Anubite
|
|
December 25, 2013, 07:00:48 AM |
|
I can't even log in. It appears as if the page is just refreshing when I try.
Anyone else have this?
|
Let me know if I am doing something right. DOGE: DKBx8CMVnFwnea2uQ3RsLLB2CvQCFkzVT8 Cryptsy: 8981f2166046a5b587c4f86a2c994ec573a8a236
|
|
|
Cryptoin
|
|
December 25, 2013, 07:04:39 AM |
|
I can't even log in. It appears as if the page is just refreshing when I try.
Anyone else have this?
I am having the same issue.
|
|
|
|
StephenP
Newbie
Offline
Activity: 54
Merit: 0
|
|
December 25, 2013, 07:11:46 AM |
|
Like two posts above.... Logging in is disabled. Site is in read only mode. You cannot do anything right now. They locked down the site for the time being until they can figure this shit out after Christmas. Let them spend a day with family. Your coins aren't going anywhere now (well, except for the ones that were already stolen).
|
|
|
|
MIN3R
Newbie
Offline
Activity: 31
Merit: 0
|
|
December 25, 2013, 10:01:33 AM |
|
Not sure if this has been reported or not but a lot of people can't change there auto payment address since it is still showing the hackers address.
Shame it happened really hope you guys/girls are not working to much over xmas.
I'm pretty sure I read earlier that in addition to login being disabled auto-payouts are also disabled...
|
|
|
|
vingaard
Legendary
Offline
Activity: 1246
Merit: 1011
|
|
December 25, 2013, 10:15:28 AM |
|
Not sure if this has been reported or not but a lot of people can't change there auto payment address since it is still showing the hackers address.
Shame it happened really hope you guys/girls are not working to much over xmas.
+1
|
|
|
|
C3ALL
Full Member
Offline
Activity: 140
Merit: 100
★ BitClave ICO: 08/11/17 ★
|
|
December 25, 2013, 10:22:41 AM |
|
Not sure if this has been reported or not but a lot of people can't change there auto payment address since it is still showing the hackers address.
Shame it happened really hope you guys/girls are not working to much over xmas.
+1 Yep - cant change my address back to my correct one. Will not accept the change back to my address. This needs sorting before autopayment is switched back on, otherwise the hacker is going to get a massive dump of coins when autopayment is switched back on!!
|
|
|
|
trogdorjw73
|
|
December 25, 2013, 10:32:18 AM |
|
Not sure if this has been reported or not but a lot of people can't change there auto payment address since it is still showing the hackers address.
Shame it happened really hope you guys/girls are not working to much over xmas.
+1 Yep - cant change my address back to my correct one. Will not accept the change back to my address. This needs sorting before autopayment is switched back on, otherwise the hacker is going to get a massive dump of coins when autopayment is switched back on!! While the security breach is obviously a problem, I'm quite sure the Hashco.ws people are smart enough to not turn on auto-payments until they've removed the rogue address from all accounts. Either mine elsewhere for a while, or just sit tight for a couple days.
|
|
|
|
Tay
Newbie
Offline
Activity: 16
Merit: 0
|
|
December 25, 2013, 11:58:24 AM |
|
Is there any recourse for those who had coins stolen? Or should we assume we will never see them again? Sucks... I lost 0.09 BTC and my payout was set to 0.1 As with most things like this, plan for the worst and hope for the best. The fact that the owners of the pool are still posting here is a good thing, but small operations need time to work this out, the timeframe is bad, I have sympathy for the guys. As for recourse, no, you are on the cutting edge of technology, this, as somebody so aptly put it, is the wild west. Until there is some sort of regulation around it there will be nasty shits determined to try to steal what isnt there. Unique usernames and passwords are the order of the day to at least offer some protection from the exposure of your details. When you have a vulnerability like this "seems" to be, even that would protect you from losing what is on that site. The middlecoin model seems to work quite well to battle this, but again, this is the net, nothing is 100% safe. Gamble ONLY what you can afford to lose. Find a happy medium between cashing out and the typical charges for doing so. I hope you get your BTC back..
|
|
|
|
Humanxlemming
|
|
December 25, 2013, 12:12:27 PM |
|
We are just at a waiting game now I mean its a holiday let them rest and come back fresh ready to make sure that the hack never happens again.
|
|
|
|
Shmollen
|
|
December 25, 2013, 12:42:26 PM |
|
I can't even log in. It appears as if the page is just refreshing when I try.
Anyone else have this?
I am having the same issue. Me, too!
|
★★★ Help me to become a KittehCoin billionaire! Donate MEOW to KNKVoobKxwMB1fEEm1YyApTLFUhYF75x9A ★★★ ★★★★★
|
|
|
Tay
Newbie
Offline
Activity: 16
Merit: 0
|
|
December 25, 2013, 12:55:11 PM |
|
I can't even log in. It appears as if the page is just refreshing when I try.
Anyone else have this?
I am having the same issue. Me, too! There have been numerous posts about this already. The site is effectively locked until the guys can figure out what has happened, this should help to protect anybody that has BTC untouched in their account. I suspect (I have no personal info on this!!) once the issue is understood they will change the BTC addresses back to what it should be. It might take some time to wade through the DB and correct what the issue was/is and fix it. Hope that helps for people jumping to the end of the thread...
|
|
|
|
Humanxlemming
|
|
December 25, 2013, 01:30:52 PM |
|
I can't even log in. It appears as if the page is just refreshing when I try.
Anyone else have this?
I am having the same issue. Me, too! There have been numerous posts about this already. The site is effectively locked until the guys can figure out what has happened, this should help to protect anybody that has BTC untouched in their account. I suspect (I have no personal info on this!!) once the issue is understood they will change the BTC addresses back to what it should be. It might take some time to wade through the DB and correct what the issue was/is and fix it. Hope that helps for people jumping to the end of the thread... People always post and never read the previous ones it has been said on the reddit pages a lot to.
|
|
|
|
rahrahrah
|
|
December 25, 2013, 04:19:04 PM |
|
I am torn.
One the one hand I very much appreciate the hard work that has gone into operating this pool and I feel for the admins who must now not be able to relax properly and enjoy Christmas. This community and site they've been building is now under threat and whether it will survive remains to be seen. I'm pretty sure they're feeling terrible right now.
One the other hand, it is very much the case that if you're going to offer up a service to the public you do have some (at the least, moral) obligation, especially if you're charging fees. I saw someone saying that they "guarantee" (how?) that the operators aren't making a profit. I would find this massively surprising. Taking 2% of 3000MH/s is no small amount and I would absolutely expect them to be operating to make a profit, in order to compensate for the time they must be spending supporting the pool whilst possibly working a "real" job too(?!) as well as any expense for resources. Middlecoin.com was doing 5000MH/s the other week. With their 3% that's equivalent to 159MH/s. Not pure profit of course, but server hosting will not cost that much (I bet some pool ops are running on hardware and bandwidth at their jobs for free).
We can't hold them to the same stringent regulations/expectations that we would hold a typical company, but I do believe they should be offering some method of reassurance or comfort to keep people on the pool in the future. I definitely like the idea of 0% fees for a while (it'd be a long time though before we recoup our losses but anything helps).
I messaged aTriz a few days ago actually offering at least two additional servers (dual Quad-core Xeons, 50GB RAM) and basically unlimited bandwidth resources to help with the pool stability (in my experience it's been a bit shit recently. ymmv) so I'm definitely supportive and want to help, but we do need an explanation. I'm particularly interested in how they were able to access our PINS (if they did withdraw in the standard fashion through the web front end, and they didn't find a backdoor way to authorise the withdrawal). If they were stored in plain text format then I will not be back here, ever. Storing any kind of security information in plain text is utterly unforgivable. As a sysadmin I would never trust anyone who had built a system storing plain text passwords.
The pool needs additional features such as: 1) Email alert of withdrawal. 2) Email confirmation (or at the least, alert) on payout address change. 3) Limit the accounts that can share the same payout address. 4) Auto-payout like middlecoin (daily if over X, weekly if over Y).
Of course if the hackers found a backdoor entry with admin/root access, withdrawals could be done bypassing any "live" alerting that's built into the web front end. Cron jobs that run multiple times daily to detect changes (i.e. perform reporting) might help here (if the hacker doesn't detect and delete them).
LOL happy christmas everyone.
|
VTC: VxNWL9jDRvEcCT48vqQkLxckREUafYowVu SMC: SYLjkCM63iJyYpoz14dJcq27tEfw6r9w6m
|
|
|
tubbyjr
|
|
December 25, 2013, 04:22:00 PM |
|
It's a few days loss, not a huge deal, highly doubt pool operators would be willing to risk their rep, for one decent payday, over a very nice paymonth. However, when will we be actually able to change the payout addresses from the scammer payout to our regular one, my account won't change it even with PIN.
|
|
|
|
Elmojo
|
|
December 25, 2013, 06:29:37 PM |
|
Hi all,
Like everyone else, I've been locked out of my account. However, I didn't think to check here first, so I had already changed my BTC address back to mine, and reset my password. That being said, is it ok for me to resume mining? If my account is secured, and just locked down until the devs work out the issues, then that's fine. I hate to lose the profits during the shutdown, but I also don't want the hacker to get my coins if there's still a change that the site isn't secured yet. Thoughts?
|
|
|
|
kalus
Sr. Member
Offline
Activity: 420
Merit: 263
let's make a deal.
|
|
December 25, 2013, 06:31:44 PM |
|
Hi all,
Like everyone else... I didn't think to check here first...
...That being said, is it ok for me to resume mining? Thoughts?
check here first. the last 10 pages of comments should be informative.
|
DC2ngEGbd1ZUKyj8aSzrP1W5TXs5WmPuiR wow need noms
|
|
|
Elmojo
|
|
December 25, 2013, 06:34:55 PM |
|
the last 10 pages of comments should be informative.
I'm not interested in reading 10 pages of whining. I did skim the past couple pages, and don't see anything that says whether the site is secured enough to resume mining, hence my question.
|
|
|
|
renodaret
|
|
December 25, 2013, 06:35:47 PM |
|
user darer234 cannot log in
but my miners connect and hash
plesae email me at darer234 at hotmail
i do not check my pm here much
|
|
|
|
kalus
Sr. Member
Offline
Activity: 420
Merit: 263
let's make a deal.
|
|
December 25, 2013, 06:37:24 PM Last edit: December 25, 2013, 06:54:40 PM by kalus |
|
the last 10 pages of comments should be informative.
I'm not interested in reading 10 pages of whining. I did skim the past couple pages, and don't see anything that says whether the site is secured enough to resume mining, hence my question. sure do whatever you want meng i love how people documenting losses of income and the lockdown while the crisis was ongoing is '10 pages of whining'. do some basic research if you are risking resources on investment. sheesh. vvv ya do that why not
|
DC2ngEGbd1ZUKyj8aSzrP1W5TXs5WmPuiR wow need noms
|
|
|
coyote
Newbie
Offline
Activity: 58
Merit: 0
|
|
December 25, 2013, 06:38:32 PM |
|
Hi all,
Like everyone else, I've been locked out of my account. However, I didn't think to check here first, so I had already changed my BTC address back to mine, and reset my password. That being said, is it ok for me to resume mining? If my account is secured, and just locked down until the devs work out the issues, then that's fine. I hate to lose the profits during the shutdown, but I also don't want the hacker to get my coins if there's still a change that the site isn't secured yet. Thoughts?
This is just my personal opinion but I am continuing to mine on this pool. Having watched this play out both here & on the IRC channel I feel confident that I am unlikely to lose any more BTC to this hack.
|
|
|
|
|