slush (OP)
Legendary
 Offline
Activity: 1386
Merit: 1097
|
 |
April 24, 2013, 09:02:47 AM |
|
I'm setting up server right now on safe location with physical access only, the website should be back in few hours.
|
|
|
|
|
nottm28
|
|
April 24, 2013, 09:04:13 AM |
|
Stratum servers have been migrated to (not-compromised) EC2 backends, I just see few first connections. So mining continues and no action is required by you.
I'll set up database and website in few hours on trusted machines, so the pool will be in normal operation soon.
I'd have my EC2 servers penetration tested several times by big companies because my sites take online payments - they couldn't get in - I'll feel safer when your in the EC2 cloud Slush... |
donations not accepted
|
|
|
slush (OP)
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
April 24, 2013, 09:33:17 AM |
|
FYI Pool hashrate is still above 7Thash/s and it reports new blocks normally. Please be patient, I'm working hardly to get website back online.
|
|
|
|
VishwaJay
Newbie
Offline
Activity: 56
Merit: 0
|
|
April 24, 2013, 09:37:13 AM |
|
The pool has been hacked. Fortunately I noticed it fast enough, so I made database snapshot seconds before attackers overtake the database machine. I lost some amount of bitcoins, but I'll be able to recover it from my pocket. For now I'm evaluating what's next to do, because all machines in OVH has been compromised and they cannot be trusted anymore.
Wow, glad to know my BTC0.002 is safe, LOL.... seriously, this amount is so small, please don't worry about it with me. If it helps, just apply it to those who need payment or toward the server. I'm not doing this really for the money, I'm doing it because it's fun and there is a small payout which I can then track to measure progress with. Thanks for the rapid response, slush. |
|
|
|
|
ewitte
Member
Offline
Activity: 98
Merit: 10
|
|
April 24, 2013, 09:40:35 AM
Last edit: April 24, 2013, 09:51:35 AM by ewitte |
|
Everyone mining with Slush, restart your mining clients and make sure the stratum domain resolves to an address in the Amazon cloud. It's 54.214.10.135 when I check here.
Before I restarted mine it still used the old compromised server which is still running. I'm not sure they will be able to use the bitcoins mined there but I hate the thought of it.
Hmm for stratum.bitcoin.cz its reporting a 77.93 address for me. I did a flush DNS and complete reboot. Was mining LTC all night. Its connected and accepting. EDIT guiminer uses api2.bitcoin.cz which redirects to stratum.bitcoin.cz. I tried stratum2.bitcoin.cz directly and it wouldn't work. Updated hosts file for now hopefully no DNS changes coming up soon  |
Donations
BTC - 13Lgy6fb4d3nSYEf2nkgBgyBkkhPw8zkPd
LTC - LegzRwyc2Xhu8cqvaW2jwRrqSnhyaYU6gZ
|
|
|
uberduber
Newbie
Offline
Activity: 13
Merit: 0
|
|
April 24, 2013, 09:42:50 AM |
|
Slush, do you use IRC at all?
|
|
|
|
|
slush (OP)
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
April 24, 2013, 09:44:19 AM |
|
Slush, do you use IRC at all?
I do use IRC, but currently I don't have a time hanging on chat, sorry  . |
|
|
|
|
melvster
|
|
April 24, 2013, 09:53:01 AM |
|
What about the user database? Was it compromised? I'd hate to see bitcoins sent to the wrong address.
I have a database snapshot taken before bad guys overtook the database. So there's no reason to think payout addresses have been modified. Any change of wallet on pool profile requires email confirmation by account owner so I think we're on safe side here. Unfortunately the user database can be considered as compromised, so the attacker knows user's emails :-(. How were the passwords hashed? 1. Great job slush! 2. Passwords are generally low entropy. If you've used your mining pw elsewhere change it now. |
|
|
|
|
DryMartini
Newbie
Offline
Activity: 37
Merit: 0
|
|
April 24, 2013, 10:02:36 AM |
|
Strange, ewitte. But DNS's live their own lives sometimes. Looks like all stratum records have several IP's so one of these should be valid:
stratum.bitcoin.cz, A, 54.214.10.150
stratum.bitcoin.cz, A, 54.214.4.50
stratum.bitcoin.cz, A, 54.214.10.101
stratum.bitcoin.cz, A, 54.214.10.134
stratum.bitcoin.cz, A, 54.214.10.135
And slush: Keep up the great work! Hope you'll get some sleep eventually. I'm sure the Amazon cloud will be a safe solution.
