TiborB
Member
 Offline
Activity: 83
Merit: 10
|
 |
April 24, 2013, 10:19:39 PM
Last edit: April 24, 2013, 10:31:20 PM by TiborB |
|
And in all honesty, I did not even assume it was anything sensitive - as it was openly mentioned on the forum.
|
|
|
|
|
DoomDumas
Legendary
Offline
Activity: 1002
Merit: 1000
Bitcoin
|
|
April 24, 2013, 10:25:12 PM |
|
I mentionned it, my bad.. tought it was announced here by slush.. Msg edited.. but traces left for sure.. sorry !
|
|
|
|
|
TiborB
Member
Offline
Activity: 83
Merit: 10
|
|
April 24, 2013, 10:34:53 PM |
|
I mentionned it, my bad.. tought it was announced here by slush.. Msg edited.. but traces left for sure.. sorry !
I believe Slush will just set up another one and distribute it as he sees fit. I am a bit curious but can live with it, np  Cheers, T PS: As far as I can see, all references have been masked/edited out by now. |
|
|
|
|
ZeroPAiN
Newbie
Offline
Activity: 21
Merit: 0
|
|
April 24, 2013, 10:50:57 PM |
|
I also confirm mining still works without issues. Now let's all be patient while slush fixes the database and the front-end is available again. Although I'm only someone with little mining power and a few funds with Slush's pool, I had the following remarks: - On the frontpage of your site it says "api.bitcoin.cz:8332" is the main pool URL, although you announced at 10/3 that "stratum.bitcoin.cz:3333" is the default mining URL: "Default mining URL for Stratum is stratum.bitcoin.cz:3333. If you're still using api.bitcoin.cz, please fix your URL to prevent fallback to deprecated Getwork protocol." Why not change that as it doesn't seem to redirect?
- Any consideration for a 2-step authentication? I know this has nothing todo with the recent intrusion, but I think this extra authentication will make your pool stand out (even more).
- Any possibility someone at OVH could be responsible for the recent intrusion? I do not know much about hacking, but it looks obvious physical access was needed here.
- Since the front-end is currently down and Google cache can be slow I can't tell which page exactly; but there is a page in Dutch that's only partially translated. If you need my help with any Dutch or French translation, feel free to ask.
- Although it is logic you take care of your pool - since you created it and are making profit from it - I do really appreciate your transparancy and way of dealing with this situation. Thanks for that.
I know VIP means "Very Important Person", but what/who are considered VIP at Slush's pool? Do they have a different address than stratum.bitcoin.cz? Just venturing a guess, I would think that it's probably reserved for ASIC miners. There is an address different than stratum*.bitcoin.cz indeed - but this one still points to an OVH IP. Some received an email notification mentioning [].bitcoin.cz - might be ASIC or just based on some informal criteria. [] As a side note, I did not receive any email with this info, just follow the forum, and puzzled out based on some chatty posts. This means obviously I am just drawing conclusions based on info that might be right or wrong. I assume that pointing the miners to EC2 is the preferred approach, even for VIPs. Cheers, T Please edit that address out, TiborB. As you prefer, I edited it out, however note that is was publicly disclosed on this forum (by someone who got it via mail, not me), and whatever makes it to the internet, will stay there. Getting this info was really not rocket science, just paying attention & following the forum. Reminds me a bit of Orwell's famous phrase "All animals are equal, but some animals are more equal than others". And another famous one from here: http://www.catb.org/esr/writings/unix-koans/mcse.html“A man who mistakes secrets for knowledge is like a man who, seeking light, hugs a candle so closely that he smothers it and burns his hand.” While there might be legit reasons for some unpublished alternative service endpoints, providing unequal chances to connect to the pool under DDoS was surely not the original intention of Slush. Uberduber, are you aware of any details you are willing to share? Apart from being given specific directions to not disclose the former. Probably not. |
|
|
|
|
|
digital
|
|
April 24, 2013, 11:06:26 PM |
|
So am I entitled to ask what the un-mentionable address was used for? If so, what is it used for?
Obviously it wasn't meant for public use, and I have been mining on slush for years now and haven't heard about it til now...
|
If I help you out: 17QatvSdciyv2zsdAbphDEUzST1S6x46c3
References (bitcointalk.org/index.php?topic=): 50051.20 50051.100 53668.0 53788.0 53571.0 53571.0 52212.0 50729.0 114804.0 115468 78106 69061 58572 54747
|
|
|
Dirtyhippy42000
Newbie
Offline
Activity: 18
Merit: 0
|
|
April 24, 2013, 11:08:40 PM |
|
so i just got home from work and see mining.bitcoin.cz is still down and has been now for about 24 hrs. I have had my miners going pretty much the whole time at about roughly 1 Ghash/s. I guess my question is am i going to be compensated for the work I put in or should i just call the last 24 hrs a waste and start mining somewhere else? also any update on or ETA on the website? i read a couple posts back that slush said should be up in a couple hours but that was last night...  |
|
|
|
|
|
digital
|
|
April 24, 2013, 11:09:38 PM |
|
so i just got home from work and see mining.bitcoin.cz is still down and has been now for about 24 hrs. I have had my miners going pretty much the whole time at about roughly 1 Ghash/s. I guess my question is am i going to be compensated for the work I put in or should i just call the last 24 hrs a waste and start mining somewhere else? also any update on or ETA on the website? i read a couple posts back that slush said should be up in a couple hours but that was last night... everything is explained in the thread |
If I help you out: 17QatvSdciyv2zsdAbphDEUzST1S6x46c3
References (bitcointalk.org/index.php?topic=): 50051.20 50051.100 53668.0 53788.0 53571.0 53571.0 52212.0 50729.0 114804.0 115468 78106 69061 58572 54747
|
|
|
Dirtyhippy42000
Newbie
Offline
Activity: 18
Merit: 0
|
|
April 24, 2013, 11:24:20 PM |
|
so i just got home from work and see mining.bitcoin.cz is still down and has been now for about 24 hrs. I have had my miners going pretty much the whole time at about roughly 1 Ghash/s. I guess my question is am i going to be compensated for the work I put in or should i just call the last 24 hrs a waste and start mining somewhere else? also any update on or ETA on the website? i read a couple posts back that slush said should be up in a couple hours but that was last night... everything is explained in the thread all i got from the last couple pages are... 1. website was compromised 2. moving to new data center 3. mining is still working and we will be paid by slush per block instad of PPS 4. passwords where salt and peppered and possibly ketchuped 5. fight club mining link was talked about when it shouldnt have been i apreciate the work done by slush to keep up his pool but all i want to know is if its worth to continue mining on his pool or switch wile he works out the kinks. thanks |
|
|
|
|
silicont
Member
Offline
Activity: 87
Merit: 10
|
|
April 24, 2013, 11:25:48 PM |
|
I would like to know if there are other 'best practices' for the pool and forum. Not listing what I would have thought was a public adr didn't cross my mind. I'd appreciate learning any other no-no's.
|
|
|
|
|
Lanidarc
Newbie
Offline
Activity: 48
Merit: 0
|
|
April 24, 2013, 11:32:55 PM |
|
5. fight club mining link was talked about when it shouldnt have been ROFL!! good one +1  |
|
|
|
|
TiborB
Member
Offline
Activity: 83
Merit: 10
|
|
April 24, 2013, 11:40:13 PM |
|
so i just got home from work and see mining.bitcoin.cz is still down and has been now for about 24 hrs. I have had my miners going pretty much the whole time at about roughly 1 Ghash/s. I guess my question is am i going to be compensated for the work I put in or should i just call the last 24 hrs a waste and start mining somewhere else? also any update on or ETA on the website? i read a couple posts back that slush said should be up in a couple hours but that was last night... everything is explained in the thread all i got from the last couple pages are... 1. website was compromised 2. moving to new data center 3. mining is still working and we will be paid by slush per block instad of PPS 4. passwords where salt and peppered and possibly ketchuped 5. fight club mining link was talked about when it shouldnt have been i apreciate the work done by slush to