Bitcoin Forum
October 01, 2016, 03:26:50 PM *
News: Due to DDoS attacks, there may be periodic downtime.
 
   Home   Help Search Donate Login Register  
Poll
Question: What type of pool payouts do you prefer?
Bitcoins - 3152 (80.4%)
Bank transfer / USD - 407 (10.4%)
Gold/silver coins and bars - 359 (9.2%)
Total Voters: 3916

Pages: « 1 ... 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 [332] 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 ... 1104 »
  Print  
Author Topic: [40+ PH] SlushPool (slushpool.com); World's First Mining Pool  (Read 3859891 times)
roukkie
Jr. Member
*
Offline Offline

Activity: 30



View Profile
April 23, 2013, 10:59:28 PM
 #6621

also here miners dont work...

Feel free to download http://freakshare.com/files/p74pwi6m/guides---the-bittorrent-bible-1.1--19926-.pdf.html
1475335610
Hero Member
*
Offline Offline

Posts: 1475335610

View Profile Personal Message (Offline)

Ignore
1475335610
Reply with quote  #2

1475335610
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1475335610
Hero Member
*
Offline Offline

Posts: 1475335610

View Profile Personal Message (Offline)

Ignore
1475335610
Reply with quote  #2

1475335610
Report to moderator
1475335610
Hero Member
*
Offline Offline

Posts: 1475335610

View Profile Personal Message (Offline)

Ignore
1475335610
Reply with quote  #2

1475335610
Report to moderator
nottm28
Hero Member
*****
Offline Offline

Activity: 574



View Profile
April 23, 2013, 11:01:39 PM
 #6622

It's almost as if they think he's somehow got coins stored on his computer or something...?

Could just be a problem with amazon EC2 switch - just checked my ec2 cloud servers - runinng OK - this looks like another (boring achieve nothing) DDoS to me

donations not accepted
roukkie
Jr. Member
*
Offline Offline

Activity: 30



View Profile
April 23, 2013, 11:09:58 PM
 #6623

but why the site up???

Feel free to download http://freakshare.com/files/p74pwi6m/guides---the-bittorrent-bible-1.1--19926-.pdf.html
nottm28
Hero Member
*****
Offline Offline

Activity: 574



View Profile
April 23, 2013, 11:14:07 PM
 #6624

but why the site up???

Is it? Press F5 refresh - site is down I think

donations not accepted
roukkie
Jr. Member
*
Offline Offline

Activity: 30



View Profile
April 23, 2013, 11:17:29 PM
 #6625

but why the site up???

Is it? Press F5 refresh - site is down I think


its down for maintenance,but if was ddos we wouldnt get an error???

Feel free to download http://freakshare.com/files/p74pwi6m/guides---the-bittorrent-bible-1.1--19926-.pdf.html
slush
Legendary
*
Offline Offline

Activity: 1358



View Profile WWW
April 23, 2013, 11:19:03 PM
 #6626

The pool has been hacked. Fortunately I noticed it fast enough, so I made database snapshot seconds before attackers overtake the database machine. I lost some amount of bitcoins, but I'll be able to recover it from my pocket. For now I'm evaluating what's next to do, because all machines in OVH has been compromised and they cannot be trusted anymore.

Full story:
Today at 3pm UTC I noticed that somebody succesfully resetted the password to OVH manager, the place where servers can be managed, restarted to rescue mode etc. I promptly resetted the password at OVH to something different and I also changed password on my email account and checked that there're no other active connections to my mailbox. I have to say that my mailbox is secured by OTP passwords and I take physical security very seriously, so nobody other had an access to my mailbox. I known that password-reset feature is quite popular attack vector, so I made everything possible to prevent it to happen.

By changing the password at OVH, all other sessions using the old credentials are automatically kicked from the Manager. I also cross-checked that nothing wrong happen to the servers at this time. Unfortunately I didn't find a way how the attackers got access to Manager, so I asked OVH support to provide some additional information and restrict Manager access to my IP range.

That's no surprise that OVH didn't respond to this ticket for hours, but at 11pm UTC I realized that there's another succesful password reset at OVH. This is complete mystery to me, because I'm aboslutely sure that nobody else had access to my mailbox and the email with reset link has been untouched (unread, not deleted). I'd say that attacker won't bother by changing status of the email to "unread", but he'd delete the email instead.

This time I realized that the attacker resetted the machine with the wallet to rescue mode, which means that I lost the control to this machine. I was still succesful by logging into the database and I took the snapshot of database and transferred it to safe location. Few seconds since the migration finished, attackers restarted all remaining machines to rescue mode.

So far it looks like yet another inside job, like Linode two years ago. Or attackers found some shortcut how to gain access to Manager without confirming the request from the email. I don't know what's worse option. I'll investigate this issue in detail later and I hope OVH won't close eyes to this.

I can recover the pool to the normal operation tomorrow.

Edit 01:38 UTC: Stratum servers are running on safe servers at Amazon. Mining works for now. I'll setup new database and webserver on trusted machines in few hours, so the pool will be back in full operation.