|
|
|
|
|
ewitte
Member
Offline
Activity: 98
Merit: 10
|
|
April 24, 2013, 10:03:51 AM |
|
1. Great job slush!
2. Passwords are generally low entropy. If you've used your mining pw elsewhere change it now.
They are welcome to mine for me if they wish its not the same as my login  |
Donations
BTC - 13Lgy6fb4d3nSYEf2nkgBgyBkkhPw8zkPd
LTC - LegzRwyc2Xhu8cqvaW2jwRrqSnhyaYU6gZ
|
|
|
ewitte
Member
Offline
Activity: 98
Merit: 10
|
|
April 24, 2013, 10:11:34 AM |
|
Strange, ewitte. But DNS's live their own lives sometimes. Looks like all stratum records have several IP's so one of these should be valid:
stratum.bitcoin.cz, A, 54.214.10.150
stratum.bitcoin.cz, A, 54.214.4.50
stratum.bitcoin.cz, A, 54.214.10.101
stratum.bitcoin.cz, A, 54.214.10.134
stratum.bitcoin.cz, A, 54.214.10.135
And slush: Keep up the great work! Hope you'll get some sleep eventually. I'm sure the Amazon cloud will be a safe solution.
As long as its mining on a correct address I'll not touch it for now let them breathe a bit. We always assume 24h for certain changes though most places usually go through in less than 1h... there are occasional holdouts with certain servers. |
Donations
BTC - 13Lgy6fb4d3nSYEf2nkgBgyBkkhPw8zkPd
LTC - LegzRwyc2Xhu8cqvaW2jwRrqSnhyaYU6gZ
|
|
|
|
bigb159
|
|
April 24, 2013, 11:24:10 AM |
|
When people ask me what is the best pool, the dedication and communication of it's admin is the case I always make for Slush's pool. Kudos Slush - thanks for keeping us online.
|
|
|
|
|
joolzg
Member
Offline
Activity: 76
Merit: 10
|
|
April 24, 2013, 11:34:55 AM |
|
When people ask me what is the best pool, the dedication and communication of it's admin is the case I always make for Slush's pool. Kudos Slush - thanks for keeping us online.
will be nice to see how we have been doing, noticed quite a few found blocks for slush's pool. hope he can get the shares sorted out for us all. joolz |
|
|
|
|
|
Khertan
|
|
April 24, 2013, 12:19:31 PM |
|
Hum ... pretty strange
OVH Block my website (on a mutualized server) too due to suspect activity on my website, except ownCloud and a static website was hosted on it ... nothing suspect in the httplog, nor the ftp log ...
Look like there are false alarm, or hack come from inside ...
|
|
|
|
silicont
Member
Offline
Activity: 87
Merit: 10
|
|
April 24, 2013, 12:26:08 PM |
|
Good effort, slush, thanks. I wish there was a 'thanks' button for posts, so we could share the sentiments of other posts without bloating the lone, long thread. Thanks.
|
|
|
|
|
ntgrac
Newbie
Offline
Activity: 14
Merit: 0
|
|
April 24, 2013, 12:41:21 PM |
|
Good effort, slush, thanks. I wish there was a 'thanks' button for posts, so we could share the sentiments of other posts without bloating the lone, long thread. Thanks.
+1 |
|
|
|
|
dmphotog
Newbie
Offline
Activity: 17
Merit: 0
|
|
April 24, 2013, 12:47:02 PM |
|
Good effort, slush, thanks. I wish there was a 'thanks' button for posts, so we could share the sentiments of other posts without bloating the lone, long thread. Thanks.
+1 ++1 Keep up the great work. If you ever come to my town, I will gladly buy you a beer (or whatever you drink). |
|
|
|
|
|
soundasleep
|
|
April 24, 2013, 01:04:17 PM |
|
2. Passwords are generally low entropy. If you've used your mining pw elsewhere change it now.
I use a securely generated random password for every slave and every pool. Even if the passwords aren't hashed there's no way any attacker can get into any other pool account. |
|
|
|
|
|
Lucko
|
|
April 24, 2013, 01:12:24 PM |
|
Any estimation on complition? I need to take out some bitcoins at 20:00 (UTC +1)
|
|
|
|
|
Camello_AR
Newbie
Offline
Activity: 43
Merit: 0
|
|
April 24, 2013, 01:24:20 PM |
|
2. Passwords are generally low entropy. If you've used your mining pw elsewhere change it now.
I use a securely generated random password for every slave and every pool. Even if the passwords aren't hashed there's no way any attacker can get into any other pool account. Is not necesary to have a high secure worker pass. Even when pass is so simple (but diferent as other passwords you use in your life) the only use that it has is mine. Then, if somebody knows your worker/pass combination, the only can do is mine for you I have simply workname/passwords combinations, but not related to other pass used, to get easy remembers when setup diferents workers |
|
|
|
|
|
