Bitcoin Forum
March 19, 2024, 10:13:53 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 [17] 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 »
  Print  
Author Topic: [1423GH] ABCPool PPS - Proxy Pool For High & Steady Mining Rewards  (Read 151517 times)
rTech
Sr. Member
****
Offline Offline

Activity: 305
Merit: 250


Trust but confirm!


View Profile
November 06, 2011, 08:03:49 PM
 #321

In what timezone ABCPool is located. I really want my coins out Sad
1710843233
Hero Member
*
Offline Offline

Posts: 1710843233

View Profile Personal Message (Offline)

Ignore
1710843233
Reply with quote  #2

1710843233
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1710843233
Hero Member
*
Offline Offline

Posts: 1710843233

View Profile Personal Message (Offline)

Ignore
1710843233
Reply with quote  #2

1710843233
Report to moderator
1710843233
Hero Member
*
Offline Offline

Posts: 1710843233

View Profile Personal Message (Offline)

Ignore
1710843233
Reply with quote  #2

1710843233
Report to moderator
1710843233
Hero Member
*
Offline Offline

Posts: 1710843233

View Profile Personal Message (Offline)

Ignore
1710843233
Reply with quote  #2

1710843233
Report to moderator
MintCondition (OP)
Legendary
*
Offline Offline

Activity: 1147
Merit: 1007



View Profile
November 06, 2011, 10:17:25 PM
 #322

In what timezone ABCPool is located. I really want my coins out Sad
In approx. 90 minutes we'll deploy payout-address locking.  At that moment payouts will be enabled again.

MintCondition (OP)
Legendary
*
Offline Offline

Activity: 1147
Merit: 1007



View Profile
November 06, 2011, 11:01:43 PM
Last edit: November 07, 2011, 12:16:43 AM by MintCondition
 #323

UPDATE: Payouts enabled, Address-lock and HTTPS now available for extra security.

The new stuff: Payouts are enabled again; maximum auto-pay trigger has been limited to 5 BTC to discourage large balances. We've also just deployed a payout-address locking facility, accessible from the 'My Account' section.

The theme for us for the past few days has been Security, security, security:

History of events
Last Thursday we discovered a security flaw which was being exploited. An attacker was transferring the balances of multiple accounts to his own Bitcoin addresses without consent or awareness of the respective account holders. This happened over a period of approximately one week. Some accounts listed multiple fraudulent transactions over several days. Initially this went on unnoticed, but then Thursday two users notified us of suspicious payments in short succession. This triggered us to halt all payments immediately and launch an investigation. After some nifty digital forensics we concluded that session spoofing was the attack vector. As an aside, doing forensics is quite fun but a lot less so when it concerns your own systems!

Vulnerability patched
The leak was patched soon after locating it, and we started inventorying the scale of the damage (affected accounts, time period, amounts). We are now asking everybody that has been affected to PM us the details, so we can work out a way of compensation.

SSL/HTTPS now available
The event also inspired us to adopt some extra security measures. We added HTTPS support to the site earlier this weekend, encrypting your communications with the pool through a self-signed certificate (see our FAQ for details).

Payment address locking now available
And now today we've added the address locking facility, which allows you to permanently lock your payment address. Payouts from locked accounts can only be made out to the address specified. The address can not be changed if a hacker were to somehow compromise your account, or even perform a SQL injection. The permanence is both the upside and the downside of the lock: An intruder cannot change the destination address, but neither can you.

ABCPool back to full strength
With this trifecta of improvements we are confident that ABCPool now offers the security needed to resume payouts. Therefore we'd like invite those that understandably took a break from ABCPool: You may point your miners to pool.ABCPool:8332 once again!

NB: About the PIN mechanism: We feel PIN in its current incarnation never added a lot of security. We might remove it down the road, or rework it into something better.


MintCondition (OP)
Legendary
*
Offline Offline

Activity: 1147
Merit: 1007



View Profile
November 07, 2011, 12:22:34 AM
 #324

As a precaution, we strongly urge you to change your password if it's not very strong. The possibility exists that weak passwords have been brute-forced by the intruder through the abuse of the password-change functionality.[/b] Also, never re-use the account password for your workers: the worker passwords are stored & sent unencrypted.

