Bitcoin Forum
December 07, 2016, 10:46:10 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 [44] 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 »
  Print  
Author Topic: [POOL] - Coinotron --- FIRST ETH-ETC MULTIPORT - profit switchng port 7777  (Read 216293 times)
coinotron
Legendary
*
Offline Offline

Activity: 995


View Profile
April 27, 2013, 02:15:43 PM
 #861

OK, Im glad you are aware of the problem and taking action and updating us on the situation, but blocking all withdrawls is fairly extreme and likely to have a negative effect on the pool. You should maybe change the password requirement to include X number of letters and numbers, and possibly require symbols as well if the brute force attacks are really serious. Id hate to see a captcha required to login, but X number of repeated failed logins should disable logins for X number of minutes/hours. I think most people would be fine with that.

Thanks again for the update and good luck with everything.


I don't want to go into details. I must perform serious check on scale of the attack before I will enable payouts.
Like I said they are attacking concurrently few other sites, so I guess situation is serious.
Your suggestions are fine but there are kinds of attacks they will not stop. And unfortunatelly we are facing such one.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
vdragon
Full Member
***
Offline Offline

Activity: 196



View Profile WWW
April 27, 2013, 02:41:01 PM
 #862

IS the pool under some kind of ddos? Speed fluctuating like crazy, but no stales and/or invalids

Btw, also automatic payout acting up again?

There are quite a lot miners switching to TRC mining when difficulty is low. That causes pool hashrate fluctuations.
Payouts will be enabled soon.

 I am not switching, I am sitting at ltc all the time :/

My USB Erupter GROUP BUY https://bitcointalk.org/index.php?topic=252180.0

Hungary (south) based trader - accepting/sending bank transfers, also willing to meet in person
Tigggger
Legendary
*
Offline Offline

Activity: 952



View Profile
April 27, 2013, 03:56:37 PM
 #863

Seeing 5-8% rejected shares mining LTC with CGminer.

Is that normal?

No, it's not normal at all.  I've seen almost 10% rejected shares on some of my rigs in the last day while mining LTC on Coinotron though. 

I just quit earlier for the same reason 10% rejects.

I think it's a combination of having to use a high intensity with scrypt and a share difficulty of '192' the number of shares per minute is very small so everytime a new block is found and those shares are rejected it makes it a huge percentage of the work total.

The pool I swapped to is using a share difficulty of 32, and it's averaging out at 3%

Mining BTC the intensity can be lowered, share diff is 1, and on guild and 50btc reject rate is ~0.01 %

 

cdog
Hero Member
*****
Offline Offline

Activity: 546



View Profile
April 27, 2013, 04:34:28 PM
 #864

Ok so this is a major problem, same issue here, Im going to have to switch over to a backup PPS pool until its fixed, hopefully ASAP
vdragon
Full Member
***
Offline Offline

Activity: 196



View Profile WWW
April 27, 2013, 05:20:37 PM
 #865

Switching pool, and I thought this one is ok

My USB Erupter GROUP BUY https://bitcointalk.org/index.php?topic=252180.0

Hungary (south) based trader - accepting/sending bank transfers, also willing to meet in person
itsgoldbaby
Full Member
***
Offline Offline

Activity: 157


Hello!


View Profile
April 27, 2013, 07:40:55 PM
 #866

I was wondering why my withdrawal wouldn't process.  Sad
coinotron
Legendary
*
Offline Offline

Activity: 995


View Profile
April 27, 2013, 07:41:57 PM
 #867

OK. Attack was massive, but not particularly harmful.
I enabled payouts and possibility to update withdrawal addresses.

Attention!!!
Under any circumstances don't use on Coinotron website password that you are using on other sites. Sites perpetually get hacked, their user databases compromised, passwords are then used to log in on our website.

General rule:
Use different password on each cryptocoin site you have account.

TheSwede75
Full Member
***
Offline Offline

Activity: 224



View Profile
April 27, 2013, 09:32:59 PM
 #868

OK. Attack was massive, but not particularly harmful.
I enabled payouts and possibility to update withdrawal addresses.

Attention!!!
Under any circumstances don't use on Coinotron website password that you are using on other sites. Sites perpetually get hacked, their user databases compromised, passwords are then used to log in on our website.

General rule:
Use different password on each cryptocoin site you have account.

Telling users that it's 'not smart to use the same password' is a pretty damn weak excuse for not having adequate security. What did you do? Store the passwords in plaintext or something else stupid?
Also: Just noticed that you don't even allow users the option of changing password. Seriously?
vdragon
Full Member
***
Offline Offline

Activity: 196



View Profile WWW
April 27, 2013, 09:37:04 PM
 #869

Btw, still no payout

My USB Erupter GROUP BUY https://bitcointalk.org/index.php?topic=252180.0

Hungary (south) based trader - accepting/sending bank transfers, also willing to meet in person
vdragon
Full Member
***
Offline Offline

Activity: 196



View Profile WWW
April 27, 2013, 09:49:40 PM
 #870

Payout ok, I appologise for my doubts

My USB Erupter GROUP BUY https://bitcointalk.org/index.php?topic=252180.0

Hungary (south) based trader - accepting/sending bank transfers, also willing to meet in person
FullFathom5
Jr. Member
*
Offline Offline

Activity: 31


View Profile
April 27, 2013, 09:52:58 PM
 #871

OK. Attack was massive, but not particularly harmful.
I enabled payouts and possibility to update withdrawal addresses.

