Topic: [4+ EH] Slush Pool (slushpool.com); Overt AsicBoost; World First Mining Pool - page 1001. (Read 4382653 times)

Can you confirm that it actually connects using telnet?  If it only says attempting to connect then you are not connecting.  If telnet connects, most likely you will see a blank window with a blinking cursor in top left (on windows).  If it tells you that it's attempting to connect and eventually times out like this:

C:\>telnet blah.blah 8332
Connecting To blah.blah...Could not open connection to the host, on port 8332: Connect failed
C:\>

then it's not your mining client...

Ah, ok ... right.  It attempts to connect.  So my machines can see the server.  For whatever reason, DiabloMiner is not connecting properly.  ;-(

try "telnet api.bitcoin.cz 8332" from a command prompt. if you timeout and don't connect, it ain't your mining software and setup causing you issues.  you will then have to look to your network as the source of the problem.  if you do connect, then something isn't right with the mining client...  give it a try...

Of course, I should be pointing to api.bitcoin.cz ... still can't connect.  Have deleted and re-entered my IP into the whitelist several times.

I tried the day after it went into effect.  All I got was the "ERROR:  Can't connect to Bitcoin:  Bitcoin returned unparsable JSON" message.

I'm trying to connect as follows:

--url http://me.something:[email protected]:8332

what am I missing?

Thanks.

Because if their email is also compromised it gives them time to fix it before a payout can be made.

Why we need 'lock'? I don't see any advantage in that. Email confirmation isn't enough? Afaik it works very well for pool users.

Some users has changed wallet, because attacker entered their account before I released email confirmation. But I detected many intrusions and cancelled attacker address on those accounts. But of course everybody have to check his account if wallet is correct.

As far as I can say, pool accounts are now safe, even if attacker know login/password for them.

I never remember opting in but I got email confirmation and, because my email didn't use the same PW as Mt Gox/BPM they weren't able to confirm it. I suspect it automatically requires email confirmation. If you were unlucky enough to use your BPM/Gox password for your email, too, though, then you'd be out of luck.

Slush-
So do wallet changes automatically need email conformation or how do we set that up? I thought you said you already added this feature.

This is exactly why we need a payout address lock. Just so if something fishy happens, your coins won't move out for at least 24hours.

I don't think this would stop him but I'm assuming there are a lot of account that have pending wallet transfers. I think it'd be smart to go ahead and revert any pending wallet transfer to that address in the event someone unwittingly confirms it. I think it'd be wise to roll out mandatory password changes, too, or at least send out an advisory email. I didn't change mine because I switched to a different pool and didn't think about it (plus I had only a very small fractional balance left at BPM). Last time I looked at the address on block explorer it didn't look like he'd snagged any big sums of BTC so it could be the case that the only account with weak passwords were idle accounts but better safe than sorry.

Maybe because there not all that sophisticated. It's just THAT easy to get into some people's accounts....

It takes one second to create another one..this is no sollution. I just don't understand why the attacker does not use several(let say 50) different adresses to be less traceable.

My empty Mt. Gox account used the same password as my nearly empty BPM mining account. Just before 7AM EDT today someone tried to change my wallet address to:
1GM5hnKBFm2nJB4KLsFPrh55EKNwQjog4W
If you look at this address on block explorer you'll see that it started receiving coins today and has mostly gotten small amounts, presumably from doing what he tried to do to me (but failed at, because my email address has a different PW so he couldn't confirm the change).
I suggest you blacklist this wallet address from receiving coins from BPM and alert those accounts who were switched to it.

he is seeing 2.7ish, don't you read what you quote?



To Slush: Please enable a address lock, this will give ppl time to fix things when shit hits the fan for them. At least the thief can't steal unless the user is away for more than 24hours. PLEASE ENABLE THIS. It will make your pool more secure and I know alot of ppl LOVE BTCGuild because they have this safety feature.

Are you saying that you are expecting 3.7 and only getting 3.6 and you are concerned about this? Please tell me you're not serious. Am I missing something?

Hi Slush,

I posted before the recent D jump to 877k, unfortunately soon after there was the attack on ur pool and I know you were really busy getting it up again. Now I'd like to bring my concern up again. I've not really arrived at an average that is close to my expected rate of BTC before and I have not now.

My expected at current difficulty is ~3.7 BTC/day and with 2% stales it's still ~3.6 BTC/day. I'm seeing 2.7ish and a 7-day average of 2.45ish. This is much similar to my previous post % of around 30% difference between my 7-day average and my expected returns. I've been busy to change my script to test out other pools and I'd like to ask for some sort of justification.

Judging from what I hear from others, they are getting pretty close to the expected value thus I'm feeling like there is some kind of fault on my end, however I'm not seeing it. Your previous reply indicated there might be some problems with my miners. I've stayed with them and I'm seeing no issues, just for info I'm running

Ubuntu 11.04
Phoenix 1.5 w/ phatk @ VECTORS BFI_INT WORKSIZE=256 AGGRESSION=13
CCC 11.5 + SDK 2.1
AMDOverdriveCtrl 1.2.0
2x5970 ~750 Mhash/s ea. (OC @ 850/300 FS: 100% ~ 75 celcius)
5x5850 ~355 Mhash/s ea. (OC @ 900/250 FS: 100% ~ 65 celcius)

Stales at around 2.3% average.

These are on 2 dedicated machines, I've got problems running my other 5850 and 4850 since my 3 year'o 600 W PSU blew but still. Please advice. TIA

I found that at least one attacker compromised over 100 accounts, which is insane; it means that so many people had same login/password for both sites (pool, mtgox) and they even didn't changed password after strong recommendation in mtgox mass email.

I removed this wallet (http://blockexplorer.com/address/13F4yQfbzA6h2xiyqKVmhGr95zo5DGkK5R) from all pool accounts and thanks to email confirmations of wallet change, those attacks are over. Fortunately only 4.39 BTC was lost in total...

If you find that your wallet on pool profile is "Enter your address here", it means that your account was compromised and I removed attacker's wallet from your profile.

Is your send threshold set to 1? Do you have your wallet opened and are all the blocks downloaded?

Hi how long its take to send coin ? or how to check it I  mine my 1 coin but it was not send to me ?