Pages:
Author

Topic: [ANN] [LTC] [PPS] [OTP 2FA] [Stratum only] LTCMine PPS mining pool (3.3%) - page 63. (Read 227601 times)

legendary
Activity: 3108
Merit: 1359
sr. member
Activity: 308
Merit: 250
If it helps I used the same user/password in these sites and none of my accounts were compromised:

coinotron
give-me-ltc
ltc.kattare.com
wemineltc
ltcmine.ru
legendary
Activity: 3108
Merit: 1359
One of possible solutions is force users to use autogenerated passwords. Then all passwords obviously will be unique. But when I tried it once, I received toooooo much emails about forgotten passwords recovery. Roll Eyes

So, I think that google authentication + password will be quite reliable solution.
BBN
member
Activity: 77
Merit: 10
Brute force with stolen passwords is what I am thinking as well. Balthazar it might be a good idea to stick a warning msg on the front page urging members to use unique password for the site  Roll Eyes
legendary
Activity: 3108
Merit: 1359
New settings applied.
Quote
WARNING [ltcmine-login] Ban 108.254.4.74
WARNING [ltcmine-login] Ban 24.188.138.99
WARNING [ltcmine-login] Ban 83.151.4.212
WARNING [ltcmine-login] Ban 128.73.39.106
WARNING [ltcmine-login] Unban 108.254.4.74
WARNING [ltcmine-login] Unban 24.188.138.99
WARNING [ltcmine-login] Unban 83.151.4.212
WARNING [ltcmine-login] Unban 128.73.39.106
Smiley

Some details... If you tried to login more than three times, your IP will be banned for 600s.
legendary
Activity: 3108
Merit: 1359
That's quite interesting:

Code:
# cat access.log.2 | grep 'POST /login' | wc -l
56236
# cat access.log.1 | grep 'POST /login' | wc -l
71523
#

It seems that we find our problem. I'll add new rule into fail2ban settings.

тoecть кaк я пoнял мoй пapoль чepeз кoйнoтpoн xaкнyли, или вcё-тaки y вac былa дыpa? нe coвceм пoнял ..
вpoдe-бы и нeпpocтoй вocьмизнaчный цифpoбyквeнный был..
Этo нe дыpa, a пpocтo бpyтфopc. Boзмoжнo, в кoмбинaции c yкpaдeнными пapoлями или пo cлoвapю.
sr. member
Activity: 414
Merit: 252
That's quite interesting:

Code:
# cat access.log.2 | grep 'POST /login' | wc -l
56236
# cat access.log.1 | grep 'POST /login' | wc -l
71523
#

It seems that we find our problem. I'll add new rule into fail2ban settings.

тoecть кaк я пoнял мoй пapoль чepeз кoйнoтpoн xaкнyли, или вcё-тaки y вac былa дыpa? нe coвceм пoнял ..
вpoдe-бы и нeпpocтoй вocьмизнaчный цифpoбyквeнный был..
newbie
Activity: 36
Merit: 0
Thanks for your quick action.
legendary
Activity: 3108
Merit: 1359
That's quite interesting:

Code:
# cat access.log.2 | grep 'POST /login' | wc -l
56236
# cat access.log.1 | grep 'POST /login' | wc -l
71523
#

It seems that we find our problem. I'll add new rule into fail2ban settings.
legendary
Activity: 3108
Merit: 1359
Transactions-filtered list of compromised accounts added.
hero member
Activity: 742
Merit: 500
I am unable to find myself in the list of affected accounts, although i was the first one to report it here.
As of coinotron, you cannot possibly believe every word that exploiter said, regarding that  funky term "unknown vulnerable site". At least my login/password combination unfortunately was the same there and on ltcmine. It was a single case; account made in a hurry during ltcmine DDOS.

edit: FF17 and tor-exit all the way, yeah Smiley

Write about it [email protected]
on this pool today it was impossible go into an account and the site was very slow.
coinotron did not know about it.
https://bitcointalksearch.org/topic/m.1891035
legendary
Activity: 3108
Merit: 1359
I am unable to find myself in the list of affected accounts, although i was the first one to report it here.
It's because I filtered affected accounts by withdrawal address. If it was changed, it's not listed. I will make a more detailed list later.

As of coinotron, you cannot possibly believe every word that exploiter said, regarding that  funky term "unknown vulnerable site".
Obviously not. That's why we need additional measures before going to enable withdrawals.
newbie
Activity: 30
Merit: 0
I am unable to find myself in the list of affected accounts, although i was the first one to report it here.
As of coinotron, you cannot possibly believe every word that exploiter said, regarding that  funky term "unknown vulnerable site". At least my login/password combination unfortunately was the same there and on ltcmine. It was a single case; account made in a hurry during ltcmine DDOS.

edit: FF17 and tor-exit all the way, yeah Smiley
legendary
Activity: 3108
Merit: 1359
Wallet change requests, executed during hacker activity period:

Code:
184.189.229.140 - - [20/Apr/2013:00:01:42 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31"
37.57.35.32 - - [20/Apr/2013:00:08:26 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 113 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.142 Safari/535.19"
173.218.142.80 - - [20/Apr/2013:00:31:28 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31"
66.177.62.33 - - [20/Apr/2013:00:38:04 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.34 (KHTML, like Gecko) rekonq/1.1 Safari/534.34"
50.70.36.104 - - [20/Apr/2013:01:02:15 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31"
24.9.116.72 - - [20/Apr/2013:02:31:39 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31"
86.128.209.43 - - [20/Apr/2013:02:37:21 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31"
74.65.68.95 - - [20/Apr/2013:02:46:12 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0"
94.255.217.120 - - [20/Apr/2013:02:50:04 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31"
91.132.202.107 - - [20/Apr/2013:02:52:43 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31"
222.152.147.239 - - [20/Apr/2013:03:02:27 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.65 Safari/537.31"
84.108.26.229 - - [20/Apr/2013:03:10:00 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 55 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; Creative AutoUpdate v1.40.01)"
84.108.26.229 - - [20/Apr/2013:03:13:37 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 113 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; Creative AutoUpdate v1.40.01)"
194.132.32.42 - - [20/Apr/2013:03:49:26 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
194.132.32.42 - - [20/Apr/2013:03:53:43 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
194.132.32.42 - - [20/Apr/2013:03:55:21 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
95.90.164.17 - - [20/Apr/2013:03:56:31 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0"
193.93.13.100 - - [20/Apr/2013:03:56:32 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31"
194.132.32.42 - - [20/Apr/2013:03:57:03 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
178.33.169.46 - - [20/Apr/2013:03:58:45 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 64 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
178.33.169.46 - - [20/Apr/2013:03:58:54 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
178.33.169.46 - - [20/Apr/2013:03:59:54 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
178.33.169.46 - - [20/Apr/2013:04:00:48 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
77.105.19.168 - - [20/Apr/2013:04:01:03 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31"
178.33.169.46 - - [20/Apr/2013:04:02:11 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
178.33.169.46 - - [20/Apr/2013:04:03:25 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
178.33.169.46 - - [20/Apr/2013:04:04:41 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
178.33.169.46 - - [20/Apr/2013:04:05:50 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
178.33.169.46 - - [20/Apr/2013:04:07:10 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
178.33.169.46 - - [20/Apr/2013:04:08:24 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
31.172.30.4 - - [20/Apr/2013:04:09:58 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
31.172.30.4 - - [20/Apr/2013:04:10:59 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
31.172.30.4 - - [20/Apr/2013:04:12:16 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
31.172.30.4 - - [20/Apr/2013:04:14:24 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
31.172.30.4 - - [20/Apr/2013:04:16:59 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
37.221.165.229 - - [20/Apr/2013:04:19:11 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
37.221.165.229 - - [20/Apr/2013:04:21:05 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
37.221.165.229 - - [20/Apr/2013:04:22:00 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
37.221.165.229 - - [20/Apr/2013:04:22:46 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
37.221.165.229 - - [20/Apr/2013:04:23:31 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
37.221.165.229 - - [20/Apr/2013:04:24:27 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
37.221.165.229 - - [20/Apr/2013:04:25:11 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
37.221.165.229 - - [20/Apr/2013:04:25:52 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
37.221.165.229 - - [20/Apr/2013:04:27:04 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
37.221.165.229 - - [20/Apr/2013:04:27:52 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
37.221.165.229 - - [20/Apr/2013:04:28:42 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
77.109.139.26 - - [20/Apr/2013:04:29:29 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
77.109.139.26 - - [20/Apr/2013:04:29:58 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
77.109.139.26 - - [20/Apr/2013:04:30:50 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
77.109.139.26 - - [20/Apr/2013:04:34:22 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
77.109.139.26 - - [20/Apr/2013:04:35:16 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
77.109.139.26 - - [20/Apr/2013:04:36:07 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
77.109.139.26 - - [20/Apr/2013:04:37:45 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
77.109.139.26 - - [20/Apr/2013:04:38:44 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
95.211.60.34 - - [20/Apr/2013:04:39:42 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
95.211.60.34 - - [20/Apr/2013:04:41:10 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
95.211.60.34 - - [20/Apr/2013:04:42:27 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
95.211.60.34 - - [20/Apr/2013:04:43:38 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
95.211.60.34 - - [20/Apr/2013:04:44:26 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
95.211.60.34 - - [20/Apr/2013:04:45:38 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
50.131.134.155 - - [20/Apr/2013:04:46:28 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31"
95.211.60.34 - - [20/Apr/2013:04:46:50 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
95.211.60.34 - - [20/Apr/2013:04:47:36 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
95.211.60.34 - - [20/Apr/2013:04:48:43 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
88.198.75.70 - - [20/Apr/2013:04:49:50 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
88.198.75.70 - - [20/Apr/2013:04:51:38 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
88.198.75.70 - - [20/Apr/2013:04:57:28 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
88.198.75.70 - - [20/Apr/2013:04:58:24 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
176.53.69.121 - - [20/Apr/2013:05:02:24 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
176.53.69.121 - - [20/Apr/2013:05:03:35 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
176.53.69.121 - - [20/Apr/2013:05:04:39 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
176.53.69.121 - - [20/Apr/2013:05:05:42 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
37.130.227.133 - - [20/Apr/2013:05:13:23 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
37.130.227.133 - - [20/Apr/2013:05:16:02 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
58.107.103.65 - - [20/Apr/2013:05:16:50 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31"
37.130.227.133 - - [20/Apr/2013:05:16:53 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
37.130.227.133 - - [20/Apr/2013:05:17:40 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
37.130.227.133 - - [20/Apr/2013:05:18:31 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
37.130.227.133 - - [20/Apr/2013:05:19:38 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
37.130.227.133 - - [20/Apr/2013:05:20:50 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
37.130.227.133 - - [20/Apr/2013:05:21:42 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0"
185.7.180.197 - - [20/Apr/2013:05:37:47 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 113 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31"
95.25.223.235 - - [20/Apr/2013:05:38:11 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 113 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0"
78.134.82.224 - - [20/Apr/2013:05:52:11 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 93 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31"
176.50.240.81 - - [20/Apr/2013:06:07:14 +0300] "POST /tweak?act=newwallet HTTP/1.1" 200 113 "http://ltcmine.ru/tweak?act=newwallet" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0"

