. have just detached one miner from slush's and pointed to ozcoin as my solidarity. that's not too much hashes - just what i can afford to spend then...
do not give up
|
|
|
|
|
Graet (OP)
VIP
Legendary
Offline
Activity: 980
Merit: 1001
|
|
April 22, 2013, 07:23:46 AM |
|
Website back online webserver has had a clean install on new HDDs old HDDs still under forensic investigation The pool forum and some other drupal modules disabled - we are looking forward to a new front end soon Still some finishing up to do eustratum mining node was where the exploit started, code has been changed and that node is offline until reinstalled. I missed some emails during the downtime - if I have not responded, please resend, thanks Hopefully there will be more good news within 24hours I am amazed and even overwhelmed at times by the offers of help and the many ways people have contacted me with messages of support. Please know every one of you has made a difference, even if I have not been able to thank you personally. I feel humbled but more determined than ever to continue my involvement in Bitcoin, get Ozcoin back on a good footing and see where this amazing experiment takes us next Best wishes and thanks all Graeme |
|
|
|
arklan
Legendary
Offline
Activity: 1778
Merit: 1008
|
|
April 22, 2013, 07:25:59 AM |
|
in simple terms: YAY!
|
i don't post much, but this space for rent.
|
|
|
|
LazyOtto
|
|
April 22, 2013, 07:34:09 AM |
|
Website back online Not for me. https://ozcoin.net/Is there an incantation which should be used other than that? |
|
|
|
|
zero-asic
Member
Offline
Activity: 79
Merit: 10
|
|
April 22, 2013, 07:38:53 AM
Last edit: April 22, 2013, 07:49:51 AM by zero-asic |
|
Website back online Thank you for all your hard work Graet! I pointed my Avalons back at Ozcoin. I updated the firmware and cranked up the clock. They sit at ~140GHash/s. I'm sitting at number 2 on the Top 20 Chart. Can anyone knock me down?  Edit: I got knocked down! |
|
|
|
Graet (OP)
VIP
Legendary
Offline
Activity: 980
Merit: 1001
|
|
April 22, 2013, 08:17:58 AM |
|
Website back online Not for me. https://ozcoin.net/Is there an incantation which should be used other than that? Batman forgot to do the https:// fixing it right now and fixed |
|
|
|
|
LazyOtto
|
|
April 22, 2013, 08:30:30 AM |
|
I hit the site. And logged in.
Looks like you are back on-line.
Congratulations.
And my sincere best wishes.
-- edit
Looks like there's still cached shares / history to catch up with.
I show unconfirmed credits even though it is *way* past twenty hours since I submitted a share.
NP. Just FYI.
|
|
|
|
|
Mikej0h
Member
Offline
Activity: 117
Merit: 100
Life is short, play long
|
|
April 22, 2013, 08:47:02 AM |
|
Fantastic the pool is getting back up.
Hopefully you were able to tackle this issue, so this doesn't reoccur up.
I will change my miners back to your pool when I get back from work.
I noticed in the payout screen, the "unsuccessful payout" (to the hacker) is still listed as payout.
Is this going to be corrected/send out later again?
|
|
|
|
|
Graet (OP)
VIP
Legendary
Offline
Activity: 980
Merit: 1001
|
|
April 22, 2013, 09:33:48 AM |
|
I hit the site. And logged in.
Looks like you are back on-line.
Congratulations.
And my sincere best wishes.
-- edit
Looks like there's still cached shares / history to catch up with.
I show unconfirmed credits even though it is *way* past twenty hours since I submitted a share.
NP. Just FYI.
if you are on DGM you will be paid for several rounds after you stop mining, it is the "tail off" Fantastic the pool is getting back up.
Hopefully you were able to tackle this issue, so this doesn't reoccur up.
I will change my miners back to your pool when I get back from work.
I noticed in the payout screen, the "unsuccessful payout" (to the hacker) is still listed as payout.
Is this going to be corrected/send out later again?
I asked for this to be done before we went live will investigate what is going on :/ |
|
|
|
|
LazyOtto
|
|
April 22, 2013, 09:41:59 AM |
|
Looks like there's still cached shares / history to catch up with.
I show unconfirmed credits even though it is *way* past twenty hours since I submitted a share.
NP. Just FYI.
if you are on DGM you will be paid for several rounds after you stop mining, it is the "tail off" Yep, expect that. Here's some data. Just in case it is useful. If you wish / need, I'll PM you the account name. Although I doubt this is an anomaly specific to me. Just trying to help work through the transition effects. I don't think you would be out of line to suggest to just give it a day and see if it settles out. I'm merely reporting what I see now. "DGM Round Credit*: 0.00000982 BTC Unconfirmed Credit: 0.03981841 BTC" "232427 2013-04-19 14:56:14 1,490 0.00293916 0.00000000 0.00000197 Completed" |
|
|
|
|
Graet (OP)
VIP
Legendary
Offline
Activity: 980
Merit: 1001
|
|
April 22, 2013, 09:48:51 AM |
|
Looks like there's still cached shares / history to catch up with.
I show unconfirmed credits even though it is *way* past twenty hours since I submitted a share.
NP. Just FYI.
if you are on DGM you will be paid for several rounds after you stop mining, it is the "tail off" Yep, expect that. Here's some data. Just in case it is useful. If you wish / need, I'll PM you the account name. Although I doubt this is an anomaly specific to me. Just trying to help work through the transition effects. I don't think you would be out of line to suggest to just give it a day and see if it settles out. I'm merely reporting what I see now. "DGM Round Credit*: 0.00000982 BTC Unconfirmed Credit: 0.03981841 BTC" "232427 2013-04-19 14:56:14 1,490 0.00293916 0.00000000 0.00000197 Completed" cool, cheers |
|
|
|
|
