Bitcoin Forum
December 05, 2016, 02:51:54 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 [16] 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 ... 78 »
  Print  
Author Topic: [ANN] [LTC] [PPS] [OTP 2FA] [Stratum only] LTCMine PPS mining pool (3.3%)  (Read 214361 times)
Tejsei3
Jr. Member
*
Offline Offline

Activity: 36


View Profile
April 20, 2013, 02:31:28 PM
 #301

Thanks for your quick action.
1480949514
Hero Member
*
Offline Offline

Posts: 1480949514

View Profile Personal Message (Offline)

Ignore
1480949514
Reply with quote  #2

1480949514
Report to moderator
1480949514
Hero Member
*
Offline Offline

Posts: 1480949514

View Profile Personal Message (Offline)

Ignore
1480949514
Reply with quote  #2

1480949514
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
pushyk
Sr. Member
****
Offline Offline

Activity: 410


View Profile
April 20, 2013, 02:34:12 PM
 #302

That's quite interesting:

Code:
# cat access.log.2 | grep 'POST /login' | wc -l
56236
# cat access.log.1 | grep 'POST /login' | wc -l
71523
#

It seems that we find our problem. I'll add new rule into fail2ban settings.

тоесть как я понял мой пароль через койнотрон хакнули, или всё-таки у вас была дыра? не совсем понял ..
вроде-бы и непростой восьмизначный цифробуквенный был..
Balthazar
Legendary
*
Online Online

Activity: 1988


Post rank racist


View Profile
April 20, 2013, 02:51:07 PM
 #303

That's quite interesting:

Code:
# cat access.log.2 | grep 'POST /login' | wc -l
56236
# cat access.log.1 | grep 'POST /login' | wc -l
71523
#

It seems that we find our problem. I'll add new rule into fail2ban settings.

тоесть как я понял мой пароль через койнотрон хакнули, или всё-таки у вас была дыра? не совсем понял ..
вроде-бы и непростой восьмизначный цифробуквенный был..
Это не дыра, а просто брутфорс. Возможно, в комбинации с украденными паролями или по словарю.

novaco.in | VMWare VMHGFS driver for 3.19.x kernels | Ukrainian translation for Novacoin [Done]
฿: 1GV8D5SRkA3cPccpYhVc2wMkjwz3UREEpy: 4RgnHWtnJWEyMhqhDdazW3Hdr7cx5ybF6i
Balthazar
Legendary
*
Online Online

Activity: 1988


Post rank racist


View Profile
April 20, 2013, 03:01:46 PM
 #304

New settings applied.
Quote
WARNING [ltcmine-login] Ban 108.254.4.74
WARNING [ltcmine-login] Ban 24.188.138.99
WARNING [ltcmine-login] Ban 83.151.4.212
WARNING [ltcmine-login] Ban 128.73.39.106
WARNING [ltcmine-login] Unban 108.254.4.74
WARNING [ltcmine-login] Unban 24.188.138.99
WARNING [ltcmine-login] Unban 83.151.4.212
WARNING [ltcmine-login] Unban 128.73.39.106
Smiley

Some details... If you tried to login more than three times, your IP will be banned for 600s.

novaco.in | VMWare VMHGFS driver for 3.19.x kernels | Ukrainian translation for Novacoin [Done]
฿: 1GV8D5SRkA3cPccpYhVc2wMkjwz3UREEpy: 4RgnHWtnJWEyMhqhDdazW3Hdr7cx5ybF6i
BBN
Member
**
Offline Offline

Activity: 77


View Profile
April 20, 2013, 03:07:35 PM
 #305

Brute force with stolen passwords is what I am thinking as well. Balthazar it might be a good idea to stick a warning msg on the front page urging members to use unique password for the site  Roll Eyes
Balthazar
Legendary
*
Online Online

Activity: 1988


Post rank racist


View Profile
April 20, 2013, 03:14:47 PM
 #306

One of possible solutions is force users to use autogenerated passwords. Then all passwords obviously will be unique. But when I tried it once, I received toooooo much emails about forgotten passwords recovery. Roll Eyes

So, I think that google authentication + password will be quite reliable solution.

novaco.in | VMWare VMHGFS driver for 3.19.x kernels | Ukrainian translation for Novacoin [Done]
฿: 1GV8D5SRkA3cPccpYhVc2wMkjwz3UREEpy: 4RgnHWtnJWEyMhqhDdazW3Hdr7cx5ybF6i
ymer
Sr. Member
****
Offline Offline

Activity: 280


View Profile
April 20, 2013, 03:17:22 PM
 #307

If it helps I used the same user/password in these sites and none of my accounts were compromised:

coinotron
give-me-ltc
ltc.kattare.com
wemineltc
ltcmine.ru

Balthazar
Legendary
*
Online Online

Activity: 1988


Post rank racist


View Profile
April 20, 2013, 03:18:33 PM
 #308

You are lucky man  Wink

novaco.in | VMWare VMHGFS driver for 3.19.x kernels | Ukrainian translation for Novacoin [Done]
฿: 1GV8D5SRkA3cPccpYhVc2wMkjwz3UREEpy: 4RgnHWtnJWEyMhqhDdazW3Hdr7cx5ybF6i
ymer
Sr. Member
****
Offline Offline

Activity: 280


View Profile
April 20, 2013, 03:20:52 PM
 #309

You are lucky man  Wink

Yea, well just trying to help find out the compromised site  Smiley

Balthazar
Legendary
*
Online Online

Activity: 1988


Post rank racist


View Profile
April 20, 2013, 03:23:53 PM
 #310

kha0s will perform security audit soon, don't know about others.

