My new NMC address starts with "NADumb"
I feel scared now.
Topic: Eligius: 0% Fee BTC, 105% PPS NMC, No registration, CPPSRB - page 245. (Read 1061452 times)
Fun fact:
My new NMC address starts with "NADumb"
I feel scared now.
My new NMC address starts with "NADumb"
I feel scared now.
^ + 1
Yep. I'm off the pool until this is resolved. Shucks.
Why?Yep. I'm off the pool until this is resolved. Shucks.
Since the issue is only with NMC why stop mining BTC. With the 1TH's that I have here on this pool the NMC payouts are just a few extra dollars each time.
My minimum payouts were altered to .2
You sure about that. The only thing on my account that was changed was the NMC address. Just checked mine. My NMC addy is gone, and the payout was lowered to .011. I had it at .02.
Not cool. Not too concerned about the "lost" Namecoin, but if they can alter signed messages, that's not good. It was only those two things that were changed, and I don't keep either wallet hot, so I doubt there's a problem in the long run, but I do think I may use this as an opportunity to mine some altcoins for a couple of days.
Edit: I see that Wiz is on it, and will have it in hand. So I'm staying put for the moment. However, my page is still showing a blank for the Namecoin address and the payout is lower than what I had set. I'm leaving it alone for now. Not worried about the payout threshold, I'll put it back once the rest is resolved, but I'd like to know if I need to re-enter my namecoin address.
That's strange because I'm not getting pop-ups on other websites at all. I'm using Chrome and when I use IE, I don't get any pop-ups... must be a Chrome issue.
Chrome *IS* an issue... or perhaps an entire subscription, nay, library. Google has done some really cool stuff, and a few really odious things. Just below selling our personal data on the abomination list, sits Chrome. It's a shame, too. It's open source derivatives are not bad. Certainly no Firefox, but not bad. Chrome started awful and has gotten worse with every iteration. My new phone has it as the default browser. Only reason I haven't changed it yet is because I intend to root the phone and install cyanogenmod.
Not sure if its related but I haven't gotten a nmc payout since the 8th. Also my min payout amount was changed from .1 to .03. I can tell you for sure that I did not change my min payout since I haven't opened my bitcoin wallet in weeks so I haven't been signing messages.
If its any help wizkid I can get you my address i use to mine to check logs etc.
EDIT - I also had set donation amounts and they also changed to 0.0.
If its any help wizkid I can get you my address i use to mine to check logs etc.
EDIT - I also had set donation amounts and they also changed to 0.0.
Have there been any other payout issues? I haven't seen anything from Eligius, in the form of Namecoin payouts, since the 8th. Anyone else seeing this?
Thanks for your hard work on this WK
Kredence
EDIT: the namecoin-qt client just showed up with a second/new address that I don't recall adding. This has been confirmed with another friend/miner who has the same issue.
Thanks for your hard work on this WK
Kredence
EDIT: the namecoin-qt client just showed up with a second/new address that I don't recall adding. This has been confirmed with another friend/miner who has the same issue.
How often are NMC payments made? I'm not sure I've ever gotten one. 
Edit: I passed on the situation via support ticket and IRC. I figure that's more useful than just complaining here.
I suggest checking if the exchange wallet you are using supports mined coins, apparently there are some that don't.Edit: I passed on the situation via support ticket and IRC. I figure that's more useful than just complaining here.
If they've not replied to you in 24hrs, change your wallet.
My data hack (if that's what all this stuff amounted to be) was to reset all my settings to zero donation and no namecoin address. Great... Settings change... take two. Sure glad namecoin wasn't a big financial "thing" for me.
To go off topic, has anyone else received payouts of 0.00000001 BTC from 1Enjoy1 or 1SochiWw? I've had 1 payout from each this month and am wondering what the issue could be. Both transactions are not in the blockchain and the transaction from 1Enjoy1 has disappeared from my wallet. These transactions were sent to over 500+ wallets from what I can sort out. Is this an attempted hack on wallets?
Thanks for the time.
Thanks for the time.
It's somebody trying to spam the blockchain. They've been doing it for a few months, but as far as I'm aware few (none?) of them have ever managed to actually get confirmed.
You using the Multibit wallet? A recent update removed the fakey txs.
To go off topic, has anyone else received payouts of 0.00000001 BTC from 1Enjoy1 or 1SochiWw? I've had 1 payout from each this month and am wondering what the issue could be. Both transactions are not in the blockchain and the transaction from 1Enjoy1 has disappeared from my wallet. These transactions were sent to over 500+ wallets from what I can sort out. Is this an attempted hack on wallets?
Thanks for the time.
Thanks for the time.
It's somebody trying to spam the blockchain. They've been doing it for a few months, but as far as I'm aware few (none?) of them have ever managed to actually get confirmed.
To go off topic, has anyone else received payouts of 0.00000001 BTC from 1Enjoy1 or 1SochiWw? I've had 1 payout from each this month and am wondering what the issue could be. Both transactions are not in the blockchain and the transaction from 1Enjoy1 has disappeared from my wallet. These transactions were sent to over 500+ wallets from what I can sort out. Is this an attempted hack on wallets?
