Bitcoin Forum
January 18, 2017, 08:15:54 AM *
News: Latest stable version of Bitcoin Core: 0.13.2  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Poll
Question: What type of pool payouts do you prefer?
Bitcoins - 3167 (80.5%)
Bank transfer / USD - 408 (10.4%)
Gold/silver coins and bars - 359 (9.1%)
Total Voters: 3932

Pages: « 1 ... 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 [338] 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 ... 1107 »
  Print  
Author Topic: [150+ PH] SlushPool (slushpool.com); World's First Mining Pool  (Read 3977058 times)
joolzg
Member
**
Offline Offline

Activity: 76


View Profile
April 24, 2013, 03:12:30 PM
 #6741

Slush, is mining on the pool working as there has been no block in over 4 hours, so its either a git block, or something amisss

Sounds like you may still be mining for the old server. Blocks are being found regularly for me here, and the slowdown you're seeing will be because most have switched over the the new.

Check that stratum.bitcoin.cz resolves to 54.214.x.x for you, and then restart your mining processes and you should be up and running on the new Smiley

Im looking at blockchain!!!!!

found one

232921 (Main Chain)    2013-04-24 14:36:00    00000000000000e3d44a39649dd4a9b98786dfa46a0bd6c038895c614ee26fed

last one

232896 (Main Chain)    2013-04-24 10:20:11    00000000000001c9aeefe9ae55ce6cbfa05e634dc3cfe16587c48bf03c607593

6 hours+

joolz
1484727354
Hero Member
*
Offline Offline

Posts: 1484727354

View Profile Personal Message (Offline)

Ignore
1484727354
Reply with quote  #2

1484727354
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1484727354
Hero Member
*
Offline Offline

Posts: 1484727354

View Profile Personal Message (Offline)

Ignore
1484727354
Reply with quote  #2

1484727354
Report to moderator
1484727354
Hero Member
*
Offline Offline

Posts: 1484727354

View Profile Personal Message (Offline)

Ignore
1484727354
Reply with quote  #2

1484727354
Report to moderator
dg2010
Full Member
***
Offline Offline

Activity: 196


View Profile
April 24, 2013, 03:24:23 PM
 #6742

What about the user database?  Was it compromised?  I'd hate to see bitcoins sent to the wrong address.

I have a database snapshot taken before bad guys overtook the database. So there's no reason to think payout addresses have been modified. Any change of wallet on pool profile requires email confirmation by account owner so I think we're on safe side here.

Unfortunately the user database can be considered as compromised, so the attacker knows user's emails :-(.
How were the passwords hashed?
never answer that!!!

let me rephrase: were the passwords securely hashed?

And salted?

Not to preach to you, but this is a perfect example why everyone should use unique passwords on every website.

I personally use 20+ character randomly generated passwords thanks to LastPass.  Makes secure password management so easy.

I am assuming the worst that they wore not hashed and salted. No word on the matter suggests that is possibly the case? I'd like to know either way. Embarrassing as it may be.

nottm28
Hero Member
*****
Offline Offline

Activity: 574



View Profile
April 24, 2013, 03:28:07 PM
 #6743

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...

donations not accepted
wigsgiw
Newbie
*
Offline Offline

Activity: 18



View Profile
April 24, 2013, 03:30:29 PM
 #6744

What about the user database?  Was it compromised?  I'd hate to see bitcoins sent to the wrong address.

I have a database snapshot taken before bad guys overtook the database. So there's no reason to think payout addresses have been modified. Any change of wallet on pool profile requires email confirmation by account owner so I think we're on safe side here.

Unfortunately the user database can be considered as compromised, so the attacker knows user's emails :-(.
How were the passwords hashed?
never answer that!!!

let me rephrase: were the passwords securely hashed?

And salted?

Not to preach to you, but this is a perfect example why everyone should use unique passwords on every website.

I personally use 20+ character randomly generated passwords thanks to LastPass.  Makes secure password management so easy.

I am assuming the worst that they wore not hashed and salted. No word on the matter suggests that is possibly the case? I'd like to know either way. Embarrassing as it may be.

Slush has been doing this for years, and it is 2013 not 2008. We can all safely assume that passwords were at least SHA hashed and salted.

No word on the matter is because the man is slaving away, on no sleep, to get everything back up and operational after a severe inside-job hack attempt.

Many props to you Slush, your efforts are greatly appreciated!

1Hxoht39KTRfkiVE15L8yYEumumbFunGiG
theowalpott
Member
**
Offline Offline

Activity: 82


View Profile
April 24, 2013, 03:34:36 PM
 #6745

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...

No, even if they have your login details changing the payout address needs email confirmation, so unless the attacker(s) have access to your email too they can't change your payout address.

1FwGATm6eU5dSiTp2rpazV5u3qwbx1fuDn
Jay_Pal
Legendary
*
Offline Offline

Activity: 1338



View Profile
April 24, 2013, 03:35:32 PM
 #6746

What about the user database?  Was it compromised?  I'd hate to see bitcoins sent to the wrong address.

I have a database snapshot taken before bad guys overtook the database. So there's no reason to think payout addresses have been modified. Any change of wallet on pool profile requires email confirmation by account owner so I think we're on safe side here.

Unfortunately the user database can be considered as compromised, so the attacker knows user's emails :-(.
How were the passwords hashed?
never answer that!!!

let me rephrase: were the passwords securely hashed?

And salted?

Not to preach to you, but this is a perfect example why everyone should use unique passwords on every website.

I personally use 20+ character randomly generated passwords thanks to LastPass.  Makes secure password management so easy.

I am assuming the worst that they wore not hashed and salted. No word on the matter suggests that is possibly the case? I'd like to know either way. Embarrassing as it may be.

Slush has been doing this for years, and it is 2013 not 2008. We can all safely assume that passwords were at least SHA hashed and salted.

No word on the matter is because the man is slaving away, on no sleep, to get everything back up and operational after a severe inside-job hack attempt.

Many props to you Slush, your efforts are greatly appreciated!
+1

Free Coins - 🍒🍉🌼 Free Game🌼🍉🍒
BEST FAUCET EVER!!! - Don't Panic... - 1G8zjUzeZBfJpeCbz1MLTc6zQHbLm78vKc
digital
Hero Member
*****
Offline Offline

Activity: 490


View Profile
April 24, 2013, 03:36:58 PM
 #6747

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...

Your being paranoid.  Slush has the account passwords protected.  And even if they do manage to gain access to some accounts, Slush will see the unusual activity immediately and put a stop to it.  Like I said earlier, he likely won't enable payouts right away.  He will wait to make sure everything is on track.

He is very security conscious, and always does his due diligence.  That's why he has so many lifers mining for him...

If I help you out: 17QatvSdciyv2zsdAbphDEUzST1S6x46c3
References (bitcointalk.org/index.php?topic=): 50051.20  50051.100  53668.0  53788.0  53571.0  53571.0  52212.0  50729.0  114804.0  115468  78106  69061  58572  54747
Valle
Full Member
***
Offline Offline

Activity: 159


View Profile
April 24, 2013, 03:37:29 PM
 #6748

So, can anyone described what's going on and when it is supposed to be fixed?
Jay_Pal
Legendary
*
Offline Offline

Activity: 1338



View Profile
April 24, 2013, 03:39:43 PM
 #6749

So, can anyone described what's going on and when it is supposed to be fixed?

Sure!!!
Here you go: https://bitcointalk.org/index.php?topic=1976.msg1925445#msg1925445

Free Coins - 🍒🍉🌼 Free Game🌼🍉🍒
BEST FAUCET EVER!!! - Don't Panic... - 1G8zjUzeZBfJpeCbz1MLTc6zQHbLm78vKc
OskarLoderr
Newbie
*
Offline Offline

Activity: 10


View Profile
April 24, 2013, 04:19:11 PM
 #6750

What about the user database?  Was it compromised?  I'd hate to see bitcoins sent to the wrong address.

I have a database snapshot taken before bad guys overtook the database. So there's no reason to think payout addresses have been modified. Any change of wallet on pool profile requires email confirmation by account owner so I think we're on safe side here.

Unfortunately the user database can be considered as compromised, so the attacker knows user's emails :-(.
How were the passwords hashed?
never answer that!!!

let me rephrase: were the passwords securely hashed?

And salted?

Not to preach to you, but this is a perfect example why everyone should use unique passwords on every website.

I personally use 20+ character randomly generated passwords thanks to LastPass.  Makes secure password management so easy.

I am assuming the worst that they wore not hashed and salted. No word on the matter suggests that is possibly the case? I'd like to know either way. Embarrassing as it may be.
He already said that passwords were salted and hashed earlier in the thread and that you didn't have to worry about passwords being compromised.
TiborB
Member
**
Offline Offline

Activity: 83


View Profile
April 24, 2013, 04:20:32 PM
 #6751

So, can anyone described what's going on and when it is supposed to be fixed?

Sure!!!
Here you go: https://bitcointalk.org/index.php?topic=1976.msg1925445#msg1925445

Status quo in a nutshell:

* mining now happens on EC2 instances, DNS records for stratum.bitcoin.cz have been updated
* you might need to restart long running workers & make sure DNS changes propagated to you. Use netstat & nslookup, or just flush the dns cache and restart workers.
https://bitcointalk.org/index.php?topic=1976.msg1926436#msg1926436
* the website is not up at the moment, but mining is possible

Hope this helps,
   T

nybbler905
Full Member
***
Offline Offline

Activity: 213



View Profile
April 24, 2013, 04:35:58 PM
 #6752

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...
PARANOID and with good reason...
it took me a while to re-set my bitcoin address ( was online one that I later read was untrusted PRE-DDos attacks on Slush's and had the ' fun ' of waiting for confirmation emails )
so even if they did get your password, tryed to change your bitcoin wallet id, there is still hope that neither you or the attacker can get access by logging in and setting payout to some really high number ( like over 50.0 BTC )
Worst case senario.... both you and the attacker are locked out of the earned BTC until you ( or the attacker ) can convince Slush to let the coins out of the wallet.

He did get a database snapshot so there should be enough info there to see what goes where apropriatly.
I'm not too worried about possible coin theft as I am still CPU mining and have earned ( not from Slush yet, still too slow for that kind of coin ) 1/9th the BTC for what some call an ' intro GPU miner card ' and will be workin all the free BTC sites as hard as my mining rig to get as much as fast as possible to get that kind of hash power and doubt i'll ever move from Slush's pool ( unless it gets to over 50.5% )

Always looking for donations even as low as 1uBTC
14XfpYPdtYiGoEiDcKrSzuvBM3ukhwANUh - BTC
LS7FEfu9ajp3NQcDjui9TSKscwQesj9i8k - LTC
LHe9g5ixMyfdtqAEHU5vErG1eQrDshBFRW -Luckycoin
Kruncha
Sr. Member
****
Offline Offline

Activity: 420


Winter is coming...


View Profile
April 24, 2013, 04:38:43 PM
 #6753

I put my miner back online last night after Slush said that stratum.bitcoin.cz was good to go. I didn't even think to check where the DNS was resolving to. After reading some posts this morning I figured I'd better check. What I have is in the image below and I think it's important that Slush be informed. I'm mining through the stratum proxy that Slush provided. If what I'm seeing is correct then I've been providing 700mhash to the hackers for 15 hours.



K.
jerethdaminer
Member
**
Offline Offline

Activity: 84


View Profile
April 24, 2013, 04:40:41 PM
 #6754

they may be hashed and salted but were they peppered Tongue failing that can we keell the person who hacked him
DoomDumas
Hero Member
*****
Offline Offline

Activity: 798


Bitcoin forever !


View Profile WWW
April 24, 2013, 04:53:21 PM
 #6755


Quote from: anti
The bitcoins I have earned on this pool should have been confimed and payed out by now, because last time I checked (about 2 hours before the break-in) it was about 30 confirmations away from being confirmed with respect to my payout minimum. However, no payouts have occurred as of now. I guess this is also because the pool was hacked? When can we expect the payouts to continue? I mean the BTC prices are quite good at the moment and I'd very like to sell before they fall again. Please fix this soon! Thanks!

I wont sell any satoshi until 1 BTC worth more than 1000$...  in or before 2014 for sure !!  Smiley

Soap for BTC - Pure, Natural, Unique..   - PDF - BTCTalk - Email
nottm28
Hero Member
*****
Offline Offline

Activity: 574



View Profile
April 24, 2013, 05:03:06 PM
 #6756

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...

No, even if they have your login details changing the payout address needs email confirmation, so unless the attacker(s) have access to your email too they can't change your payout address.

Thanks

donations not accepted
DoomDumas
Hero Member
*****
Offline Offline

Activity: 798


Bitcoin forever !


View Profile WWW
April 24, 2013, 05:08:33 PM
 #6757

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...

IIRC, changing paiment adress need to be confirmed by email, so if your email password is'nt compromised, no problem at all here !

Soap for BTC - Pure, Natural, Unique..   - PDF - BTCTalk - Email
AngelusWebDesign
Sr. Member
****
Offline Offline

Activity: 392


View Profile
April 24, 2013, 05:14:29 PM
 #6758

What about the um... secret URL that we were given by e-mail?

I just checked that URL, and it resolves to 95.x.x.x -- sounds like the OLD server.

Then I checked stratum.mining.cz and it resolves to the right IP address.

I've been mining at the address that starts with V for the good part of a day -- am I still going to get paid?

Lucko
Hero Member
*****
Offline Offline

Activity: 714



View Profile
April 24, 2013, 05:20:13 PM
 #6759

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...

IIRC, changing paiment adress need to be confirmed by email, so if your email password is'nt compromised, no problem at all here !

Well Slush mail also wasn't compromised and they got a link for reset... But yes it is always some uncertainty. 100% security doesn't exist... We are probably not big enough to worry about that... If you are worried about that decrease automatic payout limit...
slush
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
April 24, 2013, 05:23:56 PM
 #6760

I'm having some troubles while setting up new database server, so all this is taking longer time than I expected. But I'm still working on it.

Pages: « 1 ... 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 [338] 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 ... 1107 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!