INFO ABOUT HACK MPOS POOLS / PLUMS INFO / GET SOME FREE COINS HERE. #YOLO #SWAG

[ILikeMPOS]

http://gyazo.com/66709a118ce84c887b4e84028077ac3a.png

HEY, YOU CAN GET SOME LTC, DOGE, CAT, GME, LENNY AND MORE COINS HERE - http://webhancement.us/gg.php

I GIVE YOUR LINK BECOUSE GUY WITH WHOM I WORKED SCAM ME ON MORE MONEY.
THIS BUG - 2 DAYS. AND YES, THEM WHO WRITE "WHO STOLE MY COINS FROM POOL?" BECAUSE OF THIS.
...
MORE INFO ABOUT BUG(ALL VERSIONS MPOS) - 0.5 BTC

WTF?, HOW TO WARD OFF IT?!
USE VERY VERY STRONG PASSWORD(I RECOMMEND USE LASTPASS) AND SET ACCOUNT AS ANONYMOUS.
ENJOY. Miners.


http://www.wykop.pl/wpis/6841332/oto-lista-pooli-z-ktorych-zanotowano-kradzieze-zro/
http://www.wykop.pl/wpis/6840458/uwaga-uwaga-bardzo-wazne-ogloszenie-dotyczaca-bezp/

[Efitzhenry]

Glad my pool didn't show up on the list. We don't scam anyways though.  That is some pretty sensitive info hanging out there!

[ILikeMPOS]

Glad my pool didn't show up on the list. We don't scam anyways though.  That is some pretty sensitive info hanging out there!

In list most popular pools, i can add any pool on mpos ( ° ͜ʖ ͡°)

[canth]

Yet another reminder to not reuse passwords anywhere. I highly suggest any of you who still fall into this category, take a few minutes and install a decent password manager:

http://passwordsafe.sourceforge.net
http://keepass.info/

[ahmed_bodi]

i have checked all of my pools in this list and it looks to me like the OP has used a bot or manually generated accounts and then somehow has the details there, i can assure you all passwords and pins are hashed and salted in MPOS both by default and in my configs.

An example of this is coye.cryptopools.com. the pool doesnt exist since i fell asleep before the launch so it goes to show the details are fetched from another location.
Another example is ftc.d2.cc it shows a username clicking login takes the user to digitalcoin.scryptmining.com

it looks me like the creator of the app is sending the login details via HTTP POST as a normal user would which allows people to access these fradulent accounts they have made under false pretenses

[canth]

i have checked all of my pools in this list and it looks to me like the OP has used a bot or manually generated accounts and then somehow has the details there, i can assure you all passwords and pins are hashed and salted in MPOS both by default and in my configs.

An example of this is coye.cryptopools.com. the pool doesnt exist since i fell asleep before the launch so it goes to show the details are fetched from another location.

I My friend checked and some of the logins appear to be legit, with balances and with actively running miners. One pool not being up aside, this doesn't look like a hoax to me.

[ahmed_bodi]

no doubt they may be legit accounts but i believe 1/2 are fabricated accounts, 1/2 are accounts with weak passwords which the OP has guessed.

[canth]

no doubt they may be legit accounts but i believe 1/2 are fabricated accounts, 1/2 are accounts with weak passwords which the OP has guessed.

OK, so maybe he fabricated some accounts - there's no easy way to prove that one way or the other.

How about the other accounts with actively running miners and balances - some of them with decent passwords and PINs? Bruteforce on both the password and PIN? None of these pools have any invalid login attempt protection? Something doesn't smell right...

[xisi]

Reusing passwords on multiple sites in 2014 

That's all this is, a db dump with a front end and a few cracked passwords.

[ahmed_bodi]

Reusing passwords on multiple sites in 2014 

That's all this is, a db dump with a front end and a few cracked passwords.

as stated here, both me and xisi work on MPOS (well i work on stratum but still) by default MPOS has a default lock out at 3 attempts which is why i believe the majority are fabricated accounts. while the others are just ones with a weak ass password grabbed from a db dump

[choose_username]

I think they are bruteforcing easy passwords, I use very strong random character passwords on all my pools and got notifications about xx failed login attempts on a few pools.