Most of them from this list uses firefox 17 as user-agent.
legendary
Activity: 3108
Merit: 1359
To all concerned - please check if you have used coinotron and if password was the same. I have a strong suspicion it might be vulnerable site
One from affected members asked me to sign below this. His credentials at coinotron.com are the same. But personally I don't think that coinotron is this "unknown vulnerable site".

P.S. logs and code audit is almost finished, no potential vulnerabilities found yet. It seems that withdrawals will be enabled soon.
newbie
Activity: 15
Merit: 0
I hate it when such things happen ;( But kudos Balthazar for doing your best in times of DDos, failing exchanges and unstable times in general Cheesy
legendary
Activity: 3108
Merit: 1359
Post #285 updated with some additional info.
newbie
Activity: 56
Merit: 0
PAsswords are probabaly incrypted in his DB. so probably other hacked site that has same user/pass combinations or some kind of spoofing...
newbie
Activity: 30
Merit: 0
To all concerned - please check if you have used coinotron and if password was the same. I have a strong suspicion it might be vulnerable site
legendary
Activity: 3108
Merit: 1359
Hacker has made public confession.

Quote
_bender_: john8888, этo нe coвceм пyл был
...
_bender_: Balthazar, пapoли юзepoв взяты чepeз пpocтyю sql-inj в oднoм мecтe, влaдeльцы pecypca нe пpичeм

According to this, _bender_@btc-e chat made passwords dump from unknown vulnerable site. He provided some proofs, i.e. login/password for btc-e account, which was used for stolen funds withdrawal.
Pages:
Jump to: