Fantastic the pool is getting back up.
Hopefully you were able to tackle this issue, so this doesn't reoccur up.
I will change my miners back to your pool when I get back from work.
I noticed in the payout screen, the "unsuccessful payout" (to the hacker) is still listed as payout.
Is this going to be corrected/send out later again?
Topic: [0Th]Ozcoin Pooled Mining |DGM 1%|Stratum+VarDiff port 80|NEW CN mining| - page 32. (Read 398185 times)
April 22, 2013, 03:47:02 AM
April 22, 2013, 03:30:30 AM
I hit the site. And logged in.
Looks like you are back on-line.
Congratulations.
And my sincere best wishes.
-- edit
Looks like there's still cached shares / history to catch up with.
I show unconfirmed credits even though it is *way* past twenty hours since I submitted a share.
NP. Just FYI.
Looks like you are back on-line.
Congratulations.
And my sincere best wishes.
-- edit
Looks like there's still cached shares / history to catch up with.
I show unconfirmed credits even though it is *way* past twenty hours since I submitted a share.
NP. Just FYI.
April 22, 2013, 03:17:58 AM
Website back online 
Not for me.https://ozcoin.net/
Is there an incantation which should be used other than that?
and fixed
April 22, 2013, 02:38:53 AM
Website back online
Thank you for all your hard work Graet!
I pointed my Avalons back at Ozcoin. I updated the firmware and cranked up the clock. They sit at ~140GHash/s.
I'm sitting at number 2 on the Top 20 Chart. Can anyone knock me down?
Edit: I got knocked down!
April 22, 2013, 02:34:09 AM
Website back online
Not for me.https://ozcoin.net/
Is there an incantation which should be used other than that?
April 22, 2013, 02:25:59 AM
in simple terms: YAY!
April 22, 2013, 02:23:46 AM
Website back online
webserver has had a clean install on new HDDs old HDDs still under forensic investigation
The pool forum and some other drupal modules disabled - we are looking forward to a new front end soon
Still some finishing up to do
eustratum mining node was where the exploit started, code has been changed and that node is offline until reinstalled.
I missed some emails during the downtime - if I have not responded, please resend, thanks
Hopefully there will be more good news within 24hours
I am amazed and even overwhelmed at times by the offers of help and the many ways people have contacted me with messages of support. Please know every one of you has made a difference, even if I have not been able to thank you personally. I feel humbled but more determined than ever to continue my involvement in Bitcoin, get Ozcoin back on a good footing and see where this amazing experiment takes us next
Best wishes and thanks all
Graeme
webserver has had a clean install on new HDDs old HDDs still under forensic investigation
The pool forum and some other drupal modules disabled - we are looking forward to a new front end soon
Still some finishing up to do
eustratum mining node was where the exploit started, code has been changed and that node is offline until reinstalled.
I missed some emails during the downtime - if I have not responded, please resend, thanks
Hopefully there will be more good news within 24hours
I am amazed and even overwhelmed at times by the offers of help and the many ways people have contacted me with messages of support. Please know every one of you has made a difference, even if I have not been able to thank you personally. I feel humbled but more determined than ever to continue my involvement in Bitcoin, get Ozcoin back on a good footing and see where this amazing experiment takes us next
Best wishes and thanks all
Graeme
April 21, 2013, 09:43:10 PM
i'm not a regular miner at ozcoin but respect it and Graet - based on his posts at this forum.
it would be very pity to let this pool disappear. have just detached one miner from slush's and pointed to ozcoin as my solidarity. that's not too much hashes - just what i can afford to spend then...
do not give up
it would be very pity to let this pool disappear. have just detached one miner from slush's and pointed to ozcoin as my solidarity. that's not too much hashes - just what i can afford to spend then...
do not give up
April 21, 2013, 04:00:35 PM
Main server is back up but in "maintainance mode"
Cached shares are being counted at the moment
a bit more to do before we can make the site live
getting close though
Best wishes
Graet
Cached shares are being counted at the moment
a bit more to do before we can make the site live
getting close though
Best wishes
Graet
April 21, 2013, 12:36:49 PM
do you know how you were compromised? putting the same code back up might just let the hacker back in...
yes we do...would be silly eh?So - pray tell!