P.S. ETA for withdrawals is 1-1.5 hours approximately. I need to eat something...  Roll Eyes

novaco.in | VMWare VMHGFS driver for 3.19.x kernels | Ukrainian translation for Novacoin [Done]
฿: 1GV8D5SRkA3cPccpYhVc2wMkjwz3UREEpy: 4RgnHWtnJWEyMhqhDdazW3Hdr7cx5ybF6i
Balthazar
Legendary
*
Online Online

Activity: 1988


Post rank racist


View Profile
April 20, 2013, 03:48:04 PM
 #311

If you see your account in this lists

https://bitcointalk.org/index.php?topic=92522.msg1892862#msg1892862

you need PM me with your new withdrawal address and details about your account.

novaco.in | VMWare VMHGFS driver for 3.19.x kernels | Ukrainian translation for Novacoin [Done]
฿: 1GV8D5SRkA3cPccpYhVc2wMkjwz3UREEpy: 4RgnHWtnJWEyMhqhDdazW3Hdr7cx5ybF6i
kronut
Member
**
Offline Offline

Activity: 86



View Profile
April 20, 2013, 03:56:39 PM
 #312

The item that bothers me is the full usernames on the top miner and such stats. One can compile a list of usernames fairly easy to brute force.

Have you thought about obfuscating part of the usernames in the stats?

Another suggestion is a pin for withdrawal, changing the payout address, or even password changes. This way if someone does get logged in, they still can't make any changes without it.

Edit: Did you find it funny that MinerG is part of the compromised accounts?
Balthazar
Legendary
*
Online Online

Activity: 1988


Post rank racist


View Profile
April 20, 2013, 04:28:21 PM
 #313

I'll add "displayed name" feature soon. Anyway, with locked addresses there is no sense to brute force again anymore. Addresses will be unlocked after adding the google authentication, and only for GA sessions.

Quote
Did you find it funny that MinerG is part of the compromised accounts?
Of course.  Unfortunately, his account was banned before, so hacker was unable to withdraw anything.

novaco.in | VMWare VMHGFS driver for 3.19.x kernels | Ukrainian translation for Novacoin [Done]
฿: 1GV8D5SRkA3cPccpYhVc2wMkjwz3UREEpy: 4RgnHWtnJWEyMhqhDdazW3Hdr7cx5ybF6i
tacotime
Legendary
*
Offline Offline

Activity: 1484



View Profile
April 20, 2013, 04:35:21 PM
 #314

I had about 10 LTC stolen. Sad

edit: Hot wallet address is okay, so no compromises there.  Looks like it was just taken from my ltcmine account.

Code:
XMR: 44GBHzv6ZyQdJkjqZje6KLZ3xSyN1hBSFAnLP6EAqJtCRVzMzZmeXTC2AHKDS9aEDTRKmo6a6o9r9j86pYfhCWDkKjbtcns
Balthazar
Legendary
*
Online Online

Activity: 1988


Post rank racist


View Profile
April 20, 2013, 05:37:09 PM
 #315

Re-posting again:

Quote
If you see your account in this lists

https://bitcointalk.org/index.php?topic=92522.msg1892862#msg1892862

you need PM me with your new withdrawal address and details about your account.

P.S. 10/59

novaco.in | VMWare VMHGFS driver for 3.19.x kernels | Ukrainian translation for Novacoin [Done]
฿: 1GV8D5SRkA3cPccpYhVc2wMkjwz3UREEpy: 4RgnHWtnJWEyMhqhDdazW3Hdr7cx5ybF6i
BBN
Member
**
Offline Offline

Activity: 77


View Profile
April 20, 2013, 07:09:00 PM
 #316

Balthazar, about the G Verification is that an sms thingy/recaptcha or smth similar?
Balthazar
Legendary
*
Online Online

Activity: 1988


Post rank racist


View Profile
April 20, 2013, 07:11:33 PM
 #317

Balthazar, about the G Verification is that an sms thingy/recaptcha or smth similar?
It will be usual authentication using your google account. Maybe in addition to our login/password, to improve security.

11 accounts from 59 unlocked successfully. Waiting for another compromised account owners.

novaco.in | VMWare VMHGFS driver for 3.19.x kernels | Ukrainian translation for Novacoin [Done]
฿: 1GV8D5SRkA3cPccpYhVc2wMkjwz3UREEpy: 4RgnHWtnJWEyMhqhDdazW3Hdr7cx5ybF6i
BBN
Member
**
Offline Offline

Activity: 77


View Profile
April 20, 2013, 07:16:43 PM
 #318

Just recovered my G account password  Grin
Balthazar
Legendary
*
Online Online

Activity: 1988


Post rank racist


View Profile
April 20, 2013, 07:20:09 PM
 #319

12/59

novaco.in | VMWare VMHGFS driver for 3.19.x kernels | Ukrainian translation for Novacoin [Done]
฿: 1GV8D5SRkA3cPccpYhVc2wMkjwz3UREEpy: 4RgnHWtnJWEyMhqhDdazW3Hdr7cx5ybF6i
Balthazar
Legendary
*
Online Online

Activity: 1988


Post rank racist


View Profile
April 20, 2013, 07:28:44 PM
 #320

I'll back a hour later, and waiting for PMs and emails from compromised account owners. 12/59 isn't enough yet.

novaco.in | VMWare VMHGFS driver for 3.19.x kernels | Ukrainian translation for Novacoin [Done]
฿: 1GV8D5SRkA3cPccpYhVc2wMkjwz3UREEpy: 4RgnHWtnJWEyMhqhDdazW3Hdr7cx5ybF6i
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 [16] 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 ... 78 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!