Bitcoin Forum
December 11, 2016, 08:26:12 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Slush Pool (api.bitcoin.cz) hacked again?  (Read 2780 times)
deebug
Newbie
*
Offline Offline

Activity: 16



View Profile
July 18, 2011, 09:24:13 AM
 #1

Hi, on 2011-07-15 21:33:14 my wallet address was changed to ------------------------------------------ and my limit went from 1 to 0.1 and "Notify on payout" wasn't checked any more.
I did not receive a change wallet notification via e-mail which it normally should do if you want to change your wallet address, so I'm assuming this is an internal change (DB value change).
I'm not comfortable with this at all. Are there any other victims? Please speak your mind, I would like to know if I am alone here or not.

The next logical question is, what would be the best alternative for api.bitcoin.cz?
I know there are a LOT of choices and that's the problem... Any founded suggestions would always be welcome Cheesy
Until 2011-07-15 21:33:14 I was pretty happy about the service, they could handle DDoS'es pretty well, almost no connection problems during all my months of mining...

1481444772
Hero Member
*
Offline Offline

Posts: 1481444772

View Profile Personal Message (Offline)

Ignore
1481444772
Reply with quote  #2

1481444772
Report to moderator
1481444772
Hero Member
*
Offline Offline

Posts: 1481444772

View Profile Personal Message (Offline)

Ignore
1481444772
Reply with quote  #2

1481444772
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481444772
Hero Member
*
Offline Offline

Posts: 1481444772

View Profile Personal Message (Offline)

Ignore
1481444772
Reply with quote  #2

1481444772
Report to moderator
MiningBuddy
Moderator
Legendary
*
Offline Offline

Activity: 1058


฿itcoin ฿itcoin ฿itcoin


View Profile
July 18, 2011, 09:34:50 AM
 #2

Everything is fine from my end.

Are you sure that password wasn't one used on mtgox?

Definitely sounds like you chose a poor password.

deebug
Newbie
*
Offline Offline

Activity: 16



View Profile
July 18, 2011, 09:40:42 AM
 #3

Hmm, I'm not like that, you see

- My MtGox password is and was completely different from the one on bitcoin.cz
- Both passwords are 250+ chars long and are chosen by a password management program I'm not going to specify.

Not only that, but suppose someone was able to log in, there is no way they can change the wallet address without me noticing it via my e-mail address.
(trying to change the e-mail address would also be noticable, and the e-mail address hasn't changed)

- My e-mail address has also a 250+ char password which is different from all the others.
- My PC's aren't compromized (that I know of, there's always that creepy feeling I get sometimes and then I do another audit Smiley), and I'm a very very paranoid IT guy. All logins on any level contain strong passwords.


DrHaribo
Legendary
*
Offline Offline

Activity: 1974


Bitminter.com Operator


View Profile WWW
July 18, 2011, 12:14:28 PM
 #4

In my pool I use OpenID and let someone else worry about that part of the security. You can log in with a Google account.

Of course I have to store worker passwords. They are salted and heavily hashed in the database. Not sure if worker passwords are really worth protecting, but it just feels safer to be paranoid.

▶▶▶ Bitminter.com - Your trusted mining pool since 2011.
MiningBuddy
Moderator
Legendary
*
Offline Offline

Activity: 1058


฿itcoin ฿itcoin ฿itcoin


View Profile
July 18, 2011, 01:14:30 PM
 #5

In my pool I use OpenID and let someone else worry about that part of the security. You can log in with a Google account.

Of course I have to store worker passwords. They are salted and heavily hashed in the database. Not sure if worker passwords are really worth protecting, but it just feels safer to be paranoid.

Kind of pointless when they are sent over the network plain text, but w/e.

Graet
VIP
Legendary
*
Offline Offline

Activity: 980



View Profile WWW
July 18, 2011, 01:19:11 PM
 #6

we use 2 part authentication on the site. so for important changes such as wallet address you need to enter a pin as well.

| Ozcoin Pooled Mining Pty Ltd https://ozcoin.net Double Geometric Reward System https://lc.ozcoin.net for Litecoin mining DGM| https://crowncloud.net VPS and Dedicated Servers for the BTC community
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!