Topic: [ANN][Pool][Profit-Switch][Optional Auto-Exchange per Coin][Vardiff] ~ Hashcows - page 97. (Read 347329 times)

NEWS:
1. Site is currently in lockdown, NO LOGINS or WITHDRAWALS for now.
2. You can continue to mine with Hashcows if you choose, you will be paid.
3. We will not be making any quick, hash decisions, I understand that many of you are upset/angry, but nobody wins if we do not take our time in this matter and look at all avenues. The only thing I can assure you is we are both working on MULTIPLE ends to figure out what happened and how we are going to rectify this.

The community behind hashcows is truly amazing, from the bad times to the good, most of you have stuck by our side, we appreciate all the support you all have shown.

Merry Christmas,
Hashcows Team

Hopefully will have some more updates within the coming days.

Did the hack affect new signups?

A friend of mine has tried to sign up on both IE and Firefox, but keeps getting this error:

INSERT command denied to user 'node'@'li58-8.members.linode.com' for table 'users'

Lost 0.6 BTC to this hack. Wow, what a Christmas.

Bracing for the worst, hoping for the best now. We need a straight up answer -will we get reimbursed or not?

Thank you for the intelligent answer.

This is just my personal opinion but I am continuing to mine on this pool. Having watched this play out both here & on the IRC channel I feel confident that I am unlikely to lose any more BTC to this hack.

sure do whatever you want meng

i love how people documenting losses of income and the lockdown while the crisis was ongoing is '10 pages of whining'.  do some basic research if you are risking resources on investment.  sheesh.

vvv ya do that why not

user darer234  cannot log in

but my miners connect and hash

plesae email me at darer234 at hotmail

i do not check my pm here much

I'm not interested in reading 10 pages of whining.
I did skim the past couple pages, and don't see anything that says whether the site is secured enough to resume mining, hence my question.

check here first.

the last 10 pages of comments should be informative.

Hi all,

Like everyone else, I've been locked out of my account.
However, I didn't think to check here first, so I had already changed my BTC address back to mine, and reset my password.
That being said, is it ok for me to resume mining? If my account is secured, and just locked down until the devs work out the issues, then that's fine.
I hate to lose the profits during the shutdown, but I also don't want the hacker to get my coins if there's still a change that the site isn't secured yet.
Thoughts?

It's a few days loss, not a huge deal, highly doubt pool operators would be willing to risk their rep, for one decent payday, over a very nice paymonth. However, when will we be actually able to change the payout addresses from the scammer payout to our regular one, my account won't change it even with PIN.

I am torn.

One the one hand I very much appreciate the hard work that has gone into operating this pool and I feel for the admins who must now not be able to relax properly and enjoy Christmas. This community and site they've been building is now under threat and whether it will survive remains to be seen. I'm pretty sure they're feeling terrible right now.

One the other hand, it is very much the case that if you're going to offer up a service to the public you do have some (at the least, moral) obligation, especially if you're charging fees. I saw someone saying that they "guarantee" (how?) that the operators aren't making a profit. I would find this massively surprising. Taking 2% of 3000MH/s is no small amount and I would absolutely expect them to be operating to make a profit, in order to compensate for the time they must be spending supporting the pool whilst possibly working a "real" job too(?!) as well as any expense for resources. Middlecoin.com was doing 5000MH/s the other week. With their 3% that's equivalent to 159MH/s. Not pure profit of course, but server hosting will not cost that much (I bet some pool ops are running on hardware and bandwidth at their jobs for free).

We can't hold them to the same stringent regulations/expectations that we would hold a typical company, but I do believe they should be offering some method of reassurance or comfort to keep people on the pool in the future. I definitely like the idea of 0% fees for a while (it'd be a long time though before we recoup our losses but anything helps).

I messaged aTriz a few days ago actually offering at least two additional servers (dual Quad-core Xeons, 50GB RAM) and basically unlimited bandwidth resources to help with the pool stability (in my experience it's been a bit shit recently. ymmv) so I'm definitely supportive and want to help, but we do need an explanation. I'm particularly interested in how they were able to access our PINS (if they did withdraw in the standard fashion through the web front end, and they didn't find a backdoor way to authorise the withdrawal). If they were stored in plain text format then I will not be back here, ever. Storing any kind of security information in plain text is utterly unforgivable. As a sysadmin I would never trust anyone who had built a system storing plain text passwords.

The pool needs additional features such as:
1) Email alert of withdrawal.
2) Email confirmation (or at the least, alert) on payout address change.
3) Limit the accounts that can share the same payout address.
4) Auto-payout like middlecoin (daily if over X, weekly if over Y).

Of course if the hackers found a backdoor entry with admin/root access, withdrawals could be done bypassing any "live" alerting that's built into the web front end. Cron jobs that run multiple times daily to detect changes (i.e. perform reporting) might help here (if the hacker doesn't detect and delete them).

LOL happy christmas everyone.

People always post and never read the previous ones it has been said on the reddit pages a lot to.

There have been numerous posts about this already. 

The site is effectively locked until the guys can figure out what has happened, this should help to protect anybody that has BTC untouched in their account.  I suspect (I have no personal info on this!!) once the issue is understood they will change the BTC addresses back to what it should be.  It might take some time to wade through the DB and correct what the issue was/is and fix it.

Hope that helps for people jumping to the end of the thread... 

 

Me, too!

We are just at a waiting game now I mean its a holiday let them rest and come back fresh ready to make sure that the hack never happens again.

As with most things like this, plan for the worst and hope for the best.

The fact that the owners of the pool are still posting here is a good thing, but small operations need time to work this out, the timeframe is bad, I have sympathy for the guys.

As for recourse, no, you are on the cutting edge of technology, this, as somebody so aptly put it, is the wild west.    Until there is some sort of regulation around it there will be nasty shits determined to try to steal what isnt there.

Unique usernames and passwords are the order of the day to at least offer some protection from the exposure of your details. When you have a vulnerability like this "seems" to be, even that would protect you from losing what is on that site.   The middlecoin model seems to work quite well to battle this, but again, this is the net, nothing is 100% safe.

Gamble ONLY what you can afford to lose. Find a happy medium between cashing out and the typical charges for doing so.

I hope you get your BTC back..       

   

While the security breach is obviously a problem, I'm quite sure the Hashco.ws people are smart enough to not turn on auto-payments until they've removed the rogue address from all accounts. Either mine elsewhere for a while, or just sit tight for a couple days.

Yep - cant change my address back to my correct one.  Will not accept the change back to my address.  This needs sorting before autopayment is switched back on, otherwise the hacker is going to get a massive dump of coins when autopayment is switched back on!!

+1