Bitcoin Forum
September 25, 2016, 08:49:55 PM *
News: Due to DDoS attacks, there may be periodic downtime.
 
   Home   Help Search Donate Login Register  
Poll
Question: What type of pool payouts do you prefer?
Bitcoins - 3151 (80.4%)
Bank transfer / USD - 407 (10.4%)
Gold/silver coins and bars - 359 (9.2%)
Total Voters: 3915

Pages: « 1 ... 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 [339] 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 ... 1104 »
  Print  
Author Topic: [40+ PH] SlushPool (slushpool.com); World's First Mining Pool  (Read 3853196 times)
Kruncha
Sr. Member
****
Offline Offline

Activity: 420


Winter is coming...


View Profile
April 24, 2013, 04:38:43 PM
 #6761

I put my miner back online last night after Slush said that stratum.bitcoin.cz was good to go. I didn't even think to check where the DNS was resolving to. After reading some posts this morning I figured I'd better check. What I have is in the image below and I think it's important that Slush be informed. I'm mining through the stratum proxy that Slush provided. If what I'm seeing is correct then I've been providing 700mhash to the hackers for 15 hours.



K.
1474836595
Hero Member
*
Offline Offline

Posts: 1474836595

View Profile Personal Message (Offline)

Ignore
1474836595
Reply with quote  #2

1474836595
Report to moderator
1474836595
Hero Member
*
Offline Offline

Posts: 1474836595

View Profile Personal Message (Offline)

Ignore
1474836595
Reply with quote  #2

1474836595
Report to moderator
1474836595
Hero Member
*
Offline Offline

Posts: 1474836595

View Profile Personal Message (Offline)

Ignore
1474836595
Reply with quote  #2

1474836595
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1474836595
Hero Member
*
Offline Offline

Posts: 1474836595

View Profile Personal Message (Offline)

Ignore
1474836595
Reply with quote  #2

1474836595
Report to moderator
1474836595
Hero Member
*
Offline Offline

Posts: 1474836595

View Profile Personal Message (Offline)

Ignore
1474836595
Reply with quote  #2

1474836595
Report to moderator
1474836595
Hero Member
*
Offline Offline

Posts: 1474836595

View Profile Personal Message (Offline)

Ignore
1474836595
Reply with quote  #2

1474836595
Report to moderator
jerethdaminer
Member
**
Offline Offline

Activity: 84


View Profile
April 24, 2013, 04:40:41 PM
 #6762

they may be hashed and salted but were they peppered Tongue failing that can we keell the person who hacked him
DoomDumas
Hero Member
*****
Offline Offline

Activity: 784


Bitcoin forever !


View Profile WWW
April 24, 2013, 04:53:21 PM
 #6763


Quote from: anti
The bitcoins I have earned on this pool should have been confimed and payed out by now, because last time I checked (about 2 hours before the break-in) it was about 30 confirmations away from being confirmed with respect to my payout minimum. However, no payouts have occurred as of now. I guess this is also because the pool was hacked? When can we expect the payouts to continue? I mean the BTC prices are quite good at the moment and I'd very like to sell before they fall again. Please fix this soon! Thanks!

I wont sell any satoshi until 1 BTC worth more than 1000$...  in or before 2014 for sure !!  Smiley

Soap for BTC - Pure, Natural, Unique..   - PDF - BTCTalk - Email
nottm28
Hero Member
*****
Offline Offline

Activity: 574



View Profile
April 24, 2013, 05:03:06 PM
 #6764

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...

No, even if they have your login details changing the payout address needs email confirmation, so unless the attacker(s) have access to your email too they can't change your payout address.

Thanks

donations not accepted
DoomDumas
Hero Member
*****
Offline Offline

Activity: 784


Bitcoin forever !


View Profile WWW
April 24, 2013, 05:08:33 PM
 #6765

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...

IIRC, changing paiment adress need to be confirmed by email, so if your email password is'nt compromised, no problem at all here !

