[4+ EH] Slush Pool (slushpool.com); Overt AsicBoost; World First Mining Pool

[Lucko]

I'm having some troubles while setting up new database server, so all this is taking longer time than I expected. But I'm still working on it.

Well I guess if we asked some company for a quote we would probably get an answer 3 days, 3 people, 9000€. So we do understand...

[Newar]

Thanks everyone, that explains. One more question - is there a way to check miner status/bitcoins amount mined etc? Maybe some json api is functional?

The API is offline too.

[PuertoLibre]

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...

Which is why I asked...(I am ASIC miner so I have a "significant-ish" sum)

[mneisler]

My miners appear to be working. It is my understanding they can not change the email without access to your old email.

[andrufala]

You are awesome , Thanks for keeping this update every time something happens , and keep up your wonderful job <3  

*Mining is up !

[TiborB]

Thanks everyone, that explains. One more question - is there a way to check miner status/bitcoins amount mined etc? Maybe some json api is functional?

So, can anyone described what's going on and when it is supposed to be fixed?

Sure!!!
Here you go: https://bitcointalk.org/index.php?topic=1976.msg1925445#msg1925445

Status quo in a nutshell:

* mining now happens on EC2 instances, DNS records for stratum.bitcoin.cz have been updated
* you might need to restart long running workers & make sure DNS changes propagated to you. Use netstat & nslookup, or just flush the dns cache and restart workers.
https://bitcointalk.org/index.php?topic=1976.msg1926436#msg1926436
* the website is not up at the moment, but mining is possible

Hope this helps,
   T

You can check the logs of your miners for status/avg hashrate, the json api for rewards & server side stats are also part of the website which is down at the moment, so AFAIK you will have to wait a bit for that.

Cheers,
   T

[GigaPixels]

I also confirm mining still works without issues.
Now let's all be patient while slush fixes the database and the front-end is available again.

Although I'm only someone with little mining power and a few funds with Slush's pool, I had the following remarks:

• On the frontpage of your site it says "api.bitcoin.cz:8332" is the main pool URL, although you announced at 10/3 that "stratum.bitcoin.cz:3333" is the default mining URL: "Default mining URL for Stratum is stratum.bitcoin.cz:3333. If you're still using api.bitcoin.cz, please fix your URL to prevent fallback to deprecated Getwork protocol." Why not change that as it doesn't seem to redirect?
• Any consideration for a 2-step authentication? I know this has nothing todo with the recent intrusion, but I think this extra authentication will make your pool stand out (even more).
• Any possibility someone at OVH could be responsible for the recent intrusion? I do not know much about hacking, but it looks obvious physical access was needed here.
• Since the front-end is currently down and Google cache can be slow I can't tell which page exactly; but there is a page in Dutch that's only partially translated. If you need my help with any Dutch or French translation, feel free to ask.
• Although it is logic you take care of your pool - since you created it and are making profit from it - I do really appreciate your transparancy and way of dealing with this situation. Thanks for that.

[Stoneysilence]

Where the passwords Hashed, Salted, and peppered?  How about some ketchup on them hash? Yumm.... I am getting hungry now. :p

I am offline because for some reason my PC rebooted in the night and that cleared out my username and password for logging into the server.  Have to wait now till Slush comes back online to get the miners password again. *sigh*

[GigaPixels]

Where the passwords Hashed, Salted, and peppered?  How about some ketchup on them hash? Yumm.... I am getting hungry now. :p

Yes, as stated above they were indeed hashed and salted. Peppered too, certainly.

[p0rkbelly]

Where the passwords Hashed, Salted, and peppered?  How about some ketchup on them hash? Yumm.... I am getting hungry now. :p

I am offline because for some reason my PC rebooted in the night and that cleared out my username and password for logging into the server.  Have to wait now till Slush comes back online to get the miners password again. *sigh*

Passwords love pepper. They hate cinnamon.

[claxdog]

Where the passwords Hashed, Salted, and peppered?  How about some ketchup on them hash? Yumm.... I am getting hungry now. :p

I am offline because for some reason my PC rebooted in the night and that cleared out my username and password for logging into the server.  Have to wait now till Slush comes back online to get the miners password again. *sigh*

Passwords love pepper. They hate cinnamon.

WOLFPACK unite

[ewitte]

Just put the 3rd GPU on the pool DNS seems to work now no need to do hosts this time.  Updated the main machine as well.

[PuertoLibre]

I also confirm mining still works without issues.
Now let's all be patient while slush fixes the database and the front-end is available again.

Although I'm only someone with little mining power and a few funds with Slush's pool, I had the following remarks:

• On the frontpage of your site it says "api.bitcoin.cz:8332" is the main pool URL, although you announced at 10/3 that "stratum.bitcoin.cz:3333" is the default mining URL: "Default mining URL for Stratum is stratum.bitcoin.cz:3333. If you're still using api.bitcoin.cz, please fix your URL to prevent fallback to deprecated Getwork protocol." Why not change that as it doesn't seem to redirect?
• Any consideration for a 2-step authentication? I know this has nothing todo with the recent intrusion, but I think this extra authentication will make your pool stand out (even more).
• Any possibility someone at OVH could be responsible for the recent intrusion? I do not know much about hacking, but it looks obvious physical access was needed here.
• Since the front-end is currently down and Google cache can be slow I can't tell which page exactly; but there is a page in Dutch that's only partially translated. If you need my help with any Dutch or French translation, feel free to ask.
• Although it is logic you take care of your pool - since you created it and are making profit from it - I do really appreciate your transparancy and way of dealing with this situation. Thanks for that.

I know VIP means "Very Important Person", but what/who are considered VIP at Slush's pool?

Do they have a different address than stratum.bitcoin.cz?

[digital]

I also confirm mining still works without issues.
Now let's all be patient while slush fixes the database and the front-end is available again.

Although I'm only someone with little mining power and a few funds with Slush's pool, I had the following remarks:

• On the frontpage of your site it says "api.bitcoin.cz:8332" is the main pool URL, although you announced at 10/3 that "stratum.bitcoin.cz:3333" is the default mining URL: "Default mining URL for Stratum is stratum.bitcoin.cz:3333. If you're still using api.bitcoin.cz, please fix your URL to prevent fallback to deprecated Getwork protocol." Why not change that as it doesn't seem to redirect?
• Any consideration for a 2-step authentication? I know this has nothing todo with the recent intrusion, but I think this extra authentication will make your pool stand out (even more).
• Any possibility someone at OVH could be responsible for the recent intrusion? I do not know much about hacking, but it looks obvious physical access was needed here.
• Since the front-end is currently down and Google cache can be slow I can't tell which page exactly; but there is a page in Dutch that's only partially translated. If you need my help with any Dutch or French translation, feel free to ask.
• Although it is logic you take care of your pool - since you created it and are making profit from it - I do really appreciate your transparancy and way of dealing with this situation. Thanks for that.

I know VIP means "Very Important Person", but what/who are considered VIP at Slush's pool?

Do they have a different address than stratum.bitcoin.cz?

Just venturing a guess, I would think that it's probably reserved for ASIC miners.

[TiborB]

I also confirm mining still works without issues.
Now let's all be patient while slush fixes the database and the front-end is available again.

Although I'm only someone with little mining power and a few funds with Slush's pool, I had the following remarks:

• On the frontpage of your site it says "api.bitcoin.cz:8332" is the main pool URL, although you announced at 10/3 that "stratum.bitcoin.cz:3333" is the default mining URL: "Default mining URL for Stratum is stratum.bitcoin.cz:3333. If you're still using api.bitcoin.cz, please fix your URL to prevent fallback to deprecated Getwork protocol." Why not change that as it doesn't seem to redirect?
• Any consideration for a 2-step authentication? I know this has nothing todo with the recent intrusion, but I think this extra authentication will make your pool stand out (even more).
• Any possibility someone at OVH could be responsible for the recent intrusion? I do not know much about hacking, but it looks obvious physical access was needed here.
• Since the front-end is currently down and Google cache can be slow I can't tell which page exactly; but there is a page in Dutch that's only partially translated. If you need my help with any Dutch or French translation, feel free to ask.
• Although it is logic you take care of your pool - since you created it and are making profit from it - I do really appreciate your transparancy and way of dealing with this situation. Thanks for that.

I know VIP means "Very Important Person", but what/who are considered VIP at Slush's pool?

Do they have a different address than stratum.bitcoin.cz?

Just venturing a guess, I would think that it's probably reserved for ASIC miners.

There is an address different than stratum*.bitcoin.cz indeed - but this one still points to an OVH IP.
Some received an email notification mentioning v??.bitcoin.cz - might be ASIC or just based on some informal criteria.

$ host v??.bitcoin.cz
v??.bitcoin.cz has address 94.23.174.94
$ host 94.23.174.94
94.174.23.94.in-addr.arpa domain name pointer 94-23-174-94.ovh.net.

As a side note, I did not receive any email with this info, just follow the forum, and puzzled out based on some chatty posts. This means obviously I am just drawing conclusions based on info that might be right or wrong.
I assume that pointing the miners to EC2 is the preferred approach, even for VIPs.

Cheers,
   T

[scouzi]

I also confirm mining still works without issues.
Now let's all be patient while slush fixes the database and the front-end is available again.

Although I'm only someone with little mining power and a few funds with Slush's pool, I had the following remarks:

• On the frontpage of your site it says "api.bitcoin.cz:8332" is the main pool URL, although you announced at 10/3 that "stratum.bitcoin.cz:3333" is the default mining URL: "Default mining URL for Stratum is stratum.bitcoin.cz:3333. If you're still using api.bitcoin.cz, please fix your URL to prevent fallback to deprecated Getwork protocol." Why not change that as it doesn't seem to redirect?
• Any consideration for a 2-step authentication? I know this has nothing todo with the recent intrusion, but I think this extra authentication will make your pool stand out (even more).
• Any possibility someone at OVH could be responsible for the recent intrusion? I do not know much about hacking, but it looks obvious physical access was needed here.
• Since the front-end is currently down and Google cache can be slow I can't tell which page exactly; but there is a page in Dutch that's only partially translated. If you need my help with any Dutch or French translation, feel free to ask.
• Although it is logic you take care of your pool - since you created it and are making profit from it - I do really appreciate your transparancy and way of dealing with this situation. Thanks for that.

I know VIP means "Very Important Person", but what/who are considered VIP at Slush's pool?

Do they have a different address than stratum.bitcoin.cz?

Just venturing a guess, I would think that it's probably reserved for ASIC miners.

Or in network terms, VIP means a virtual IP - through a load balancer

[uberduber]

I also confirm mining still works without issues.
Now let's all be patient while slush fixes the database and the front-end is available again.

Although I'm only someone with little mining power and a few funds with Slush's pool, I had the following remarks:

• On the frontpage of your site it says "api.bitcoin.cz:8332" is the main pool URL, although you announced at 10/3 that "stratum.bitcoin.cz:3333" is the default mining URL: "Default mining URL for Stratum is stratum.bitcoin.cz:3333. If you're still using api.bitcoin.cz, please fix your URL to prevent fallback to deprecated Getwork protocol." Why not change that as it doesn't seem to redirect?
• Any consideration for a 2-step authentication? I know this has nothing todo with the recent intrusion, but I think this extra authentication will make your pool stand out (even more).
• Any possibility someone at OVH could be responsible for the recent intrusion? I do not know much about hacking, but it looks obvious physical access was needed here.
• Since the front-end is currently down and Google cache can be slow I can't tell which page exactly; but there is a page in Dutch that's only partially translated. If you need my help with any Dutch or French translation, feel free to ask.
• Although it is logic you take care of your pool - since you created it and are making profit from it - I do really appreciate your transparancy and way of dealing with this situation. Thanks for that.

I know VIP means "Very Important Person", but what/who are considered VIP at Slush's pool?

Do they have a different address than stratum.bitcoin.cz?

Just venturing a guess, I would think that it's probably reserved for ASIC miners.

There is an address different than stratum*.bitcoin.cz indeed - but this one still points to an OVH IP.
Some received an email notification mentioning [].bitcoin.cz - might be ASIC or just based on some informal criteria.

[]

As a side note, I did not receive any email with this info, just follow the forum, and puzzled out based on some chatty posts. This means obviously I am just drawing conclusions based on info that might be right or wrong.
I assume that pointing the miners to EC2 is the preferred approach, even for VIPs.

Cheers,
   T

Please edit that address out, TiborB.

[nookiegirl]

still a few posts left with that address ... maybe just pm them.

[tiktoc]

I wouldn't be surprised if its been cached already, he will most probably have to change it in the end.

[TiborB]

I also confirm mining still works without issues.
Now let's all be patient while slush fixes the database and the front-end is available again.

Although I'm only someone with little mining power and a few funds with Slush's pool, I had the following remarks:

• On the frontpage of your site it says "api.bitcoin.cz:8332" is the main pool URL, although you announced at 10/3 that "stratum.bitcoin.cz:3333" is the default mining URL: "Default mining URL for Stratum is stratum.bitcoin.cz:3333. If you're still using api.bitcoin.cz, please fix your URL to prevent fallback to deprecated Getwork protocol." Why not change that as it doesn't seem to redirect?
• Any consideration for a 2-step authentication? I know this has nothing todo with the recent intrusion, but I think this extra authentication will make your pool stand out (even more).
• Any possibility someone at OVH could be responsible for the recent intrusion? I do not know much about hacking, but it looks obvious physical access was needed here.
• Since the front-end is currently down and Google cache can be slow I can't tell which page exactly; but there is a page in Dutch that's only partially translated. If you need my help with any Dutch or French translation, feel free to ask.
• Although it is logic you take care of your pool - since you created it and are making profit from it - I do really appreciate your transparancy and way of dealing with this situation. Thanks for that.

I know VIP means "Very Important Person", but what/who are considered VIP at Slush's pool?

Do they have a different address than stratum.bitcoin.cz?

Just venturing a guess, I would think that it's probably reserved for ASIC miners.

There is an address different than stratum*.bitcoin.cz indeed - but this one still points to an OVH IP.
Some received an email notification mentioning [].bitcoin.cz - might be ASIC or just based on some informal criteria.

[]

As a side note, I did not receive any email with this info, just follow the forum, and puzzled out based on some chatty posts. This means obviously I am just drawing conclusions based on info that might be right or wrong.
I assume that pointing the miners to EC2 is the preferred approach, even for VIPs.

Cheers,
   T

Please edit that address out, TiborB.

As you prefer, I edited it out, however note that is was publicly disclosed on this forum (by someone who got it via mail, not me), and whatever makes it to the internet, will stay there. Getting this info was really not rocket science, just paying attention & following the forum.

Reminds me a bit of Orwell's famous phrase "All animals are equal, but some animals are more equal than others".
And another famous one from here: http://www.catb.org/esr/writings/unix-koans/mcse.html
“A man who mistakes secrets for knowledge is like a man who, seeking light, hugs a candle so closely that he smothers it and burns his hand.”

While there might be legit reasons for some unpublished alternative service endpoints, providing unequal chances to connect to the pool under DDoS was surely not the original intention of Slush. Uberduber, are you aware of any details you are willing to share?