Brian DeLoach
VIP
Full Member
*
Offline Offline

Activity: 166
Merit: 100


View Profile
November 07, 2011, 05:40:16 AM
Last edit: November 07, 2011, 06:19:52 AM by Brian DeLoach
 #325

Initially this went on unnoticed, but then Thursday two users notified us of suspicious payments in short succession.

I actually noticed it much sooner. Not having the payout history is a security flaw in itself and prolonged the attack. I noticed immediately that something was wrong early October 29th, but either thought the pool was down, the shares were not being calculated correctly, or my balance somehow got payed out automatically to my wallet (I didn't check, I was busy). I never even considered someone else was draining the account. But, with no way check where the funds went, I didn't say anything, and the attacker got five more days to steal people's bitcoins until November 3rd. I highly suggest keeping payout history for everyone, allowing quicker discovery of a hack.

On the bright side, hashing rate has returned back to normal. I still think this pool is the best around, and it's only a matter of time before it'll be in the top 3 (BTCguild and especially deepbit are hard to shake).
MintCondition (OP)
Legendary
*
Offline Offline

Activity: 1147
Merit: 1007



View Profile
November 07, 2011, 02:29:50 PM
Last edit: November 07, 2011, 04:36:47 PM by MintCondition
 #326

Initially this went on unnoticed, but then Thursday two users notified us of suspicious payments in short succession.

I actually noticed it much sooner. Not having the payout history is a security flaw in itself and prolonged the attack. I noticed immediately that something was wrong early October 29th, but either thought the pool was down, the shares were not being calculated correctly, or my balance somehow got payed out automatically to my wallet (I didn't check, I was busy). I never even considered someone else was draining the account. But, with no way check where the funds went, I didn't say anything, and the attacker got five more days to steal people's bitcoins until November 3rd. I highly suggest keeping payout history for everyone, allowing quicker discovery of a hack.

On the bright side, hashing rate has returned back to normal. I still think this pool is the best around, and it's only a matter of time before it'll be in the top 3 (BTCguild and especially deepbit are hard to shake).
As an experiment we decided to ask for a donation to use the features added over the past month, to see how that would affect donation rates. Payment history is now freely available again. You're right to say that security is increased by being able to check payment history. It's a good argument to keep at least some form of history available for free.

I think we might be able to come up with a compromise that does not give all info right away, but enough to notice that something is wrong. Like listing only the addresses and their period of use for all your payouts.

Until we have figured out how to do that without it impacting security, we'll leave access to the payout history unrestricted.

Hotdog453
Full Member
***
Offline Offline

Activity: 121
Merit: 100


View Profile
November 07, 2011, 04:44:12 PM
 #327

Initially this went on unnoticed, but then Thursday two users notified us of suspicious payments in short succession.

I actually noticed it much sooner. Not having the payout history is a security flaw in itself and prolonged the attack. I noticed immediately that something was wrong early October 29th, but either thought the pool was down, the shares were not being calculated correctly, or my balance somehow got payed out automatically to my wallet (I didn't check, I was busy). I never even considered someone else was draining the account. But, with no way check where the funds went, I didn't say anything, and the attacker got five more days to steal people's bitcoins until November 3rd. I highly suggest keeping payout history for everyone, allowing quicker discovery of a hack.

On the bright side, hashing rate has returned back to normal. I still think this pool is the best around, and it's only a matter of time before it'll be in the top 3 (BTCguild and especially deepbit are hard to shake).
As an experiment we decided to ask for a donation to use the features added over the past month, to see how that would affect donation rates. Payment history is now freely available again. You're right to say that security is increased by being able to check payment history. It's a good argument to keep at least some form of history available for free.

I think we might be able to come up with a compromise that does not give all info right away, but enough to notice that something is wrong. Like listing only the addresses and their period of use for all your payouts.

Until we have figured out how to do that without it impacting security, we'll leave access to the payout history unrestricted.

