[OFFLINE] SIMPLECOIN.US [PPLNS/SMPPS]

[hmblm1245]

Awesome. i thought something was going on. A month or so ago (maybe more) page times and connection were much faster.

[bronan]

Well i dont know about others but i get lots of pool connection warnings, and constant seeing caching submissions.
But worst of all is silence ..... my fat 7970 often silent is not good

[simplecoin]

Well i dont know about others but i get lots of pool connection warnings, and constant seeing caching submissions.
But worst of all is silence ..... my fat 7970 often silent is not good

The pool communication issue seems to be MASSIVE spikes in network traffic. Enough to flood the available bandwidth (and we have WAY more than needed for a 2+ TH pool).

Why anyone would syn flood our small pool is beyond me, but the logs and iftop show just that.

Update, it's not just our servers, it's our whole hosing provider that's being attacked. Just got an email from them last night.

They are upgrading their networking now to prevent less downtime.

Sorry, but outside of moving servers (very time consuming) or purchasing additional servers elsewhere (costly and time consuming) there isn't much I can do. Our servers are being DDOS'd, and the hosting provider is working quickly to resolve it.

[Bitbird]

@simplecoin What's the estimated time of SMPPS pay out?

My present stats= "BTC Estimate: 0.00000000 BTC /  Unconfirmed: 1.22924257 BTC"

Thanks!

[simplecoin]

Restarting psj for new optimizations.

SMPPS will pay out when a block is found on that pool

[simplecoin]

We HAVE been hacked. The wallet HAS been drained. I've got all the logs and will be coordinating with the FBI cybercrime division.

The pool will be offline until further notice.

Sorry if I don't respond quickly, I'm a little overwhelmed.

[simplecoin]

If all of the coins are returned to 12433rWhhxBajfyishqomz44K657GqKxCr before the investigator returns my call, I'll be swayed to end the matter.

[Clipse]

If all of the coins are returned to 12433rWhhxBajfyishqomz44K657GqKxCr before the investigator returns my call, I'll be swayed to end the matter.

It seems alot of sites running the simplecoin framework got hacked legitly or claimed to have been hacked.

Im curious do you know of what exploit was used to get in so that it can get patched ?

[hmblm1245]

What about LTC and NMC? Have those been drained as well?

[simplecoin]

If all of the coins are returned to 12433rWhhxBajfyishqomz44K657GqKxCr before the investigator returns my call, I'll be swayed to end the matter.

It seems alot of sites running the simplecoin framework got hacked legitly or claimed to have been hacked.

Im curious do you know of what exploit was used to get in so that it can get patched ?

Working on that now. Most of the simplecoin sites are running very different code and code they've changed. I see several exploit attempts daily, this one just succeeded.

Now the shocking news.... The full wallet value was returned to the address above (and  quickly). So, I'm thankful all the users will get their coins and I don't have to go through another FBI cybercrime matter (the last was over 10 years ago for a client).

That said, I'm leaving the servers offline until I can further lockdown the software. I'll also find a way to make the user funds available as I don't want to tie those up either.

[rjk]

If all of the coins are returned to 12433rWhhxBajfyishqomz44K657GqKxCr before the investigator returns my call, I'll be swayed to end the matter.

It seems alot of sites running the simplecoin framework got hacked legitly or claimed to have been hacked.

Im curious do you know of what exploit was used to get in so that it can get patched ?

In addition, it is also possible to go through the source to find vulnerabilities, unlike most closed source pools, so if anyone missed something, it could be easier to find and exploit.

Glad to hear that the coins are back.

[deepceleron]

A lot of hacks seem to happen after a DDOS. I think it is either tools bruteforcing their way through exploits, or attempts to break php or perl to enable more injection or file drop vectors. DDOS is not just somebody mad at your pool, we should now consider it someone trying to break in, and you should look at what urls are being accessed.

Read http://blog.spiderlabs.com/ to see what kind of stuff hackers have been exploiting to see how to lock things down.

[hmblm1245]

If all of the coins are returned to 12433rWhhxBajfyishqomz44K657GqKxCr before the investigator returns my call, I'll be swayed to end the matter.

It seems alot of sites running the simplecoin framework got hacked legitly or claimed to have been hacked.

Im curious do you know of what exploit was used to get in so that it can get patched ?

Working on that now. Most of the simplecoin sites are running very different code and code they've changed. I see several exploit attempts daily, this one just succeeded.