Soap for BTC - Pure, Natural, Unique..   - PDF - BTCTalk - Email
AngelusWebDesign
Sr. Member
****
Offline Offline

Activity: 392


View Profile
April 24, 2013, 05:14:29 PM
 #6766

What about the um... secret URL that we were given by e-mail?

I just checked that URL, and it resolves to 95.x.x.x -- sounds like the OLD server.

Then I checked stratum.mining.cz and it resolves to the right IP address.

I've been mining at the address that starts with V for the good part of a day -- am I still going to get paid?

Lucko
Hero Member
*****
Offline Offline

Activity: 714



View Profile
April 24, 2013, 05:20:13 PM
 #6767

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...

IIRC, changing paiment adress need to be confirmed by email, so if your email password is'nt compromised, no problem at all here !

Well Slush mail also wasn't compromised and they got a link for reset... But yes it is always some uncertainty. 100% security doesn't exist... We are probably not big enough to worry about that... If you are worried about that decrease automatic payout limit...
slush
Legendary
*
Offline Offline

Activity: 1358



View Profile WWW
April 24, 2013, 05:23:56 PM
 #6768

I'm having some troubles while setting up new database server, so all this is taking longer time than I expected. But I'm still working on it.

bigb159
Full Member
***
Offline Offline

Activity: 169



View Profile
April 24, 2013, 05:30:43 PM
 #6769

A tracert resolved stratum.bitcoin.cz to a compute.amazonaws.com [50.112.*.*].
Things are working fine for me.

Trade your Litecoin, Namecoin, Terracoin, Devcoin and IXcoin for Bitcoin: Vircurex
Valle
Full Member
***
Offline Offline

Activity: 159


View Profile
April 24, 2013, 05:36:23 PM
 #6770

Thanks everyone, that explains. One more question - is there a way to check miner status/bitcoins amount mined etc? Maybe some json api is functional?

So, can anyone described what's going on and when it is supposed to be fixed?

Sure!!!
Here you go: https://bitcointalk.org/index.php?topic=1976.msg1925445#msg1925445

Status quo in a nutshell:

* mining now happens on EC2 instances, DNS records for stratum.bitcoin.cz have been updated
* you might need to restart long running workers & make sure DNS changes propagated to you. Use netstat & nslookup, or just flush the dns cache and restart workers.
https://bitcointalk.org/index.php?topic=1976.msg1926436#msg1926436
* the website is not up at the moment, but mining is possible

Hope this helps,
   T


Lucko
Hero Member
*****
Offline Offline

Activity: 714



View Profile
April 24, 2013, 05:39:10 PM
 #6771

I'm having some troubles while setting up new database server, so all this is taking longer time than I expected. But I'm still working on it.

Well I guess if we asked some company for a quote we would probably get an answer 3 days, 3 people, 9000€. So we do understand...
Newar
Legendary
*
Offline Offline

Activity: 1148


https://gliph.me/hUF


View Profile
April 24, 2013, 05:45:28 PM
 #6772

Thanks everyone, that explains. One more question - is there a way to check miner status/bitcoins amount mined etc? Maybe some json api is functional?
The API is offline too.

OTC rating | GPG keyid 1DC91318EE785FDE | Gliph: lightning bicycle tree music | Mycelium, a swift & secure Bitcoin client for Android | LocalBitcoins
PuertoLibre
Legendary
*
Offline Offline

Activity: 1064


Master BFL Shill


View Profile
April 24, 2013, 06:32:19 PM
 #6773

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...
Which is why I asked...(I am ASIC miner so I have a "significant-ish" sum)
mneisler
Newbie
*
Offline Offline

Activity: 10


View Profile
April 24, 2013, 07:23:53 PM
 #6774

My miners appear to be working. It is my understanding they can not change the email without access to your old email.
andrufala
Jr. Member
*
Offline Offline

Activity: 47



View Profile
April 24, 2013, 07:24:24 PM
 #6775

You are awesome , Thanks for keeping this update every time something happens , and keep up your wonderful job <3  

*Mining is up !
TiborB
Member
**
Offline Offline

Activity: 83


View Profile
April 24, 2013, 07:35:08 PM
 #6776

Thanks everyone, that explains. One more question - is there a way to check miner status/bitcoins amount mined etc? Maybe some json api is functional?

So, can anyone described what's going on and when it is supposed to be fixed?

Sure!!!
Here you go: https://bitcointalk.org/index.php?topic=1976.msg1925445#msg1925445

Status quo in a nutshell:

* mining now happens on EC2 instances, DNS records for stratum.bitcoin.cz have been updated
* you might need to restart long running workers & make sure DNS changes propagated to you. Use netstat & nslookup, or just flush the dns cache and restart workers.
https://bitcointalk.org/index.php?topic=1976.msg1926436#msg1926436
* the website is not up at the moment, but mining is possible

Hope this helps,
   T



You can check the logs of your miners for status/avg hashrate, the json api for rewards & server side stats are also part of the website which is down at the moment, so AFAIK you will have to wait a bit for that.

Cheers,
   T
GigaPixels
Jr. Member
*
Offline Offline

Activity: 34


Litecoin ♥ Bitcoin


View Profile WWW
April 24, 2013, 08:33:03 PM
 #6777

I also confirm mining still works without issues.
Now let's all be patient while slush fixes the database and the front-end is available again.

Although I'm only someone with little mining power and a few funds with Slush's pool, I had the following remarks:

  • On the frontpage of your site it says "api.bitcoin.cz:8332" is the main pool URL, although you announced at 10/3 that "stratum.bitcoin.cz:3333" is the default mining URL: "Default mining URL for Stratum is stratum.bitcoin.cz:3333. If you're still using api.bitcoin.cz, please fix your URL to prevent fallback to deprecated Getwork protocol." Why not change that as it doesn't seem to redirect?
  • Any consideration for a 2-step authentication? I know this has nothing todo with the recent intrusion, but I think this extra authentication will make your pool stand out (even more).
  • Any possibility someone at OVH could be responsible for the recent intrusion? I do not know much about hacking, but it looks obvious physical access was needed here.
  • Since the front-end is currently down and Google cache can be slow I can't tell which page exactly; but there is a page in Dutch that's only partially translated. If you need my help with any Dutch or French translation, feel free to ask.
  • Although it is logic you take care of your pool - since you created it and are making profit from it - I do really appreciate your transparancy and way of dealing with this situation. Thanks for that.

Litecoin ♥ Bitcoin
Stoneysilence
Member
**
Offline Offline

Activity: 104


View Profile
April 24, 2013, 08:35:04 PM
 #6778

Where the passwords Hashed, Salted, and peppered?  How about some ketchup on them hash? Yumm.... I am getting hungry now. :p

I am offline because for some reason my PC rebooted in the night and that cleared out my username and password for logging into the server.  Have to wait now till Slush comes back online to get the miners password again. *sigh*
GigaPixels
Jr. Member
*
Offline Offline

Activity: 34


Litecoin ♥ Bitcoin


View Profile WWW
April 24, 2013, 08:41:27 PM
 #6779

Where the passwords Hashed, Salted, and peppered?  How about some ketchup on them hash? Yumm.... I am getting hungry now. :p
Yes, as stated above they were indeed hashed and salted. Peppered too, certainly.

Litecoin ♥ Bitcoin
p0rkbelly
Newbie
*
Offline Offline

Activity: 8


View Profile
April 24, 2013, 08:52:01 PM
 #6780

Where the passwords Hashed, Salted, and peppered?  How about some ketchup on them hash? Yumm.... I am getting hungry now. :p

I am offline because for some reason my PC rebooted in the night and that cleared out my username and password for logging into the server.  Have to wait now till Slush comes back online to get the miners password again. *sigh*

Passwords love pepper. They hate cinnamon.
Pages: « 1 ... 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 [339] 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 ... 1104 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!