Bitcoin Forum
December 11, 2016, 02:20:36 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Simplecoin.us Back ONLINE!  (Read 3712 times)
simplecoin
Sr. Member
****
Offline Offline

Activity: 406



View Profile WWW
October 18, 2011, 07:56:37 PM
 #1

UPDATE:
Site online, BTC/NMC pools are active. GG & TBX pools will return once I can match all the txids from the previous wallets.

While there was no evidence of foul play. I was still uncomfortable flipping the server back online. So, I started from scratch making it more secure along the way.
There was no loss of funds and all balances remain.

All accounts were locked just in case there was a data breach, use the password recovery to unlock your account. If you have any troubles doing so, please msg me here or in #simplecoin on freenode.

Thanks,
Mike (simplecoin)


(Previous Message)
_______________________________________________________________________________ _________________________

I regret to inform everyone there was a likely breach at simplecoin.us.

What is known so far:
The main pool server home directory was wiped clean, including wallet backups. The pool username also had the password changed.
The live pool wallets were thankfully not in the home directory and were recovered.

What has been done:
The balances of the wallets are being transferred. There are no apparent losses so far.
The servers have been physically shut down to prevent any other data loss.

What this means to you:
It is possible your user data is compromised. While PINs & Passwords were encrypted, please change any passwords that you used here.


I am working hard to minimize the damage from this likely intrusion, I will post updates as more information is known.

Donations: 1VjGJHPtLodwCFBDWsHJMdEhqRcRKdBQk
1481466036
Hero Member
*
Offline Offline

Posts: 1481466036

View Profile Personal Message (Offline)

Ignore
1481466036
Reply with quote  #2

1481466036
Report to moderator
1481466036
Hero Member
*
Offline Offline

Posts: 1481466036

View Profile Personal Message (Offline)

Ignore
1481466036
Reply with quote  #2

1481466036
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481466036
Hero Member
*
Offline Offline

Posts: 1481466036

View Profile Personal Message (Offline)

Ignore
1481466036
Reply with quote  #2

1481466036
Report to moderator
RyNinDaCleM
Legendary
*
Offline Offline

Activity: 2002


Legen -wait for it- dary


View Profile
October 18, 2011, 08:04:17 PM
 #2

thank you!

hoping for the best!

REF
Hero Member
*****
Offline Offline

Activity: 526


View Profile
October 18, 2011, 08:17:33 PM
 #3

well that sounds like a definite hack not Probable. Its good to hear that user wallets are safe. I hope the situation doesn't change and everything is recovered without problems.
simplecoin
Sr. Member
****
Offline Offline

Activity: 406



View Profile WWW
October 18, 2011, 08:19:49 PM
 #4

well that sounds like a definite hack not Probable. Its good to hear that user wallets are safe. I hope the situation doesn't change and everything is recovered without problems.

Short of someone at the datacenter changing things (they were fixing ipv6 issues), it most likely is an intrusion.

Donations: 1VjGJHPtLodwCFBDWsHJMdEhqRcRKdBQk
hmblm1245
Hero Member
*****
Offline Offline

Activity: 635


View Profile
October 18, 2011, 08:46:55 PM
 #5

thank you!

hoping for the best!
Agreed, good luck. Let me know if you need any help parsing through logs, checking IPs... of course i know a lot of that is sedative data anyways, but the offer still stands.

Edit: sensitive (crazy auto correct)
simplecoin
Sr. Member
****
Offline Offline

Activity: 406



View Profile WWW
October 18, 2011, 08:49:21 PM
 #6

thank you!

hoping for the best!
Agreed, good luck. Let me know if you need any help parsing through logs, checking IPs... of course i know a lot of that is sedative data anyways, but the offer still stands.

Thanks. Right now I'm focusing on the coins. Maybe I'll get lucky and the IP will be in the user logs. I'm hoping shutting the machine down kept them from covering their tracks.

Donations: 1VjGJHPtLodwCFBDWsHJMdEhqRcRKdBQk
Coinbuck @ BTCLot
Hero Member
*****
Offline Offline

Activity: 541

The future begins today


View Profile WWW
October 18, 2011, 09:01:33 PM
 #7

Good to know that, a friend of mine was asking me all the afternoon what happened to simplecoin.

Please keep us informed.

Regards,

Bitcoin is the future !
Mobius
Hero Member
*****
Offline Offline

Activity: 957



View Profile
October 18, 2011, 09:15:49 PM
 #8

When will you be paying all outstanding balances? or was that compromised also?
Eveofwar
Sr. Member
****
Offline Offline

Activity: 406


View Profile
October 18, 2011, 09:16:40 PM
 #9

When will you be paying all outstanding balances? or was that compromised also?

I regret to inform everyone there was a likely breach at simplecoin.us.

What is known so far:
The main pool server home directory was wiped clean, including wallet backups. The pool username also had the password changed.
The live pool wallets were thankfully not in the home directory and were recovered.

What has been done:
The balances of the wallets are being transferred. There are no apparent losses so far.
The servers have been physically shut down to prevent any other data loss.

What this means to you:
It is possible your user data is compromised. While PINs & Passwords were encrypted, please change any passwords that you used here.


I am working hard to minimize the damage from this likely intrusion, I will post updates as more information is known.
simplecoin
Sr. Member
****
Offline Offline

Activity: 406



View Profile WWW
October 18, 2011, 09:20:01 PM
 #10

When will you be paying all outstanding balances? or was that compromised also?

I will be paying out balances as soon as I can confirm their validity.

Donations: 1VjGJHPtLodwCFBDWsHJMdEhqRcRKdBQk
Mobius
Hero Member
*****
Offline Offline

Activity: 957



View Profile
October 18, 2011, 09:27:16 PM
 #11

When will you be paying all outstanding balances? or was that compromised also?