Attention!!!
Under any circumstances don't use on Coinotron website password that you are using on other sites. Sites perpetually get hacked, their user databases compromised, passwords are then used to log in on our website.

General rule:
Use different password on each cryptocoin site you have account.

Telling users that it's 'not smart to use the same password' is a pretty damn weak excuse for not having adequate security. What did you do? Store the passwords in plaintext or something else stupid?
Also: Just noticed that you don't even allow users the option of changing password. Seriously?

I think we'd all like to know the answer to this question. Are usernames and passwords encrypted or not?

Edit: Let me rephrase that: historically were username/passwords encrypted? What is the case presently?
knedle
Member
**
Offline Offline

Activity: 99


View Profile
April 27, 2013, 10:02:04 PM
 #872

OK. Attack was massive, but not particularly harmful.
I enabled payouts and possibility to update withdrawal addresses.

Attention!!!
Under any circumstances don't use on Coinotron website password that you are using on other sites. Sites perpetually get hacked, their user databases compromised, passwords are then used to log in on our website.

General rule:
Use different password on each cryptocoin site you have account.

Telling users that it's 'not smart to use the same password' is a pretty damn weak excuse for not having adequate security. What did you do? Store the passwords in plaintext or something else stupid?
Also: Just noticed that you don't even allow users the option of changing password. Seriously?

Telling users that it's 'not smart to use the same password' is stupid, because part of those users are even more stupid and they will prefer to look for all the lame excuses they can think about, than change their habits, and for once do something smart and secure.

On the other hand, if there was something like a brute force attack, I can think of a very simple way to stop it - captcha.
txmasut
Sr. Member
****
Offline Offline

Activity: 280

Vantacor


View Profile WWW
April 27, 2013, 10:07:23 PM
 #873

OK. Attack was massive, but not particularly harmful.
I enabled payouts and possibility to update withdrawal addresses.

Attention!!!
Under any circumstances don't use on Coinotron website password that you are using on other sites. Sites perpetually get hacked, their user databases compromised, passwords are then used to log in on our website.

General rule:
Use different password on each cryptocoin site you have account.

Telling users that it's 'not smart to use the same password' is a pretty damn weak excuse for not having adequate security. What did you do? Store the passwords in plaintext or something else stupid?
Also: Just noticed that you don't even allow users the option of changing password. Seriously?

Um...seriously? A brute force attack means that multiple passwords are attempted and that if you are using stupid easy passwords they get in, or if you used the same one elsewhere and they were compromised then you are screwed.  Both of these scenarios have nothing to do with Coinotron and everything to do with you.  Coinotron secures your information, you better as well.

Vantacor Mining Store
Amazon.com Mining Store
BTC-1488ZE5vUFxUbxNLdcQoaHQkx1qxYXPgNM LTC-Le9LVJKz5bu2prQicazidFmSDo3ucTSX81 Rep Thread https://bitcointalk.org/index.php?topic=200743.msg2095050#msg2095050
superfastkyle
Sr. Member
****
Offline Offline

Activity: 437


View Profile
April 27, 2013, 11:04:35 PM
 #874

ppc server appears to be down
TheSwede75
Full Member
***
Offline Offline

Activity: 224



View Profile
April 27, 2013, 11:07:44 PM
 #875

OK. Attack was massive, but not particularly harmful.
I enabled payouts and possibility to update withdrawal addresses.

Attention!!!
Under any circumstances don't use on Coinotron website password that you are using on other sites. Sites perpetually get hacked, their user databases compromised, passwords are then used to log in on our website.

General rule:
Use different password on each cryptocoin site you have account.

Telling users that it's 'not smart to use the same password' is a pretty damn weak excuse for not having adequate security. What did you do? Store the passwords in plaintext or something else stupid?
Also: Just noticed that you don't even allow users the option of changing password. Seriously?

Um...seriously? A brute force attack means that multiple passwords are attempted and that if you are using stupid easy passwords they get in, or if you used the same one elsewhere and they were compromised then you are screwed.  Both of these scenarios have nothing to do with Coinotron and everything to do with you.  Coinotron secures your information, you better as well.


Of course you should't have password '123' on any site and that's not my point. A brute force attack has zero-chance of success if adequate security exist in the first place. No, I username wasn't 'GOD' with password '123' by any means but I still want to know more about what and how they were compromised then just 'if you have the same password anywhere else, change'.

Not offering a change password on the site is the killer though. Completely insane.
Eich
Jr. Member
*
Offline Offline

Activity: 46


Cryptocoins are your friend.


View Profile
April 27, 2013, 11:09:55 PM
 #876

OK. Attack was massive, but not particularly harmful.
I enabled payouts and possibility to update withdrawal addresses.