April 21, 2013, 09:48:53 AM
Graet,
I'm very sorry for what happened, You run the great pool and I hope that your pool would survive for the sake of the bitcoin network.
Nevertheless: What do you use to store passwords inside the database. Is there a possibility that password hashes were compromised during the last break in? What algorithm do you use to store password hashes inside the database: SHA1, SHA256, do you use salt? I'm asking because many users are using the same password and username with many pools and online accounts.
Thank you
I'm very sorry for what happened, You run the great pool and I hope that your pool would survive for the sake of the bitcoin network.
Nevertheless: What do you use to store passwords inside the database. Is there a possibility that password hashes were compromised during the last break in? What algorithm do you use to store password hashes inside the database: SHA1, SHA256, do you use salt? I'm asking because many users are using the same password and username with many pools and online accounts.
Thank you
ozcoin uses drupal 7 function user_hash_password:
http://api.drupal.org/api/drupal/includes!password.inc/function/user_hash_password/7
Drupal 7 use SHA512 by default with a salt. It runs the hash through PHP's hash function numerous times to increase the computation cost of generating a password's final hash (a security technique called stretching).
April 21, 2013, 09:37:14 AM
Graet,
I'm very sorry for what happened, You run the great pool and I hope that your pool would survive for the sake of the bitcoin network.
Nevertheless: What do you use to store passwords inside the database. Is there a possibility that password hashes were compromised during the last break in? What algorithm do you use to store password hashes inside the database: SHA1, SHA256, do you use salt? I'm asking because many users are using the same password and username with many pools and online accounts.
Thank you
I'm very sorry for what happened, You run the great pool and I hope that your pool would survive for the sake of the bitcoin network.
Nevertheless: What do you use to store passwords inside the database. Is there a possibility that password hashes were compromised during the last break in? What algorithm do you use to store password hashes inside the database: SHA1, SHA256, do you use salt? I'm asking because many users are using the same password and username with many pools and online accounts.
Thank you
April 21, 2013, 04:19:52 AM
do you know how you were compromised? putting the same code back up might just let the hacker back in...
yes we do...would be silly eh? April 21, 2013, 02:01:24 AM
do you know how you were compromised? putting the same code back up might just let the hacker back in...
yes we do...would be silly eh? April 21, 2013, 01:36:52 AM
do you know how you were compromised? putting the same code back up might just let the hacker back in...
April 20, 2013, 11:52:00 PM
IM BATMAN!
Compromised account? Might explain a number of things if a similar/same password was used for the coding he did.
In other news the police computer crime division only works Monday to Friday 9am -5pm, I'll call again during office hours
Just as well computer crimes are only committed between Monday to Friday, 9 - 5. Not sure what we'd do if those criminals started keeping odd hours.
Good news is server is ready to go back into colocation, it ill be in "maintainance mode" while we finish up some stuff and shares catch up.
More news as it comes to hand
Cheers
Graet
April 20, 2013, 11:30:05 PM
IM BATMAN!
Compromised account? Might explain a number of things if a similar/same password was used for the coding he did.
In other news the police computer crime division only works Monday to Friday 9am -5pm, I'll call again during office hours
Just as well computer crimes are only committed between Monday to Friday, 9 - 5. Not sure what we'd do if those criminals started keeping odd hours.
April 20, 2013, 11:18:24 PM
Okay, sorry I freaked. I've been spending the better half of today tracking down various Runescape hackers dealing in Bitcoin.
April 20, 2013, 11:15:24 PM
IM BATMAN!
Compromised account? Might explain a number of things if a similar/same password was used for the coding he did.
lmfao completely different passwords here.
i was bored.
April 20, 2013, 11:14:28 PM
IM BATMAN!
Compromised account? Might explain a number of things if a similar/same password was used for the coding he did.
In other news the police computer crime division only works Monday to Friday 9am -5pm, I'll call again during office hours
Jump to: