slush (OP)
Legendary
 Offline
Activity: 1386
Merit: 1097
|
 |
April 24, 2013, 01:17:02 AM |
|
apparently, if you don't hold it you don't own it is true for servers as well  That's the point. Next time I'll be the only person who'll have a physical access to the machine. No f***ing web consoles, email recovery features and no 3rd party administrators next time. I'm really tired by these situations and incompetent people who are harming my own reputation. |
|
|
|
|
zif33rs
|
|
April 24, 2013, 01:21:52 AM |
|
Uhhh..hate to be that tinfoil hat guy..but..Slush..anyway to confirm this is...uh..you? With a hacking involved all sorts of rumors are going to pop up. I would instigate damage control asap.
|
New to bitcoin? Want to mine? Not sure where to start out? Check out www.hostedmining.comDonations and Tips btc - 1MkjKHpZbSaRepeYaAcmRMcqt8o3HKQCF ltc - LNz48TP8MZmke38qbZD5gXi53KrktbJG7V ftc - 6iDt92cyDvxXkrDhCzMh4zEmK1b9PqShs4 |
|
|
|
gbx
|
|
April 24, 2013, 01:24:28 AM |
|
What about the user database? Was it compromised? I'd hate to see bitcoins sent to the wrong address.
|
|
|
|
|
|
Lucko
|
|
April 24, 2013, 01:27:28 AM |
|
What about the user database? Was it compromised? I'd hate to see bitcoins sent to the wrong address.
Good point but I'm afraid about password. But I guess that even if it was stolen it is irreversibly coded right? |
|
|
|
|
jerethdaminer
Member
Offline
Activity: 84
Merit: 10
|
|
April 24, 2013, 01:30:54 AM |
|
so pool got hacked? what was comprimised
|
|
|
|
|
slush (OP)
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
April 24, 2013, 01:33:55 AM |
|
What about the user database? Was it compromised? I'd hate to see bitcoins sent to the wrong address.
I have a database snapshot taken before bad guys overtook the database. So there's no reason to think payout addresses have been modified. Any change of wallet on pool profile requires email confirmation by account owner so I think we're on safe side here. Unfortunately the user database can be considered as compromised, so the attacker knows user's emails :-(. |
|
|
|
slush (OP)
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
April 24, 2013, 01:35:29 AM |
|
Stratum servers have been migrated to (not-compromised) EC2 backends, I just see few first connections. So mining continues and no action is required by you.
I'll set up database and website in few hours on trusted machines, so the pool will be in normal operation soon.
|
|
|
|
VacantPaper
Newbie
Offline
Activity: 28
Merit: 0
|
|
April 24, 2013, 01:41:20 AM |
|
I lost some amount of bitcoins, but I'll be able to recover it from my pocket.
I want to say thank you Slush, you really put a lot of effort in to this and we all appreciate it so much. If there is anything we can do please let us know  |
|
|
|
|
PuertoLibre
Legendary
Offline
Activity: 1890
Merit: 1003
|
|
April 24, 2013, 01:44:18 AM |
|
What about the user database? Was it compromised? I'd hate to see bitcoins sent to the wrong address.
I have a database snapshot taken before bad guys overtook the database. So there's no reason to think payout addresses have been modified. Any change of wallet on pool profile requires email confirmation by account owner so I think we're on safe side here. Unfortunately the user database can be considered as compromised, so the attacker knows user's emails :-(. Should we consider our passwords compromised? |
|
|
|
|
Miz4r
Legendary
Offline
Activity: 1246
Merit: 1000
|
|
April 24, 2013, 01:46:06 AM |
|
So is it safe to keep mining on Stratum now? I don't want my mining power working for the profit of some hacker..
|
Bitcoin = Gold on steroids
|
|
|
slush (OP)
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
April 24, 2013, 01:58:03 AM |
|
So is it safe to keep mining on Stratum now? I don't want my mining power working for the profit of some hacker..
Yes, stratum.bitcoin.cz is now pointed to Amazon EC2 instances, which are safe. |
|
|
|
TiborB
Member
Offline
Activity: 83
Merit: 10
|
|
April 24, 2013, 02:11:17 AM |
|
So is it safe to keep mining on Stratum now? I don't want my mining power working for the profit of some hacker..
I just used netstat and reverse lookup to confirm where the existing stratum connections were going (they were still opened to ovh address 94.23.174.94 in my case). Restarted workers where it was needed to make sure they connect to EC, 54.214.x.x. Hope this helps. T |
|
|
|
|
aigeezer
Legendary
Offline
Activity: 1450
Merit: 1013
Cryptanalyst castrated by his government, 1952
|
|
April 24, 2013, 02:11:53 AM |
|
So is it safe to keep mining on Stratum now? I don't want my mining power working for the profit of some hacker..
Yes, stratum.bitcoin.cz is now pointed to Amazon EC2 instances, which are safe. When I couldn't get stratum.bitcoin.cz to connect an hour or so ago I switched to stratum2.bitcoin.cz (remembering your advice from the DDoS attack) and it seems to have been mining normally. Is that OK for you? |
|
|
|
|
slush (OP)
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
April 24, 2013, 02:14:01 AM |
|
Yes, stratum.bitcoin.cz, stratum2.bitcoin.cz and stratum3.bitcoin.cz points to safe servers.
|
|
|
|
irritant
Sr. Member
Offline
Activity: 473
Merit: 250
Sodium hypochlorite, acetone, ethanol
|
|
April 24, 2013, 02:26:53 AM |
|
So is it safe to keep mining on Stratum now? I don't want my mining power working for the profit of some hacker..
I just used netstat and reverse lookup to confirm where the existing stratum connections were going (they were still opened to ovh address 94.23.174.94 in my case). Restarted workers where it was needed to make sure they connect to EC, 54.214.x.x. Hope this helps. T same here, is work done at ovh address lost? |
|
|
|
|
slush (OP)
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
April 24, 2013, 02:34:22 AM |
|
No work is lost, but mining on Amazon is recommended. If you restart the miner using stratum.bitcoin.cz, you'll be switched there.
|
|
|
|
DoomDumas
Legendary
Offline
Activity: 1002
Merit: 1000
Bitcoin
|
|
April 24, 2013, 03:17:17 AM
Last edit: April 24, 2013, 10:23:39 PM by DoomDumas |
|
seems v___.bitcoin.cz points to OVH... minning on this adress since the DDoS !
IIRC, you own this work too, so things seems all fine !
The most important point I want to write :
Thank you so much Slush, You're the King of pool operators ! I'll always mine at your pool !
Thank you very much, you rule !
|
|
|
|
|
Quantus
Legendary
Offline
Activity: 883
Merit: 1005
|
|
April 24, 2013, 03:39:08 AM |
|
I got two Questions.
Are my Bitcoins safe and Do I need to change pools?
|
(I am a 1MB block supporter who thinks all users should be using Full-Node clients) Avoid the XT shills, they only want to destroy bitcoin, their hubris and greed will destroy us. Know your adversary https://www.youtube.com/watch?v=BKorP55Aqvg |
|
|
DoomDumas
Legendary
Offline
Activity: 1002
Merit: 1000
Bitcoin
|
|
April 24, 2013, 03:43:49 AM
Last edit: April 24, 2013, 04:20:21 AM by DoomDumas |
|
1 - Your bitcoin in the Slush pool = no lost for you. Slush have a nice system to keep most BTC offline, so if lost occurs, he will be able to refund from his pocket, as he stated earlier ! 2 - No need to change pool : mining on stratum.bitcoin.cz is safe. Imo, no problem at all.. Slush is fast to respond to emergency, professional and trustworthy pool operator who communicate with users. Slush first post I know about it : https://bitcointalk.org/index.php?topic=1976.msg1925445#msg1925445Other following Slush post confirm we are all fine mining there |
|
|
|
|
jerethdaminer
Member
Offline
Activity: 84
Merit: 10
|
|
April 24, 2013, 03:47:13 AM |
|
but intruder has emails and information but would have to hack each email individually? hopefully to much effort anything we need to do to resecure any thing comprimised
|
|
|
|
|
|