I regret to inform everyone there was a likely breach at simplecoin.us.

What is known so far:
The main pool server home directory was wiped clean, including wallet backups. The pool username also had the password changed.
The live pool wallets were thankfully not in the home directory and were recovered.

What has been done:
The balances of the wallets are being transferred. There are no apparent losses so far.
The servers have been physically shut down to prevent any other data loss.


What is your specific time frame for completion of this task, since "There are no apparent losses so far."
Eveofwar
Sr. Member
****
Offline Offline

Activity: 406


View Profile
October 18, 2011, 09:30:12 PM
 #12

When will you be paying all outstanding balances? or was that compromised also?

I regret to inform everyone there was a likely breach at simplecoin.us.

What is known so far:
The main pool server home directory was wiped clean, including wallet backups. The pool username also had the password changed.
The live pool wallets were thankfully not in the home directory and were recovered.

What has been done:
The balances of the wallets are being transferred. There are no apparent losses so far.
The servers have been physically shut down to prevent any other data loss.


What is your specific time frame for completion of this task, since "There are no apparent losses so far."


When will you be paying all outstanding balances? or was that compromised also?

I will be paying out balances as soon as I can confirm their validity.
simplecoin
Sr. Member
****
Offline Offline

Activity: 406



View Profile WWW
October 18, 2011, 09:32:21 PM
 #13

When will you be paying all outstanding balances? or was that compromised also?

I regret to inform everyone there was a likely breach at simplecoin.us.

What is known so far:
The main pool server home directory was wiped clean, including wallet backups. The pool username also had the password changed.
The live pool wallets were thankfully not in the home directory and were recovered.

What has been done:
The balances of the wallets are being transferred. There are no apparent losses so far.
The servers have been physically shut down to prevent any other data loss.


What is your specific time frame for completion of this task, since "There are no apparent losses so far."


Right now the priority is to transfer funds as the blocks are confirmed. There is not a specific time frame, as the level of damage has not yet even been fully assessed.

Donations: 1VjGJHPtLodwCFBDWsHJMdEhqRcRKdBQk
simplecoin
Sr. Member
****
Offline Offline

Activity: 406



View Profile WWW
October 18, 2011, 10:47:01 PM
 #14

Ok, upon reboot. Everything is still intact. User tables, user data, even the missing files.

I'd like to hope this is a false alarm and just a mounted drive issue. However, I'm still going to thoroughly audit everything before turning the site back on.

Donations: 1VjGJHPtLodwCFBDWsHJMdEhqRcRKdBQk
hmblm1245
Hero Member
*****
Offline Offline

Activity: 635


View Profile
October 18, 2011, 11:56:53 PM
 #15

Ok, upon reboot. Everything is still intact. User tables, user data, even the missing files.

I'd like to hope this is a false alarm and just a mounted drive issue. However, I'm still going to thoroughly audit everything before turning the site back on.
Sounds like a professional response. Thanks.
simplecoin
Sr. Member
****
Offline Offline

Activity: 406



View Profile WWW
October 19, 2011, 05:18:01 PM
 #16

While everything checks out, even the logs (no successful connections to ssh or webmin but my own either)... I'm still not sold that there was no foul play.

So, I'm wiping the servers and restoring everything freshly.

That may add another day of downtime, but I want to be sure this issue is resolved once and for all.

Donations: 1VjGJHPtLodwCFBDWsHJMdEhqRcRKdBQk
Iyeman
Full Member
***
Offline Offline

Activity: 189


View Profile
October 19, 2011, 05:33:24 PM
 #17

While everything checks out, even the logs (no successful connections to ssh or webmin but my own either)... I'm still not sold that there was no foul play.

So, I'm wiping the servers and restoring everything freshly.

That may add another day of downtime, but I want to be sure this issue is resolved once and for all.

Wiping the server and starting over is only going to solve the problem if you fix however someone got access to it...since you can't fiind a way that someone accessed it then the problem can't be fixed (if there is a problem) so wiping and reloading seems like a waste of time lol

BTC: 1aombYbEyggW4uKuX2VgYBjPMu8yxcYCX
simplecoin
Sr. Member
****
Offline Offline

Activity: 406



View Profile WWW
October 19, 2011, 05:44:11 PM
 #18

While everything checks out, even the logs (no successful connections to ssh or webmin but my own either)... I'm still not sold that there was no foul play.

So, I'm wiping the servers and restoring everything freshly.

That may add another day of downtime, but I want to be sure this issue is resolved once and for all.

Wiping the server and starting over is only going to solve the problem if you fix however someone got access to it...since you can't fiind a way that someone accessed it then the problem can't be fixed (if there is a problem) so wiping and reloading seems like a waste of time lol

Wiping WILL remove any possible threats (I could have just turned the pool back on, but I'd rather be safe). I will be taking additional precautions as well.
SSH will be locked to my local certificate and IP.
Webmin will be locked to my local IP.
The only publicly open ports will be nginx and possibly pushpool (although I've heard of no one who needed to bypass the proxy). All others will be firewalled off entirely.





Donations: 1VjGJHPtLodwCFBDWsHJMdEhqRcRKdBQk
martychubbs
Hero Member
*****
Offline Offline

Activity: 476



View Profile
October 19, 2011, 08:58:19 PM
 #19

We appreciate the hard work!  What your planned time-frame to go live again?
simplecoin
Sr. Member
****
Offline Offline

Activity: 406



View Profile WWW
October 19, 2011, 08:59:47 PM
 #20

We appreciate the hard work!  What your planned time-frame to go live again?

If all works out, I should be ready tonight (CST), if not hopefully tomorrow. The rebuild has gone very smoothly so far.

Donations: 1VjGJHPtLodwCFBDWsHJMdEhqRcRKdBQk
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!