Enabling/disabling features via donation make sense, but it's a damn hard thing to do correctly. There's just... well, not that much to turn on and off to make it "worth it" or "not worth it" to donate. It's not like there's a massive, game-changing feature that can be turned on or off.

Personally, if and when you need more cash, just make a donation/fee mandatory, and never expect people to donate. I was one of the "biggest" contributors to the donation over at ARS, and I was STUNNED by that; I was doing a measely 2%. Some people will just never contribute, ever. And the people who do donate eventually feel used and such compared to those getting a "free ride" so to speak.
Brunic
Hero Member
*****
Offline Offline

Activity: 632
Merit: 500



View Profile
November 07, 2011, 05:36:46 PM
 #328

I think the "donate and get features" model is viable and interesting.

Vitals features (like the payout history) should not be in that model. It needs to be free. I believe you make all the efforts to make this pool secure, but I like to verify by myself that everything is ok. Everything that concern transactions between us (the miners) and you (the pool) should be available for both sides. Like that, both sides can be sure they trade correctly.

One thing I would really be willing to pay for is stats, a lot of them. How much Bitcoins by day, hour, minutes? In relation to the GHash of the pools? Complete network power in real-time? My percentage of the total network? Future projections of how much I will make for the next two weeks? How many Bitcoins I make at that MHash rate at this difficulty?

You, as the pool, have access to a lot of raw data. If you can sort this data, and offer an access to a well-presented page of stats, you have a little gold mine here.

Having to pay for mining on a pool is retarded. I don't see why I need to pay somebody so he can see all my informations about mining while I can mine by myself. A pool process and transfer data so, you should see yourself as a data-processing company. And what a data-processing company do? They sell their data, with nice little charts, predictions, hard facts and whatever you can think of.

Here's how I see that:

Basic account - You mine with all the features needed for mining and for security of the transaction between the pool and the miner.
Cost: 0%

Stats account - You can access a vast quantity of data. You have all the popular statistics functions, with a bunch more added to it.
Cost: It depends on what you offer. You don't want to have a high price for low value, because nobody will take. Let's 1% for example.

Stats-junkie account - You have everything. A wet dream of statisticians. Sort of account where you can sort anything by anything, and even where you can access the "coming soon" features, where you can try them.
Cost: As always, it depends on what you offer. For the example, let's say you charge 3%. Like I said, it is an ultimate wet dream, for an ultimate price.

Even more, you could sell this to people who don't mine at ABCPool, but would be interested in seeing that data. For those guys, you ask for more, because they don't mine for you. You charge something like 20$/month to have an access to all those stats, with API, email, SMS, whatever they need of. If you do that, be sure that you put a ceiling on the price for the miners, so the big big big miners don't pay more than those who only buy data.

You're not a pool, you are a data-processing business.  Wink
likuidxd
Sr. Member
****
Offline Offline

Activity: 476
Merit: 500


View Profile
November 08, 2011, 11:19:54 PM
 #329

Any plans for a stats signature? I wouldn't mind changing mine Smiley
btcstats.net

Nic Dooce
Newbie
*
Offline Offline

Activity: 18
Merit: 0



View Profile
November 09, 2011, 03:15:19 AM
 #330

And when do we will see the ''hall of fame'' stats ! Who's is the biggest ? About 20 000 Mhash I should guess...
MintCondition (OP)
Legendary
*
Offline Offline

Activity: 1147
Merit: 1007



View Profile
November 09, 2011, 08:08:48 PM
 #331

Any plans for a stats signature? I wouldn't mind changing mine Smiley
btcstats.net
USERBARS: Twmz, owner of btcstats.net, was nice enough to create a userbar for ABCPool.co. Using your API key and BTCStats.net you can show off your hashrate! They look pretty cool:



Thanks Twmz!

Caveat Emptor: I'm not sure if it is still possible to put these userbars in your signature at bitcointalk.org, since they seem to have disabled sig-images for new signatures. Sad

MC

jamesg
VIP
Legendary
*
Offline Offline

Activity: 1358
Merit: 1000


AKA: gigavps


View Profile
November 09, 2011, 08:21:38 PM
 #332

Any plans for a stats signature? I wouldn't mind changing mine Smiley
btcstats.net
USERBARS: Twmz, owner of btcstats.net, was nice enough to create a userbar for ABCPool.co. Using your API key and BTCStats.net you can show off your hashrate! They look pretty cool:



Thanks Twmz!

Caveat Emptor: I'm not sure if it is still possible to put these userbars in your signature at bitcointalk.org, since they seem to have disabled sig-images for new signatures. Sad

MC

Maybe we can get TWMZ to turn these user "bars" into profile pic size images...

I would donate a few BTC if he did for his service.
bal3wolf
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250

Power to the people!


View Profile
November 09, 2011, 11:10:07 PM
 #333

best pool so far i cant wait till winter hits here full time and i will get back to mining more.
jamesg
VIP
Legendary
*
Offline Offline

Activity: 1358
Merit: 1000


AKA: gigavps


View Profile
November 10, 2011, 02:43:07 AM
 #334

Looks like the pool went down after i started bringing my hash over. Sorry if i crashed the pool.  Grin
twmz
Hero Member
*****
Offline Offline

Activity: 737
Merit: 500



View Profile
November 10, 2011, 04:19:28 AM
Last edit: November 10, 2011, 04:30:21 AM by twmz
 #335

Maybe we can get TWMZ to turn these user "bars" into profile pic size images...

I think the new foum policy is stupid.  I also think these didn't turn out as well as the standard userbar-shapped images (they are an awkward shape), but here you go:

Edit: Nevermind, I think the forum actually forces them to be an even more awkward shape and so these would get stretched badly.  I can't test it at the moment, be cause I can't change my avatar without losing my current sig image and I don't want to do that.   I'll have to try working on it again later.

Was I helpful?  1TwmzX1wBxNF2qtAJRhdKmi2WyLZ5VHRs
WoT, GPG

Bitrated user: ewal.
Eveofwar
Sr. Member
****
Offline Offline

Activity: 406
Merit: 250


View Profile
November 10, 2011, 04:28:20 AM
 #336

Maybe we can get TWMZ to turn these user "bars" into profile pic size images...

I think the new foum policy is stupid.  I also think these didn't turn out as well as the standard userbar-shapped images (they are an awkward shape), but here you go:



Go back to http://btcstats.net to lookup your avatar URL

Care to elaborate (emphasis mine) ?
Brian DeLoach
VIP
Full Member
*
Offline Offline

Activity: 166
Merit: 100


View Profile
November 10, 2011, 05:02:40 AM
 #337

I think the new foum policy is stupid. 
Care to elaborate (emphasis mine) ?

theymos (administrator) disabled images in signatures.
Eveofwar
Sr. Member
****
Offline Offline

Activity: 406
Merit: 250


View Profile
November 10, 2011, 05:11:20 AM
 #338

I think the new foum policy is stupid. 
Care to elaborate (emphasis mine) ?

theymos (administrator) disabled images in signatures.

Interesting...so I guess people can't "add" new images...but those who have already done so prior, are not at the mercy of this new policy ? Wink
Brian DeLoach
VIP
Full Member
*
Offline Offline

Activity: 166
Merit: 100


View Profile
November 10, 2011, 06:26:49 AM
 #339

Correct. Anyone who has one right now can't modify their signature or they'll lose it.
MintCondition (OP)
Legendary
*
Offline Offline

Activity: 1147
Merit: 1007



View Profile
November 11, 2011, 12:27:03 AM
 #340

Looks like the pool went down after i started bringing my hash over. Sorry if i crashed the pool.  Grin
It's always a good stress-test for a pool when you come around Smiley

Regarding the instability when you joined: The limit for the number of open filedescriptors for the pool backend was still in its restrictive default. That number also governs maximum TCP connection count.

We were already seeing some strange log readings, but you coming to knock on our door made us really hit the limit, and that's probably where it went wrong.

We've increased the limit to a more sensible value (60000) a few hours ago, and all indicators are back to normal.

Could you try again?


Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 [17] 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!