Edit 25.04.2013: Bitcoin-central.net which is also hosted at OVH has been hacked today using the same method as described above. It confirms my theory that it was inside job/security issue at OVH and my email wasn't compromised at all.

zif33rs
Full Member
***
Offline Offline

Activity: 196



View Profile
April 23, 2013, 11:21:52 PM
 #6627

OFMG  Embarrassed

New to bitcoin? Want to mine? Not sure where to start out?
Check out www.hostedmining.com
Donations and Tips  btc - 1MkjKHpZbSaRepeYaAcmRMcqt8o3HKQCF   ltc  - LNz48TP8MZmke38qbZD5gXi53KrktbJG7V  ftc  - 6iDt92cyDvxXkrDhCzMh4zEmK1b9PqShs4
nottm28
Hero Member
*****
Offline Offline

Activity: 574



View Profile
April 23, 2013, 11:22:32 PM
 #6628

but why the site up???

Is it? Press F5 refresh - site is down I think


its down for maintenance,but if was ddos we wouldnt get an error???

If it was DDoS - the tw*ts would be attacking the pool not the web site - so you may see the website work but your miners not mining - both are down (for me) so I think it's probably DDoS - but it could just be down to teething problems with amazon EC2 switch...

donations not accepted
solitude
Hero Member
*****
Offline Offline

Activity: 677


View Profile
April 23, 2013, 11:24:27 PM
 #6629

So none of our earned bitcoins will be lost?

Hardly anyone speaks English on this forum.
slush
Legendary
*
Offline Offline

Activity: 1358



View Profile WWW
April 23, 2013, 11:25:07 PM
 #6630

So none of our earned bitcoins will be lost?

Ack.

NoWhammies
Member
**
Offline Offline

Activity: 62



View Profile
April 23, 2013, 11:27:28 PM
 #6631

 Cheesy Slush, you are a God. I'm surprised I even have permission to -reply- in a thread created by the great one.
slush
Legendary
*
Offline Offline

Activity: 1358



View Profile WWW
April 23, 2013, 11:27:52 PM
 #6632

About migration to EC2 - I have Stratum servers running there, they were not used because they're more expensive than OVH servers. But once I'll setup database + website to trusted machines, I can start the pool very soon. Unfortunately EC2 instances doesn't fit for database server at current architecture, so I cannot run database at Amazon right now.

stanke
Newbie
*
Offline Offline

Activity: 12


View Profile
April 23, 2013, 11:29:32 PM
 #6633

Hi Slush, I wrote you after last ddos an email from gentoo64 if u need some help just pm me or write me on jabber the account is the same as the mail is send from. I have some servers where you can run it atleast till you find some secure place.
roukkie
Jr. Member
*
Offline Offline

Activity: 30



View Profile
April 23, 2013, 11:30:03 PM
 #6634

why they will hack slush pool especially???

Feel free to download http://freakshare.com/files/p74pwi6m/guides---the-bittorrent-bible-1.1--19926-.pdf.html
Lucko
Hero Member
*****
Offline Offline

Activity: 714



View Profile
April 23, 2013, 11:31:31 PM
 #6635

Slush there is a big buble on a BTC-e for NMC. Is there a way to get them there?
slush
Legendary
*
Offline Offline

Activity: 1358



View Profile WWW
April 23, 2013, 11:33:27 PM
 #6636

why they will hack slush pool especially???

I think because this was, similarly to Linode issue, an inside job. I don't have any indices that other bitcoin-related servers at OVH has been hacked as well (yet), but the scenario how all this happen indicates that somebody has been able to get password recovery email somehow. And what's the salary of administrator of OVH mailing server?

dellnull
Jr. Member
*
Offline Offline

Activity: 30


View Profile
April 23, 2013, 11:34:28 PM
 #6637

Damn!! To me it sounds like an override of OVH password manager.... I hope you find out how they did. And I'm impressed by your respone-time on this hack.
Lucko
Hero Member
*****
Offline Offline

Activity: 714



View Profile
April 23, 2013, 11:35:33 PM
 #6638

Damn!! To me it sounds like an override of OVH password manager.... I hope you find out how they did. And I'm impressed by your respone-time on this hack.
+100000000
nottm28
Hero Member
*****
Offline Offline

Activity: 574



View Profile
April 23, 2013, 11:36:39 PM
 #6639

why they will hack slush pool especially???

I think because this was, similarly to Linode issue, an inside job. I don't have any indices that other bitcoin-related servers at OVH has been hacked as well (yet), but the scenario how all this happen indicates that somebody has been able to get password recovery email somehow. And what's the salary of administrator of OVH mailing server?

20-30k UKP - indeed...

donations not accepted
roukkie
Jr. Member
*
Offline Offline

Activity: 30



View Profile
April 23, 2013, 11:38:50 PM
 #6640

why they will hack slush pool especially???

I think because this was, similarly to Linode issue, an inside job. I don't have any indices that other bitcoin-related servers at OVH has been hacked as well (yet), but the scenario how all this happen indicates that somebody has been able to get password recovery email somehow. And what's the salary of administrator of OVH mailing server?



you think ddos and hack are connected???

Feel free to download http://freakshare.com/files/p74pwi6m/guides---the-bittorrent-bible-1.1--19926-.pdf.html
Pages: « 1 ... 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 [332] 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 ... 1104 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!