Thanks for the time.
Thanks for the time.
Also a quick note, I set the stats to once again reverify everything against the latest database copy, and while it does it will probably complain about a failsafe (since it won't be checking a realtime copy until its done).
It will correct itself though, in probably less than an hour. As always, no earnings lost, mining works, etc.
-wk
It will correct itself though, in probably less than an hour. As always, no earnings lost, mining works, etc.
-wk
Ok, I restored everyone's latest signature-valid options to the My Eligius page.
I'm moving some NMC coins out of cold storage to complete the correct NMC payouts, but my cold storage for NMC is very far behind and probably wont catch up until tomorrow.
Everything should be good now, and I will keep an eye on things. I will also do a detailed write up tomorrow after I get NMC and BTC payouts all caught up.
-wk
Note: Deleted a sarcastic, not-helpful-in-any-way post.
I'm moving some NMC coins out of cold storage to complete the correct NMC payouts, but my cold storage for NMC is very far behind and probably wont catch up until tomorrow.
Everything should be good now, and I will keep an eye on things. I will also do a detailed write up tomorrow after I get NMC and BTC payouts all caught up.
-wk
Note: Deleted a sarcastic, not-helpful-in-any-way post.
How many bytes in Eligius block are set aside for high priority transactions ? 30 000 bytes or 50 000 bytes or different value?
So how long were the NMCs being paid to that address? Was it only a single payout for each miner or was it multiple days? Also, is there any way to tell how many NMCs were obtained by the hacker?
There was just one payout to the attacker address, today, when I pushed the payouts through without doing my normal checks on them.
So how long were the NMCs being paid to that address? Was it only a single payout for each miner or was it multiple days? Also, is there any way to tell how many NMCs were obtained by the hacker?
Can I suggest a rather simple solution for the problem with the NMC addresses and the signing. Is it possible to use for worker the following template:
BTCADDRESS_workername_NMCADDRESS
That way the NMC address stays in the backend server ie securely stored in the db.
I don't know if this is possible, just thinking out laud
The downside on this will be that you have to assign worker to use merged mining, not a big deal
BTCADDRESS_workername_NMCADDRESS
That way the NMC address stays in the backend server ie securely stored in the db.
I don't know if this is possible, just thinking out laud
The downside on this will be that you have to assign worker to use merged mining, not a big deal
Or, all addresses from the database (as part of our configuration settings) could simply be authenticated by the cryptographic signature we have to upload... assuming those signatures are being stored, of course. Which would be much less intrusive that screwing around with the pool code.
If the exploit affected only the stat server and the core server data is still unchanged (due to fail verification of the new data) then how it is possible that new address (available only on the stat server) was used for the payment ? ...
I think this could only happened if payment is done (or at least transaction was prepared) on the stats server instead of a server with more security .... If my assumption is correct the a hack on the stats server may cause far bigger issues that just the stats pages ....
I hope I'm wrong ... Please confirm that I'm wrong ....
I think you misunderstand the problem. This only affected NMC payments which are done manually, based on the addresses in the database. It doesn't matter where he issued the payments from, it was from a tainted data set. Luckily, the real money in this pool is in BTC, and that payment system isn't vulnerable to the same attack.
Can I suggest a rather simple solution for the problem with the NMC addresses and the signing. Is it possible to use for worker the following template:
BTCADDRESS_workername_NMCADDRESS
That way the NMC address stays in the backend server ie securely stored in the db.
I don't know if this is possible, just thinking out laud
The downside on this will be that you have to assign worker to use merged mining, not a big deal
BTCADDRESS_workername_NMCADDRESS
That way the NMC address stays in the backend server ie securely stored in the db.
I don't know if this is possible, just thinking out laud
The downside on this will be that you have to assign worker to use merged mining, not a big deal
I guess I don't understand how everyone's NMC address was changed to the same thing if there was no hack. I also haven't seen an NMC payout since the 9th. Do we need to go back and change our NMC addresses to what they should be or will they be restored from backup?
It was an exploit of the stats code (open source), not a hack of the actual server(s).
And, no, I will fix everyone's NMC addresses using the verified data on the core server, which is not affected by this (since the new options/signatures didn't pass the re-verification).
I will also get the proper payouts out to everyone.
If the exploit affected only the stat server and the core server data is still unchanged (due to fail verification of the new data) then how it is possible that new address (available only on the stat server) was used for the payment ? ...
I think this could only happened if payment is done (or at least transaction was prepared) on the stats server instead of a server with more security .... If my assumption is correct the a hack on the stats server may cause far bigger issues that just the stats pages ....
I hope I'm wrong ... Please confirm that I'm wrong ....
If that is their real IP and not a proxy, it wouldn't be that hard for the ISP to see which customer was assigned that IP address at the times Eligus was accessed. Should law enforcement get involved that is. And on top of that, isn't cryptocurrency illegal in Russian? Some extra charges that could be filed.
Jump to: