Miner2525
|
|
August 04, 2017, 11:30:59 AM |
|
Damage control and reparations is fine, but we need to understand exactly why this happened and to prevent it from occurring again. Was there a hack? Is there a bug in Signatum? Has the developer been notified? etc.
|
|
|
|
enkayz (OP)
Full Member
Offline
Activity: 298
Merit: 100
hashbag.cc
|
|
August 04, 2017, 12:38:21 PM |
|
Yes, I must apologize profusely, it appears as though hashbag has been victim to a kind of hack, an exploit of vulnerability in php/yiimp's admin session setup, which has occured several times over the past few days resulting in the draining of all funds from the pool. i have had little time to figure out, originally I thought there was some corruption in the wallet.
the attack was made which executed 'sendto' commands via console by injected it's IP as 127.0.0.1 into the $_SERVER[] var inside the PHP session so that it was given trust to execute admin commands. needless to say I have fixed the exploit so it should not occur again, but unfortunately all the funds are gone, including the extra funds which were put in to top up the pool so it could make payments.
total of 994 DNR stolen and transferred to these addresses DP38wNb2SbYDeYqkQtE5WjCowKhMb1GR4q DKDY5XWxzoPfLoJ1XXT7YWSneJ9sMw3FxG DF9ZD91iQDMAegSCzbVrvPRaZrDXCgkurH DCeeCazTExun2AkaM1Q2BuzNe8AwW2KZHX
total of 74209 SIGT stolen and transferred to these addreses B557LL3vQhmxgRsCeRqAHpPBB7WRrMgfFA BPDfVHVfKawJsVyK9gjkZ8DNsYgMjZyEAh BTAGK33fvjhmfUzpEZu6GZssGqWXxrhU9o
i was considering taking down hashbag but it appears as though the bug has been fixed. if this does occur again I will shut down hashbag and relaunch it with a much more hardened security system. unfortunately it seems there are many dodgy people trying to steal from crypto pools, this may not be the last time though an attempt is given. i'm setting up further controls to make sure anything like this doesn't happen again
i have the IP address of the person who did it and it appears they also attempted the hack on various other yiimp-based pools, so it is likely this may have happened to other people too
|
|
|
|
Miner2525
|
|
August 04, 2017, 02:50:09 PM |
|
Even though I'm mining at hashbag again, the wallet page doesn't seem to be updating and is still zeroed out. Is this normal?
|
|
|
|
enkayz (OP)
Full Member
Offline
Activity: 298
Merit: 100
hashbag.cc
|
|
August 04, 2017, 02:56:53 PM |
|
Even though I'm mining at hashbag again, the wallet page doesn't seem to be updating and is still zeroed out. Is this normal?
shouldn't be, please let me know your mining address and i'll check it out
|
|
|
|
xarix
Newbie
Offline
Activity: 88
Merit: 0
|
|
August 04, 2017, 04:12:30 PM |
|
Will we still be getting our DNR payouts for yesterday enkayz?
|
|
|
|
enkayz (OP)
Full Member
Offline
Activity: 298
Merit: 100
hashbag.cc
|
|
August 04, 2017, 04:25:59 PM |
|
Will we still be getting our DNR payouts for yesterday enkayz?
I believe I might be able to cobble together enough DNR to cover the payments yes. I'm looking at exactly how much will be required to do that.. hopefully I will be able to do that this weekend. For now though the payouts have resumed as normal and I don't anticipate any further hacks.
|
|
|
|
chrysophylax
Legendary
Offline
Activity: 2898
Merit: 1091
--- ChainWorks Industries ---
|
|
August 04, 2017, 04:38:38 PM |
|
Will we still be getting our DNR payouts for yesterday enkayz?
I believe I might be able to cobble together enough DNR to cover the payments yes. I'm looking at exactly how much will be required to do that.. hopefully I will be able to do that this weekend. For now though the payouts have resumed as normal and I don't anticipate any further hacks. if we can help mate - we will ... you can get me personally on skype if you want ... skype - chrysophylax69 ... #crysx
|
|
|
|
hungleejung
Newbie
Offline
Activity: 13
Merit: 0
|
|
August 05, 2017, 06:37:52 AM |
|
On 03-04 Aug, I mine DNR and got around 65 DRN but pool just send me ~ 19 DNR. My wallet is DL6g4tczFD77DkiVZQ2qceKV7ciQmiiGH4 Thanks!
|
|
|
|
hyet24
|
|
August 06, 2017, 12:07:13 PM |
|
any date for san jose servers?
|
|
|
|
enkayz (OP)
Full Member
Offline
Activity: 298
Merit: 100
hashbag.cc
|
|
August 06, 2017, 12:33:38 PM |
|
any date for san jose servers?
