Bitcoin Forum
October 15, 2018, 02:09:08 PM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 [337] 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 ... 1145 »
  Print  
Author Topic: [4+ EH] Slush Pool (slushpool.com); Overt AsicBoost; World First Mining Pool  (Read 4342075 times)
digital
Hero Member
*****
Offline Offline

Activity: 490
Merit: 500


View Profile
April 24, 2013, 02:38:00 PM
 #6721

Slush has said that the database is down.  Only the mining back end is working.

Which means we are all still working to find blocks.  But the rewards are currently not being calculated.  And he can't make any payouts until the database is back up.  Once the database is back up, he will calculate all the blocks that have been found since the attack and everyone will get credited what they are owed.

Then when that's done and he's sure everything is in good working order, he will re-enable payouts.

I'm sure you can understand, he doesn't want any payouts happening until we are all confident they will be correct.  That benefits us all.

If I help you out: 17QatvSdciyv2zsdAbphDEUzST1S6x46c3
References (bitcointalk.org/index.php?topic=): 50051.20  50051.100  53668.0  53788.0  53571.0  53571.0  52212.0  50729.0  114804.0  115468  78106  69061  58572  54747
1539612548
Hero Member
*
Offline Offline

Posts: 1539612548

View Profile Personal Message (Offline)

Ignore
1539612548
Reply with quote  #2

1539612548
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1539612548
Hero Member
*
Offline Offline

Posts: 1539612548

View Profile Personal Message (Offline)

Ignore
1539612548
Reply with quote  #2

1539612548
Report to moderator
1539612548
Hero Member
*
Offline Offline

Posts: 1539612548

View Profile Personal Message (Offline)

Ignore
1539612548
Reply with quote  #2

1539612548
Report to moderator
jerethdaminer
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
April 24, 2013, 02:40:21 PM
 #6722

slush is a good pool manager and thanks to whoever reminded me about nslook up it resolves to a 54.0210.10.xxx address thats right inst it
mikesheadroom
Member
**
Offline Offline

Activity: 72
Merit: 10



View Profile
April 24, 2013, 02:41:54 PM
 #6723

there has been no block in over 4 hours
Slush just found a block.

Archain.org | Whitepaper | Bitcointalks Thread
Decentralised Archive of the Internet
Lucko
Hero Member
*****
Offline Offline

Activity: 826
Merit: 1000



View Profile
April 24, 2013, 02:43:47 PM
 #6724

I'm sure you can understand, he doesn't want any payouts happening until we are all confident they will be correct.  That benefits us all.

Totally understand but I have a ebay action that is happening now and it ends in litel more them 3 hours and I will pay in bitcoins... That is a problem... I only have 0,2 bitcoins in wallet and estimated 0,8 coin on pool... You can see my problem...
wigsgiw
Newbie
*
Offline Offline

Activity: 18
Merit: 0



View Profile
April 24, 2013, 02:44:55 PM
 #6725

Slush, is mining on the pool working as there has been no block in over 4 hours, so its either a git block, or something amisss

Sounds like you may still be mining for the old server. Blocks are being found regularly for me here, and the slowdown you're seeing will be because most have switched over the the new.

Check that stratum.bitcoin.cz resolves to 54.214.x.x for you, and then restart your mining processes and you should be up and running on the new Smiley
phelix
Legendary
*
Offline Offline

Activity: 1708
Merit: 1000


nmc:id/phelix


View Profile
April 24, 2013, 03:03:02 PM
 #6726

What about the user database?  Was it compromised?  I'd hate to see bitcoins sent to the wrong address.

I have a database snapshot taken before bad guys overtook the database. So there's no reason to think payout addresses have been modified. Any change of wallet on pool profile requires email confirmation by account owner so I think we're on safe side here.

Unfortunately the user database can be considered as compromised, so the attacker knows user's emails :-(.
How were the passwords hashed?
never answer that!!!

let me rephrase: were the passwords securely hashed?

blockchained.com ■ bitcointalk top posts
p0rkbelly
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
April 24, 2013, 03:08:51 PM
 #6727

What about the user database?  Was it compromised?  I'd hate to see bitcoins sent to the wrong address.

I have a database snapshot taken before bad guys overtook the database. So there's no reason to think payout addresses have been modified. Any change of wallet on pool profile requires email confirmation by account owner so I think we're on safe side here.

Unfortunately the user database can be considered as compromised, so the attacker knows user's emails :-(.
How were the passwords hashed?
never answer that!!!

let me rephrase: were the passwords securely hashed?