keep up his pool but all i want to know is if its worth to continue mining on his pool or switch wile he works out the kinks. thanks I appreciate his efforts and this is why I decided to stay with him (his pool) even under suboptimal circumstances. I can mine without interruption, and I assume rewarding will be taken care of once things are back to normal. He will open up the front-end when he feels it is ok to do so. This is my personal opinion, based on what I have seen so far. It is only him who can provide authoritative information - but I believe he has more urgent activities than focusing on communication. And I am ok with that. |
|
|
|
|
Dirtyhippy42000
Newbie
Offline
Activity: 18
Merit: 0
|
|
April 24, 2013, 11:59:41 PM |
|
so i just got home from work and see mining.bitcoin.cz is still down and has been now for about 24 hrs. I have had my miners going pretty much the whole time at about roughly 1 Ghash/s. I guess my question is am i going to be compensated for the work I put in or should i just call the last 24 hrs a waste and start mining somewhere else? also any update on or ETA on the website? i read a couple posts back that slush said should be up in a couple hours but that was last night... everything is explained in the thread all i got from the last couple pages are... 1. website was compromised 2. moving to new data center 3. mining is still working and we will be paid by slush per block instad of PPS 4. passwords where salt and peppered and possibly ketchuped 5. fight club mining link was talked about when it shouldnt have been i apreciate the work done by slush to keep up his pool but all i want to know is if its worth to continue mining on his pool or switch wile he works out the kinks. thanks I appreciate his efforts and this is why I decided to stay with him (his pool) even under suboptimal circumstances. I can mine without interruption, and I assume rewarding will be taken care of once things are back to normal. He will open up the front-end when he feels it is ok to do so. This is my personal opinion, based on what I have seen so far. It is only him who can provide authoritative information - but I believe he has more urgent activities than focusing on communication. And I am ok with that right on. Im still mining on slushs pool but just wondering whats going on. like you said though he probably has more urgent things to focus on and i guess i dont really have a choice but to be ok with that. |
|
|
|
|
|
digital
|
|
April 25, 2013, 12:00:35 AM |
|
so i just got home from work and see mining.bitcoin.cz is still down and has been now for about 24 hrs. I have had my miners going pretty much the whole time at about roughly 1 Ghash/s. I guess my question is am i going to be compensated for the work I put in or should i just call the last 24 hrs a waste and start mining somewhere else? also any update on or ETA on the website? i read a couple posts back that slush said should be up in a couple hours but that was last night... everything is explained in the thread all i got from the last couple pages are... 1. website was compromised 2. moving to new data center 3. mining is still working and we will be paid by slush per block instad of PPS 4. passwords where salt and peppered and possibly ketchuped 5. fight club mining link was talked about when it shouldnt have been i apreciate the work done by slush to keep up his pool but all i want to know is if its worth to continue mining on his pool or switch wile he works out the kinks. thanks As far as I'm concerned, as long as we're able to mine, it's worth it. Slush will make sure we get what's coming to us. I've been with him in situations like this in the past and he always comes through. I trust him implicitly. |
If I help you out: 17QatvSdciyv2zsdAbphDEUzST1S6x46c3
References (bitcointalk.org/index.php?topic=): 50051.20 50051.100 53668.0 53788.0 53571.0 53571.0 52212.0 50729.0 114804.0 115468 78106 69061 58572 54747
|
|
|
nimasha
Newbie
Offline
Activity: 8
Merit: 0
|
|
April 25, 2013, 12:18:40 AM |
|
I wonder what the pools hash rate is at the moment?
|
|
|
|
|
|
digital
|
|
April 25, 2013, 12:20:03 AM |
|
a couple pages back, after the hack, slush actually said it was still over 7 thash...
|
If I help you out: 17QatvSdciyv2zsdAbphDEUzST1S6x46c3
References (bitcointalk.org/index.php?topic=): 50051.20 50051.100 53668.0 53788.0 53571.0 53571.0 52212.0 50729.0 114804.0 115468 78106 69061 58572 54747
|
|
|
PuertoLibre
Legendary
Offline
Activity: 1890
Merit: 1003
|
|
April 25, 2013, 12:21:19 AM |
|
3. mining is still working and we will be paid by slush per block instad of PPS
I hope we don't get paid out without PPS because it would [truly] suck to earn what a GPU card owner earns for the last two days of delivered work. I put out about 1000 times more work than the average person using a medium range [single] GPU card. Just on the day of the outage I discovered 2 blocks. (Got a screen cap of it too) I am the last person in a circle to be "the greedy type" but lets hope some metrics or thoughts are put into play when dispersing funds. Like one Mod mentioned in the Custom Hardware Mining board, I pay out more in fees than the average GPU owner earns in a day (possibly even in a month if I am not mistaken). Or at least that is what the Mod hinted at when they ran the numbers against various fee sizes. Edit: Anyway, it really takes the wind out of my sails just hearing about that. |
|
|
|
|
|
digital
|
|
April 25, 2013, 12:24:05 AM |
|
3. mining is still working and we will be paid by slush per block instad of PPS
I hope we don't get paid out without PPS because it would [truly] suck to earn what a GPU card owner earns for the last two days of delivered work. I put out about 1000 times more work than the average person using a medium range [single] GPU card. Just on the day of the outage I discovered 2 blocks. (Got a screen cap of it too) I am the last person in a circle to be "the greedy type" but lets hope some metrics or thoughts are put into play when dispersing funds. Like one Mod mentioned in the Custom Hardware Mining board, I pay out more in fees than the average GPU owner earns in a day. Or at least that is what the Mod hinted at when they ran the numbers against various fee sizes. Slush will take care of you, don't worry... |
If I help you out: 17QatvSdciyv2zsdAbphDEUzST1S6x46c3
References (bitcointalk.org/index.php?topic=): 50051.20 50051.100 53668.0 53788.0 53571.0 53571.0 52212.0 50729.0 114804.0 115468 78106 69061 58572 54747
|
|
|
|
gbx
|
|
April 25, 2013, 12:30:48 AM |
|
3. mining is still working and we will be paid by slush per block instad of PPS
I hope we don't get paid out without PPS because it would [truly] suck to earn what a GPU card owner earns for the last two days of delivered work. I put out about 1000 times more work than the average person using a medium range [single] GPU card. Just on the day of the outage I discovered 2 blocks. (Got a screen cap of it too) I am the last person in a circle to be "the greedy type" but lets hope some metrics or thoughts are put into play when dispersing funds. Like one Mod mentioned in the Custom Hardware Mining board, I pay out more in fees than the average GPU owner earns in a day (possibly even in a month if I am not mistaken). Or at least that is what the Mod hinted at when they ran the numbers against various fee sizes. Edit: Anyway, it really takes the wind out of my sails just hearing about that. If anything, he could probably take our average hash rate from prior blocks and apply it as the missing data to spread the btc accordingly. My hash rate doesn't vary too much and is pretty constant. |
|
|
|
|
nimasha
Newbie
Offline
Activity: 8
Merit: 0
|
|
April 25, 2013, 12:32:44 AM |
|
a couple pages back, after the hack, slush actually said it was still over 7 thash...
That's not too bad. I am glad many of us are sticking arround. I haven't been doing this for long but from what I have seen Slush is doing more than 1 man should be expected to do on his own in such a short amount of time. |
|
|
|
|
PuertoLibre
Legendary
Offline
Activity: 1890
Merit: 1003
|
|
April 25, 2013, 12:34:46 AM |
|
3. mining is still working and we will be paid by slush per block instad of PPS
I hope we don't get paid out without PPS because it would [truly] suck to earn what a GPU card owner earns for the last two days of delivered work. I put out about 1000 times more work than the average person using a medium range [single] GPU card. Just on the day of the outage I discovered 2 blocks. (Got a screen cap of it too) I am the last person in a circle to be "the greedy type" but lets hope some metrics or thoughts are put into play when dispersing funds. Like one Mod mentioned in the Custom Hardware Mining board, I pay out more in fees than the average GPU owner earns in a day. Or at least that is what the Mod hinted at when they ran the numbers against various fee sizes. Slush will take care of you, don't worry... I know, it's just that it sucks if it did turn out that way. I'd prefer it he took my portion and put it towards the pool infrastructure to make it robust for the next few months. Or put it towards buying expensive services that make it very hard for an attacker to succeed. That I wouldn't mind. Though as others have said, it is not necessarily a money problem. It is very hard to combat DDOS without seriously scaling like crazy. ----------------------------- Either way, I don't think it really needs to be argued that Slush is doing his best to get things going again. Just keep in mind that in deciding to stick with his pool and getting the profits of a GPU miner for 2 days really hits home when the next difficulty change continues to come ever closer. |
|
|
|
|
|