They are next on my list, should be ready in the next week or so. I'm just working on the main server as it's been getting some seriously heavy traffic which was overloading the web server and causing some issues in the stratums. Caching has been implemented now which should make everything work a lot smoother (it has dropped the load to about 5-10% of what it was) so assuming everything's alright in the next 24 hours I'll resume working again on the global stratums. I've gotten together some replacement DNR from the community so I will try to add the missing payments back into the system and process them later today. Unfortunately the SIGT is gone and no such community recovery operation was launched, so I'm sorry to those SIGT miners, I don't think I'll be able to restore the payments. Thanks to everyone for your continued support.
|
|
|
|
okamuwf
Full Member
Offline
Activity: 429
Merit: 131
Kamikaze9x9
|
|
August 07, 2017, 12:14:23 PM |
|
|
|
|
|
enkayz (OP)
Full Member
Offline
Activity: 298
Merit: 100
hashbag.cc
|
|
August 07, 2017, 02:06:47 PM |
|
What is your mining wallet address?
|
|
|
|
xarix
Newbie
Offline
Activity: 88
Merit: 0
|
|
August 07, 2017, 03:01:14 PM |
|
Hello Enkayz.My 20+ DNR haven't been refunded yet,please look into it here's my wallet address DQ1GBQYWaUr3oXboYhWaHaVCcJf9G1UHvp. Thank you very much
|
|
|
|
okamuwf
Full Member
Offline
Activity: 429
Merit: 131
Kamikaze9x9
|
|
August 07, 2017, 03:56:30 PM |
|
|
|
|
|
Jacomo
Newbie
Offline
Activity: 1
Merit: 0
|
|
August 07, 2017, 03:57:29 PM |
|
|
|
|
|
jtan1ph
Newbie
Offline
Activity: 14
Merit: 0
|
|
August 07, 2017, 04:06:57 PM Last edit: August 07, 2017, 07:07:17 PM by jtan1ph |
|
|
|
|
|
junior.masters
Member
Offline
Activity: 136
Merit: 12
|
|
August 07, 2017, 05:27:26 PM |
|
it is fixed now or we should change pool?
|
|
|
|
Vintagio
Newbie
Offline
Activity: 31
Merit: 0
|
|
August 07, 2017, 07:04:47 PM Last edit: August 07, 2017, 07:40:16 PM by Vintagio |
|
Hi Enkayz,
seems like i have also not received the lost DNR as we have talked about in the DNR Thread. (15-20 DNR approx.)
Wallet:
D5J9PKWkLLaFp9f8ru7A8CSaZpaYi7tbUj
Thanks!
|
|
|
|
okamuwf
Full Member
Offline
Activity: 429
Merit: 131
Kamikaze9x9
|
|
August 08, 2017, 01:32:06 AM |
|
anyone work there? Or they running to hills!!?!?!? worst that, with my sigts
|
|
|
|
enkayz (OP)
Full Member
Offline
Activity: 298
Merit: 100
hashbag.cc
|
|
August 08, 2017, 02:01:06 AM |
|
It appears something has malfunctioned with the SIGT wallet and it is unable to transfer funds properly. The balances are not reading correctly and it appears as though payments are being sent (the balances are not in my wallet) however the transaction doesn't make it into the blockchain. Some people are getting paid, however others aren't and the balances have left my wallet in a transaction (which is why you are being given a transaction ID on each payment) so as far as the pool is concerned it has been paid. I am currently trying to find out where those transactions have gone - as mentioned they don't appear to move into the blockchain. It looks as though I will have to clear the wallet and start fresh, the wallet appears to be corrupted however it passes a 'checkwallet/repairwallet' and after rebuilding the blockchain and importing the private keys fresh, the same issue exists. Hi Enkayz,
seems like i have also not received the lost DNR as we have talked about in the DNR Thread. (15-20 DNR approx.)
Wallet:
D5J9PKWkLLaFp9f8ru7A8CSaZpaYi7tbUj
Thanks!
I'll process the missing DNR payments soon, I've been battling this SIGT wallet issue for a couple of days now. Nothing has been wrong with the DNR wallet since I cleared the payments that couldn't be made however the SIGT wallet has been having some serious issues.. for one, the wallet reads less funds than what is available in the blockchain explorer - every SIGT that has been mined has been sent on the wallet but they don't appear in the blockchain correctly.. apparently the transaction isn't being accepted by the network. I'll have to start with a new wallet and that should alleviate the payment issues and then I can try to figure out what's wrong with this wallet.
|
|
|
|
|