And salted?

Not to preach to you, but this is a perfect example why everyone should use unique passwords on every website.

I personally use 20+ character randomly generated passwords thanks to LastPass.  Makes secure password management so easy.
joolzg
Member
**
Offline Offline

Activity: 76
Merit: 10


View Profile
April 24, 2013, 03:12:30 PM
 #6728

Slush, is mining on the pool working as there has been no block in over 4 hours, so its either a git block, or something amisss

Sounds like you may still be mining for the old server. Blocks are being found regularly for me here, and the slowdown you're seeing will be because most have switched over the the new.

Check that stratum.bitcoin.cz resolves to 54.214.x.x for you, and then restart your mining processes and you should be up and running on the new Smiley

Im looking at blockchain!!!!!

found one

232921 (Main Chain)    2013-04-24 14:36:00    00000000000000e3d44a39649dd4a9b98786dfa46a0bd6c038895c614ee26fed

last one

232896 (Main Chain)    2013-04-24 10:20:11    00000000000001c9aeefe9ae55ce6cbfa05e634dc3cfe16587c48bf03c607593

6 hours+

joolz
dg2010
Sr. Member
****
Offline Offline

Activity: 406
Merit: 250


Look ARROUND!


View Profile
April 24, 2013, 03:24:23 PM
 #6729

What about the user database?  Was it compromised?  I'd hate to see bitcoins sent to the wrong address.

I have a database snapshot taken before bad guys overtook the database. So there's no reason to think payout addresses have been modified. Any change of wallet on pool profile requires email confirmation by account owner so I think we're on safe side here.

Unfortunately the user database can be considered as compromised, so the attacker knows user's emails :-(.
How were the passwords hashed?
never answer that!!!

let me rephrase: were the passwords securely hashed?

And salted?

Not to preach to you, but this is a perfect example why everyone should use unique passwords on every website.

I personally use 20+ character randomly generated passwords thanks to LastPass.  Makes secure password management so easy.

I am assuming the worst that they wore not hashed and salted. No word on the matter suggests that is possibly the case? I'd like to know either way. Embarrassing as it may be.


.........................................
             █████████████████
         ███ ██     █     ██ ███
       ██ █████     █     █████ ██
     ███   █   █  █████  █   █   ███
   ███     █    ███ █ ███    █     ███
  ██  ███ ██ ███    █    ███ ██ ███  ██
  ██     ████       █      █████     ██
 ███   ██ █  ███    █    ███  █ ██   ███
 █ █ ██   █     ██  █  ██     █   ██ █ █
█████     █       █████       █     █████
 █ █ ██   █   ████  █  ████   █   ██ █ █
 ███   ████ ██      █      ██ ████   ███
  ██  █  █████      █      █████  █  ██
  ██ ██   ██ ████   █  ████  ██   ██ ██
   ██      █     ██████      █     ███
     ████  █   ██████████    █  ████
       ██ █████     █    ██████ ██
         ███  ██    █   ███  ███
            █████████████████
ARROUND









.









.
Telegram
ANN Thread
Bounty Thread
Whitepaper
nottm28
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500



View Profile
April 24, 2013, 03:28:07 PM
 #6730

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...

donations not accepted
wigsgiw
Newbie
*
Offline Offline

Activity: 18
Merit: 0



View Profile
April 24, 2013, 03:30:29 PM
 #6731

What about the user database?  Was it compromised?  I'd hate to see bitcoins sent to the wrong address.

I have a database snapshot taken before bad guys overtook the database. So there's no reason to think payout addresses have been modified. Any change of wallet on pool profile requires email confirmation by account owner so I think we're on safe side here.

Unfortunately the user database can be considered as compromised, so the attacker knows user's emails :-(.
How were the passwords hashed?
never answer that!!!

let me rephrase: were the passwords securely hashed?

And salted?

Not to preach to you, but this is a perfect example why everyone should use unique passwords on every website.

I personally use 20+ character randomly generated passwords thanks to LastPass.  Makes secure password management so easy.

I am assuming the worst that they wore not hashed and salted. No word on the matter suggests that is possibly the case? I'd like to know either way. Embarrassing as it may be.

Slush has been doing this for years, and it is 2013 not 2008. We can all safely assume that passwords were at least SHA hashed and salted.

No word on the matter is because the man is slaving away, on no sleep, to get everything back up and operational after a severe inside-job hack attempt.

