Bitcoin Forum
October 07, 2024, 02:51:59 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 [334] 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 ... 1154 »
  Print  
Author Topic: [4+ EH] Slush Pool (slushpool.com); Overt AsicBoost; World First Mining Pool  (Read 4382503 times)
Quantus
Legendary
*
Offline Offline

Activity: 883
Merit: 1005



View Profile
April 24, 2013, 03:51:29 AM
 #6661


So the site was hacked but any loss will be be covered but when the site is back up we need to consider the strength of our E-mail passwords because the hacker got those? 

(I am a 1MB block supporter who thinks all users should be using Full-Node clients)
Avoid the XT shills, they only want to destroy bitcoin, their hubris and greed will destroy us.
Know your adversary https://www.youtube.com/watch?v=BKorP55Aqvg
GernMiester
Sr. Member
****
Offline Offline

Activity: 285
Merit: 250


View Profile
April 24, 2013, 03:53:01 AM
 #6662

expect to be phished.. juts like gox
lukasbradley
Donator
Member
*
Offline Offline

Activity: 90
Merit: 10


View Profile
April 24, 2013, 04:04:00 AM
 #6663

Please let me know if I can help with anything.
gbx
Full Member
***
Offline Offline

Activity: 226
Merit: 100


View Profile
April 24, 2013, 04:37:28 AM
 #6664

but intruder has emails and information but would have to hack each email individually? hopefully to much effort anything we need to do to resecure any thing comprimised


Don't use the same password on bitcoin.cz as you do on any other accounts.  Password re-use is probably the biggest offense when it comes to problems between the keyboard and chair.  If you are using the same or similar passwords, change them now, especially on accounts connected to this potential leak.  It's just a good practice.  Chances are, nothing will happen.  But why chance it?

If you don't already, use KeePass, LastPass, OnePass or some password safe that programmatically generates complex passwords and use that password for your bitcoin.cz connected email account.  That is about all you can do.

Change your password when Slush brings up the website too..  Just to be safe....
nybbler905
Full Member
***
Offline Offline

Activity: 213
Merit: 100



View Profile
April 24, 2013, 04:38:00 AM
 #6665

expect to be phished.. juts like gox
most phishing for me is check the full headers to see if it's legit, go to the web site directly ( not from any mail link ) and log in that way and see if the mail really came from them..... when fake, there are a TON of reporting sites ( depending on what scam is being pulled )
BTW I am Canadian and after looking up some Doctor Who info on yahoo.co.uk decided to open an email account and... now i get tons of fake UK bank ' your account is locked until you click and filll in you are informations ' ( miss spellings USUALY ARE in the fake ones ) spams.

Hope this helps and gives a laugh or too to spite the current situation... BTW Slush, gettin more hits from getwork than Stratum, don't really care if it counts or not since i'm CPU mining and don't usualy get over 2000 uBTC for less than 4 hits.  Just thought you should look in to it.

Always looking for donations even as low as 1uBTC
14XfpYPdtYiGoEiDcKrSzuvBM3ukhwANUh - BTC
LS7FEfu9ajp3NQcDjui9TSKscwQesj9i8k - LTC
LHe9g5ixMyfdtqAEHU5vErG1eQrDshBFRW -Luckycoin
gbx
Full Member
***
Offline Offline

Activity: 226
Merit: 100


View Profile
April 24, 2013, 04:38:44 AM
 #6666

And we found another block!!!  YAY!!!
gbx
Full Member
***
Offline Offline

Activity: 226
Merit: 100


View Profile
April 24, 2013, 04:40:55 AM
 #6667

Also, the times on my mining proxy have dropped dramatically with AWS.  I'm seeing 42-62ms times where before it was 170ms and up...
stanke
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile
April 24, 2013, 06:13:04 AM
 #6668

apparently, if you don't hold it you don't own it is true for servers as well Sad

That's the point. Next time I'll be the only person who'll have a physical access to the machine. No f***ing web consoles, email recovery features and no 3rd party administrators next time. I'm really tired by these situations and incompetent people who are harming my own reputation.

I would suggest to setup the servers as a servers with sensitive data. That means even if the attacker or whoever will get the physical server he can only destroy it but he cannot steal the data. All my servers which needs high security or have some sensitive data have only the system not encrypted. The data partitions are on different logical lvolumes which are crypted. that means even in single user mode no harm is done. Slush you are doing good job with pool and btc related but you should consider to build servers the way it cannot be compromised. ;-)
phelix
Legendary
*
Offline Offline

Activity: 1708
Merit: 1020



View Profile
April 24, 2013, 06:26:36 AM
 #6669

What about the user database?  Was it compromised?  I'd hate to see bitcoins sent to the wrong address.

I have a database snapshot taken before bad guys overtook the database. So there's no reason to think payout addresses have been modified. Any change of wallet on pool profile requires email confirmation by account owner so I think we're on safe side here.

Unfortunately the user database can be considered as compromised, so the attacker knows user's emails :-(.
How were the passwords hashed?
nybbler905
Full Member
***
Offline Offline

Activity: 213
Merit: 100



View Profile
April 24, 2013, 06:43:31 AM
 #6670

What about the user database?  Was it compromised?  I'd hate to see bitcoins sent to the wrong address.

I have a database snapshot taken before bad guys overtook the database. So there's no reason to think payout addresses have been modified. Any change of wallet on pool profile requires email confirmation by account owner so I think we're on safe side here.

Unfortunately the user database can be considered as compromised, so the attacker knows user's emails :-(.
How were the passwords hashed?
never answer that!!!

[edit]
forgot to include the links lol

http://hackaday.com/2012/12/06/25-gpus-brute-force-348-billion-hashes-per-second-to-crack-your-passwords/
http://hackaday.com/2011/06/01/gpu-password-cracking-made-easy/

Always looking for donations even as low as 1uBTC
14XfpYPdtYiGoEiDcKrSzuvBM3ukhwANUh - BTC
LS7FEfu9ajp3NQcDjui9TSKscwQesj9i8k - LTC
LHe9g5ixMyfdtqAEHU5vErG1eQrDshBFRW -Luckycoin
Drizzle
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
April 24, 2013, 07:08:05 AM
 #6671

Its just nice to see the guy in charge actively posting with users. Ive only been mining for a few weeks but other pools don't know what they are missing.

I agree. Slush is doing good work, and his work is appreciated.

As someone pretty new to mining however, this just highlights to me how volatile this field is. After having had the little I mind stolen at bitlc the last time I tried mining, and now the DDoS and hacking here, and couple that with all the other warnings on these forum, I feel that bitcoins aren't for the weak of heart.

Plus it doesn't help that I used a password at Slush's which I use elsewhere (because it looked like the site wouldn't accept one with a comma, so I reverted to something simple), so now I'm worried about that.
zamazama
Full Member
***
Offline Offline

Activity: 263
Merit: 100


View Profile WWW
April 24, 2013, 07:27:17 AM
 #6672

Very sorry to hear about this Slush. I hope other pool admins take note, this is now a billion dollar industry and DDOS, hacking, fraud will increase exponentially too as coins are very hard to trace.

I have continued mining for the pool, but would also appreciate an ETA on various aspects.

Website beign Up so earnings can be viewed.
Commencement of payouts.

Even as a rough guide, at least it will stop me and others from continually bugging you while you're busy.

anti
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
April 24, 2013, 07:30:43 AM
 #6673

Very sorry to hear about this Slush. I hope other pool admins take note, this is now a billion dollar industry and DDOS, hacking, fraud will increase exponentially too as coins are very hard to trace.

I have continued mining for the pool, but would also appreciate an ETA on various aspects.

Website beign Up so earnings can be viewed.
Commencement of payouts.

Even as a rough guide, at least it will stop me and others from continually bugging you while you're busy.

I was just about to ask the same:

Quote from: anti
The bitcoins I have earned on this pool should have been confimed and payed out by now, because last time I checked (about 2 hours before the break-in) it was about 30 confirmations away from being confirmed with respect to my payout minimum. However, no payouts have occurred as of now. I guess this is also because the pool was hacked? When can we expect the payouts to continue? I mean the BTC prices are quite good at the moment and I'd very like to sell before they fall again. Please fix this soon! Thanks!
HellDiverUK
Hero Member
*****
Offline Offline

Activity: 1246
Merit: 501



View Profile
April 24, 2013, 07:40:59 AM
 #6674

I got two Questions.
 Are my Bitcoins safe and Do I need to change pools?

Way to not bother reading the thread, brainiac.  Roll Eyes
thewebguy0
Newbie
*
Offline Offline

Activity: 19
Merit: 0



View Profile
April 24, 2013, 07:43:07 AM
 #6675

I wish butterfly labs was as open with people as Slush and others in the bitcoin community are with what's going on.  I asked for a refund 2 days ago on part of my orders and I haven't heard anything back.  (Surprise surprise?)

Another site that fails to update people with truth, open-ness and honesty is bitinstant.  I no longer trade through them because of the problems they have been having.  They promise and do not deliver.

Slush is the man and I will continue to mine with the pool.  Thank you for the updates and transparency.  We all get more careful and diligent due to times like these and I personally appreciate your updates and contribution and dedication to the bitcoin community.

Cheers   Grin
HellDiverUK
Hero Member
*****
Offline Offline

Activity: 1246
Merit: 501



View Profile
April 24, 2013, 08:00:55 AM
 #6676


Slush is the man and I will continue to mine with the pool.  Thank you for the updates and transparency.  We all get more careful and diligent due to times like these and I personally appreciate your updates and contribution and dedication to the bitcoin community.


This.  I'll be mining with slush until I stop mining bitcoins. 

Any chance of running a Litecoin pool, too, slush?  That'd make me a very happy camper. Smiley
Drizzle
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
April 24, 2013, 08:10:03 AM
 #6677

Any chance of running a Litecoin pool, too, slush?  That'd make me a very happy camper. Smiley

I want to get into litecoins, so that would be cool.
thewebguy0
Newbie
*
Offline Offline

Activity: 19
Merit: 0



View Profile
April 24, 2013, 08:21:35 AM
 #6678

Any chance of running a Litecoin pool, too, slush?  That'd make me a very happy camper. Smiley

I want to get into litecoins, so that would be cool.

I would agree with these statements as well.
skang
Sr. Member
****
Offline Offline

Activity: 452
Merit: 252


from democracy to self-rule.


View Profile
April 24, 2013, 08:35:43 AM
 #6679

Thanks for all the support!

If you do decide to implement ltc please do it like D7 pool.
His UI and ease of use is the best of all the mining sites!

"India is the guru of the nations, the physician of the human soul in its profounder maladies; she is destined once more to remould the life of the world and restore the peace of the human spirit.
But Swaraj is the necessary condition of her work and before she can do the work, she must fulfil the condition."
DryMartini
Newbie
*
Offline Offline

Activity: 37
Merit: 0



View Profile
April 24, 2013, 09:02:41 AM
 #6680

Everyone mining with Slush, restart your mining clients and make sure the stratum domain resolves to an address in the Amazon cloud. It's 54.214.10.135 when I check here.
Before I restarted mine it still used the old compromised server which is still running. I'm not sure they will be able to use the bitcoins mined there but I hate the thought of it.
Pages: « 1 ... 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 [334] 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 ... 1154 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!