Now the shocking news.... The full wallet value was returned to the address above (and  quickly). So, I'm thankful all the users will get their coins and I don't have to go through another FBI cybercrime matter (the last was over 10 years ago for a client).

That said, I'm leaving the servers offline until I can further lockdown the software. I'll also find a way to make the user funds available as I don't want to tie those up either.

That is shocking news. Leads to the question why the hacker(s) returned the coins?

[Clipse]

If all of the coins are returned to 12433rWhhxBajfyishqomz44K657GqKxCr before the investigator returns my call, I'll be swayed to end the matter.

It seems alot of sites running the simplecoin framework got hacked legitly or claimed to have been hacked.

Im curious do you know of what exploit was used to get in so that it can get patched ?

Working on that now. Most of the simplecoin sites are running very different code and code they've changed. I see several exploit attempts daily, this one just succeeded.

Now the shocking news.... The full wallet value was returned to the address above (and  quickly). So, I'm thankful all the users will get their coins and I don't have to go through another FBI cybercrime matter (the last was over 10 years ago for a client).

That said, I'm leaving the servers offline until I can further lockdown the software. I'll also find a way to make the user funds available as I don't want to tie those up either.

This is some news worthy stuff wow.

Maybe its the same guy who ran the worm to steal coins and then also returned those

Glad you got those coins back and whoever initially stole it must have turned Robinhood in the meantime.

[rjk]

Glad you got those coins back and whoever initially stole it must have turned Robinhood in the meantime.

Probably just scared shitless of the FBI getting involved.

[wachtwoord]

Glad you got those coins back and whoever initially stole it must have turned Robinhood in the meantime.

Probably just scared shitless of the FBI getting involved.

Yeah, likely just some kid. Ah still better to come your senses late than never.

[mc_lovin]

how many BTC were stolen/returned?

+ 200 karma points to the hacker for returning the coins!

[wyager]

Seriously, whoever returned the coins is either a really nice guy who just wanted to prove a point or they're scared shitless! They must have either done a poor job or have no idea what they're doing if the threat of involving the FBI actually swayed them.

[simplecoin]

I'm not speculating as to why it was done, or by what type of individual. It happened, the coins were returned, and I now have a chance to focus on the new unified pool framework. No client->poolserver->proxy->frontend anymore. I'm rewriting this in my primary language this time, not just what was initially requested for the bounty I didn't receive any of.

The new system is a ground-up approach, possibly even a new public client.....

[hmblm1245]

Hey guys, some hardware changes here and I'm making another stab at getting cgminer going in windows

I have been following the windows-build.txt instructions and everything seems to be happening so far, but the current step is

"Copy CGMiner source code directory into: \MinGW\msys\1.0\home\9folder with your user name)"

so far the instructions have been clear...but ?what? CGMiner source code directory?  where do I find it?

I know I am retarded and this is facepalmingly obvious...but please help

Are you trying to use CGminer as a miner or are you attempting to play with the source?

If you are using just the miner to mine, download the ZIP, Extract it any ware (Desktop, c:\,...) and launch cgminer.exe. create a cgminer.conf file that looks like this. (see the example.conf for help)

{
"pools" : [
   {
      "url" : "http://url1:8332",
      "user" : "user1",
      "pass" : "pass1"
   },
   {
      "url" : "http://url2:8344",
      "user" : "user2",
      "pass" : "pass2"
   },
   {
      "url" : "http://url3:8332",
      "user" : "user3",
      "pass" : "pass3"
   }
],

"intensity" : "d,9,9,9",
"gpu-engine" : "0-985,0-950,0-960,0-1000",
"gpu-fan" : "0-85,0-85,0-85,0-85",
"gpu-memclock" : "860,825,835,875",
"gpu-powertune" : "20,20,20,20",
"gpu-vddc" : "0.000,0.000,0.000,0.000",
"temp-cutoff" : "95,95,95,95",
"temp-overheat" : "85,85,85,85",
"temp-target" : "75,75,75,75",

"auto-fan" : true,
"auto-gpu" : true,
"expiry" : "120",
"failover-only" : true,
"gpu-threads" : "2",
"log" : "5",
"queue" : "1",
"retry-pause" : "5",
"scan-time" : "60",
"temp-hysteresis" : "3",
"worksize" : "0",

"shares" : "0",
"kernel-path" : "/usr/local/bin"
}