Many props to you Slush, your efforts are greatly appreciated!
theowalpott
Member
**
Offline Offline

Activity: 80
Merit: 10


View Profile
April 24, 2013, 03:34:36 PM
 #6732

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...

No, even if they have your login details changing the payout address needs email confirmation, so unless the attacker(s) have access to your email too they can't change your payout address.

1FwGATm6eU5dSiTp2rpazV5u3qwbx1fuDn
Jay_Pal
Legendary
*
Offline Offline

Activity: 1392
Merit: 1003



View Profile
April 24, 2013, 03:35:32 PM
 #6733

What about the user database?  Was it compromised?  I'd hate to see bitcoins sent to the wrong address.

I have a database snapshot taken before bad guys overtook the database. So there's no reason to think payout addresses have been modified. Any change of wallet on pool profile requires email confirmation by account owner so I think we're on safe side here.

Unfortunately the user database can be considered as compromised, so the attacker knows user's emails :-(.
How were the passwords hashed?
never answer that!!!

let me rephrase: were the passwords securely hashed?

And salted?

Not to preach to you, but this is a perfect example why everyone should use unique passwords on every website.

I personally use 20+ character randomly generated passwords thanks to LastPass.  Makes secure password management so easy.

I am assuming the worst that they wore not hashed and salted. No word on the matter suggests that is possibly the case? I'd like to know either way. Embarrassing as it may be.

Slush has been doing this for years, and it is 2013 not 2008. We can all safely assume that passwords were at least SHA hashed and salted.

No word on the matter is because the man is slaving away, on no sleep, to get everything back up and operational after a severe inside-job hack attempt.

Many props to you Slush, your efforts are greatly appreciated!
+1

Best faucet EVER! - Freebitco.in
Don't Panic... - 1G8zjUzeZBfJpeCbz1MLTc6zQHbLm78vKc
Why not mine from the browser?
digital
Hero Member
*****
Offline Offline

Activity: 490
Merit: 500


View Profile
April 24, 2013, 03:36:58 PM
 #6734

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...

Your being paranoid.  Slush has the account passwords protected.  And even if they do manage to gain access to some accounts, Slush will see the unusual activity immediately and put a stop to it.  Like I said earlier, he likely won't enable payouts right away.  He will wait to make sure everything is on track.

He is very security conscious, and always does his due diligence.  That's why he has so many lifers mining for him...

If I help you out: 17QatvSdciyv2zsdAbphDEUzST1S6x46c3
References (bitcointalk.org/index.php?topic=): 50051.20  50051.100  53668.0  53788.0  53571.0  53571.0  52212.0  50729.0  114804.0  115468  78106  69061  58572  54747
Valle
Full Member
***
Offline Offline

Activity: 177
Merit: 100


View Profile
April 24, 2013, 03:37:29 PM
 #6735

So, can anyone described what's going on and when it is supposed to be fixed?
Jay_Pal
Legendary
*
Offline Offline

Activity: 1392
Merit: 1003



View Profile
April 24, 2013, 03:39:43 PM
 #6736

So, can anyone described what's going on and when it is supposed to be fixed?

Sure!!!
Here you go: https://bitcointalk.org/index.php?topic=1976.msg1925445#msg1925445

Best faucet EVER! - Freebitco.in
Don't Panic... - 1G8zjUzeZBfJpeCbz1MLTc6zQHbLm78vKc
Why not mine from the browser?
OskarLoderr
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
April 24, 2013, 04:19:11 PM
 #6737

What about the user database?  Was it compromised?  I'd hate to see bitcoins sent to the wrong address.

I have a database snapshot taken before bad guys overtook the database. So there's no reason to think payout addresses have been modified. Any change of wallet on pool profile requires email confirmation by account owner so I think we're on safe side here.

Unfortunately the user database can be considered as compromised, so the attacker knows user's emails :-(.
How were the passwords hashed?
never answer that!!!

let me rephrase: were the passwords securely hashed?

And salted?

Not to preach to you, but this is a perfect example why everyone should use unique passwords on every website.

I personally use 20+ character randomly generated passwords thanks to LastPass.  Makes secure password management so easy.

I am assuming the worst that they wore not hashed and salted. No word on the matter suggests that is possibly the case? I'd like to know either way. Embarrassing as it may be.
He already said that passwords were salted and hashed earlier in the thread and that you didn't have to worry about passwords being compromised.
TiborB
Member
**
Offline Offline

Activity: 83
Merit: 10


View Profile
April 24, 2013, 04:20:32 PM
 #6738

So, can anyone described what's going on and when it is supposed to be fixed?

Sure!!!
Here you go: https://bitcointalk.org/index.php?topic=1976.msg1925445#msg1925445

Status quo in a nutshell:

* mining now happens on EC2 instances, DNS records for stratum.bitcoin.cz have been updated
* you might need to restart long running workers & make sure DNS changes propagated to you. Use netstat & nslookup, or just flush the dns cache and restart workers.
https://bitcointalk.org/index.php?topic=1976.msg1926436#msg1926436
* the website is not up at the moment, but mining is possible

Hope this helps,
   T

nybbler905
Full Member
***
Offline Offline

Activity: 213
Merit: 100



View Profile
April 24, 2013, 04:35:58 PM
 #6739

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...
PARANOID and with good reason...
it took me a while to re-set my bitcoin address ( was online one that I later read was untrusted PRE-DDos attacks on Slush's and had the ' fun ' of waiting for confirmation emails )
so even if they did get your password, tryed to change your bitcoin wallet id, there is still hope that neither you or the attacker can get access by logging in and setting payout to some really high number ( like over 50.0 BTC )
Worst case senario.... both you and the attacker are locked out of the earned BTC until you ( or the attacker ) can convince Slush to let the coins out of the wallet.

He did get a database snapshot so there should be enough info there to see what goes where apropriatly.
I'm not too worried about possible coin theft as I am still CPU mining and have earned ( not from Slush yet, still too slow for that kind of coin ) 1/9th the BTC for what some call an ' intro GPU miner card ' and will be workin all the free BTC sites as hard as my mining rig to get as much as fast as possible to get that kind of hash power and doubt i'll ever move from Slush's pool ( unless it gets to over 50.5% )

Always looking for donations even as low as 1uBTC
14XfpYPdtYiGoEiDcKrSzuvBM3ukhwANUh - BTC
LS7FEfu9ajp3NQcDjui9TSKscwQesj9i8k - LTC
LHe9g5ixMyfdtqAEHU5vErG1eQrDshBFRW -Luckycoin
Kruncha
Sr. Member
****
Offline Offline

Activity: 602
Merit: 250


RISE WITH RAYS FOR THE FUTURE


View Profile
April 24, 2013, 04:38:43 PM
 #6740

I put my miner back online last night after Slush said that stratum.bitcoin.cz was good to go. I didn't even think to check where the DNS was resolving to. After reading some posts this morning I figured I'd better check. What I have is in the image below and I think it's important that Slush be informed. I'm mining through the stratum proxy that Slush provided. If what I'm seeing is correct then I've been providing 700mhash to the hackers for 15 hours.



K.

          ▗▟█████▙▖                   ▗▟█████▙▖
          █████████ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ █████████
          █████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ █████████
           ▀▜███▛▀               ▄▄▀▀  ▀▜███▛▀
           ▋  ▄▖             ▄▄▀▀         ▄▖
          ▋   █▌         ▄▄▀▀             █▌  ▋
         ▋    █▌     ▄▄▀▀                 █▌   ▋
        ▋     █▌ ▄▄▀▀                     █▌    ▋
       ▋    ▄ █▌▝                         █▌     ▋
▗▟█████▙▖ ▀▀  ▀▘                          ▀▘    ▗▟█████▙▖
█████████   ▟███▙ ▆▆▆▆▆▆▆▆▆▆▆▆▆▆▆▆▆▆▆▆▆ ▟███▙   █████████
█████████   ▜███▛ ▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔ ▜███▛   █████████
▝▜█████▛▘     █▌ ▝▀█▄▖                    ▋  ▄▄ ▝▜█████▛▘
       ▋      █▌    ▝▀█▄▖               ▄ ▋ ▀    ▋
        ▋     █▌       ▝▀█▄▖        ▄▄▀▀  ▋     ▋
         ▋    █▌          ▝▀█▄▖ ▄▄▀▀      ▋    ▋
          ▋   █▌           ▄▄▝▀█▄▖        ▋   ▋
           ▋  █▌       ▄▄▀▀     ▝▀█▄▖     ▋  ▋
           ▗▄▄▄▄▄▖ ▄▄▀▀            ▝▀█ ▗▄▄▄▄▄▖
          ▟███████▙                   ▟███████▙
          █████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ █████████
          ▝▜█████▛▘                   ▝▜█████▛▘
.
.
.
Pages: « 1 ... 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 [337] 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 ... 1145 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!