Attention!!!
Under any circumstances don't use on Coinotron website password that you are using on other sites. Sites perpetually get hacked, their user databases compromised, passwords are then used to log in on our website.

General rule:
Use different password on each cryptocoin site you have account.

Telling users that it's 'not smart to use the same password' is a pretty damn weak excuse for not having adequate security. What did you do? Store the passwords in plaintext or something else stupid?
Also: Just noticed that you don't even allow users the option of changing password. Seriously?

Um...seriously? A brute force attack means that multiple passwords are attempted and that if you are using stupid easy passwords they get in, or if you used the same one elsewhere and they were compromised then you are screwed.  Both of these scenarios have nothing to do with Coinotron and everything to do with you.  Coinotron secures your information, you better as well.


Of course you should't have password '123' on any site and that's not my point. A brute force attack has zero-chance of success if adequate security exist in the first place. No, I username wasn't 'GOD' with password '123' by any means but I still want to know more about what and how they were compromised then just 'if you have the same password anywhere else, change'.

Not offering a change password on the site is the killer though. Completely insane.

You can change passwords. Click "My Account", and its all the way down at the bottom.

Best Regards, Eich -- Digital Bread - Bitcoin News
BTC: 1B5qPNCeyyg5Pfg2JUrcoJZFoedT1CV4pN
TheSwede75
Full Member
***
Offline Offline

Activity: 224



View Profile
April 27, 2013, 11:21:45 PM
 #877

OK. Attack was massive, but not particularly harmful.
I enabled payouts and possibility to update withdrawal addresses.

Attention!!!
Under any circumstances don't use on Coinotron website password that you are using on other sites. Sites perpetually get hacked, their user databases compromised, passwords are then used to log in on our website.

General rule:
Use different password on each cryptocoin site you have account.

Telling users that it's 'not smart to use the same password' is a pretty damn weak excuse for not having adequate security. What did you do? Store the passwords in plaintext or something else stupid?
Also: Just noticed that you don't even allow users the option of changing password. Seriously?

Um...seriously? A brute force attack means that multiple passwords are attempted and that if you are using stupid easy passwords they get in, or if you used the same one elsewhere and they were compromised then you are screwed.  Both of these scenarios have nothing to do with Coinotron and everything to do with you.  Coinotron secures your information, you better as well.


Of course you should't have password '123' on any site and that's not my point. A brute force attack has zero-chance of success if adequate security exist in the first place. No, I username wasn't 'GOD' with password '123' by any means but I still want to know more about what and how they were compromised then just 'if you have the same password anywhere else, change'.

Not offering a change password on the site is the killer though. Completely insane.

You can change passwords. Click "My Account", and its all the way down at the bottom.

Thank you, I guess that part of my critisizm was wrong. Not that I can change it now though since the site is down.
Schrankwand
Full Member
***
Offline Offline

Activity: 224


View Profile
April 27, 2013, 11:26:42 PM
 #878

OK. Attack was massive, but not particularly harmful.
I enabled payouts and possibility to update withdrawal addresses.

Attention!!!
Under any circumstances don't use on Coinotron website password that you are using on other sites. Sites perpetually get hacked, their user databases compromised, passwords are then used to log in on our website.

General rule:
Use different password on each cryptocoin site you have account.

Telling users that it's 'not smart to use the same password' is a pretty damn weak excuse for not having adequate security. What did you do? Store the passwords in plaintext or something else stupid?
Also: Just noticed that you don't even allow users the option of changing password. Seriously?

Um...seriously? A brute force attack means that multiple passwords are attempted and that if you are using stupid easy passwords they get in, or if you used the same one elsewhere and they were compromised then you are screwed.  Both of these scenarios have nothing to do with Coinotron and everything to do with you.  Coinotron secures your information, you better as well.


I suggest using a software like Keepass generating high entropy passwords that you can copy and paste.

I do not even know most of my passwords and they are between 32 and 256 digits, mostly in the 64 digits range, if they are not limited by site.

I suggest doing something similar and securing the key databases very well with a phrase password that is very, very long and includes a random number and special character somewhere.

Anything else is just begging to get your ass kicked... but if you do it with a program, you only need to remember key databases, where you can use mnemonic devices to write down the password. This way, no one could even rubber crypto you, since you'd have to answer "Sorry, i have no fucking clue what my password is."
Extornia
Full Member
***
Offline Offline

Activity: 152


View Profile
April 27, 2013, 11:27:00 PM
 #879

is the ltc pool down
tinman951
Full Member
***
Offline Offline

Activity: 149


View Profile
April 28, 2013, 12:17:19 AM
 #880

I agree, all of my miners on two systems say connection problems, or just aren't reporting on the coinotron stats page.

**EDIT**  I quit all of my miners completely and started them over again.  One I had to delete the miner from coinotron and recreate it.  That may have been a fluke though.

Free micro bitcoins: http://www.bitvisitor.com/?ref=1DFw1VncjVhqdg6GWoQ6Qtc5ncR5RHXxfP
Donate BTC: 18b94MMTWd7bWaUWcq7VHmizgswP2dK6fM
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 [44] 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!