I also confirm mining still works without issues.
Now let's all be patient while slush fixes the database and the front-end is available again.
Although I'm only someone with little mining power and a few funds with Slush's pool, I had the following remarks:
- On the frontpage of your site it says "api.bitcoin.cz:8332" is the main pool URL, although you announced at 10/3 that "stratum.bitcoin.cz:3333" is the default mining URL: "Default mining URL for Stratum is stratum.bitcoin.cz:3333. If you're still using api.bitcoin.cz, please fix your URL to prevent fallback to deprecated Getwork protocol." Why not change that as it doesn't seem to redirect?
- Any consideration for a 2-step authentication? I know this has nothing todo with the recent intrusion, but I think this extra authentication will make your pool stand out (even more).
- Any possibility someone at OVH could be responsible for the recent intrusion? I do not know much about hacking, but it looks obvious physical access was needed here.
- Since the front-end is currently down and Google cache can be slow I can't tell which page exactly; but there is a page in Dutch that's only partially translated. If you need my help with any Dutch or French translation, feel free to ask.
- Although it is logic you take care of your pool - since you created it and are making profit from it - I do really appreciate your transparancy and way of dealing with this situation. Thanks for that.
I know VIP means "Very Important Person", but what/who are considered VIP at Slush's pool?
Do they have a different address than stratum.bitcoin.cz?
Just venturing a guess, I would think that it's probably reserved for ASIC miners.
There is an address different than stratum*.bitcoin.cz indeed - but this one still points to an OVH IP.
Some received an email notification mentioning [].bitcoin.cz - might be ASIC or just based on some informal criteria.
[]
As a side note, I did not receive any email with this info, just follow the forum, and puzzled out based on some chatty posts. This means obviously I am just drawing conclusions based on info that might be right or wrong.
I assume that pointing the miners to EC2 is the preferred approach, even for VIPs.
Cheers,
T
Please edit that address out, TiborB.
As you prefer, I edited it out, however note that is was publicly disclosed on this forum (by someone who got it via mail, not me), and whatever makes it to the internet, will stay there. Getting this info was really not rocket science, just paying attention & following the forum.
Reminds me a bit of Orwell's famous phrase "All animals are equal, but some animals are more equal than others".
And another famous one from here:
http://www.catb.org/esr/writings/unix-koans/mcse.html“A man who mistakes secrets for knowledge is like a man who, seeking light, hugs a candle so closely that he smothers it and burns his hand.”
While there might be legit reasons for some unpublished alternative service endpoints, providing unequal chances to connect to the pool under DDoS was surely not the original intention of Slush. Uberduber, are you aware of any details you are willing to share?
