Topic: Eligius: 0% Fee BTC, 105% PPS NMC, No registration, CPPSRB - page 246. (Read 1061843 times)
So how long were the NMCs being paid to that address? Was it only a single payout for each miner or was it multiple days? Also, is there any way to tell how many NMCs were obtained by the hacker?
Can I suggest a rather simple solution for the problem with the NMC addresses and the signing. Is it possible to use for worker the following template:
BTCADDRESS_workername_NMCADDRESS
That way the NMC address stays in the backend server ie securely stored in the db.
I don't know if this is possible, just thinking out laud
The downside on this will be that you have to assign worker to use merged mining, not a big deal
BTCADDRESS_workername_NMCADDRESS
That way the NMC address stays in the backend server ie securely stored in the db.
I don't know if this is possible, just thinking out laud
The downside on this will be that you have to assign worker to use merged mining, not a big deal
Or, all addresses from the database (as part of our configuration settings) could simply be authenticated by the cryptographic signature we have to upload... assuming those signatures are being stored, of course. Which would be much less intrusive that screwing around with the pool code.
If the exploit affected only the stat server and the core server data is still unchanged (due to fail verification of the new data) then how it is possible that new address (available only on the stat server) was used for the payment ? ...
I think this could only happened if payment is done (or at least transaction was prepared) on the stats server instead of a server with more security .... If my assumption is correct the a hack on the stats server may cause far bigger issues that just the stats pages ....
I hope I'm wrong ... Please confirm that I'm wrong ....
I think you misunderstand the problem. This only affected NMC payments which are done manually, based on the addresses in the database. It doesn't matter where he issued the payments from, it was from a tainted data set. Luckily, the real money in this pool is in BTC, and that payment system isn't vulnerable to the same attack.
Can I suggest a rather simple solution for the problem with the NMC addresses and the signing. Is it possible to use for worker the following template:
BTCADDRESS_workername_NMCADDRESS
That way the NMC address stays in the backend server ie securely stored in the db.
I don't know if this is possible, just thinking out laud
The downside on this will be that you have to assign worker to use merged mining, not a big deal
BTCADDRESS_workername_NMCADDRESS
That way the NMC address stays in the backend server ie securely stored in the db.
I don't know if this is possible, just thinking out laud
The downside on this will be that you have to assign worker to use merged mining, not a big deal
I guess I don't understand how everyone's NMC address was changed to the same thing if there was no hack. I also haven't seen an NMC payout since the 9th. Do we need to go back and change our NMC addresses to what they should be or will they be restored from backup?
It was an exploit of the stats code (open source), not a hack of the actual server(s).
And, no, I will fix everyone's NMC addresses using the verified data on the core server, which is not affected by this (since the new options/signatures didn't pass the re-verification).
I will also get the proper payouts out to everyone.
If the exploit affected only the stat server and the core server data is still unchanged (due to fail verification of the new data) then how it is possible that new address (available only on the stat server) was used for the payment ? ...
I think this could only happened if payment is done (or at least transaction was prepared) on the stats server instead of a server with more security .... If my assumption is correct the a hack on the stats server may cause far bigger issues that just the stats pages ....
I hope I'm wrong ... Please confirm that I'm wrong ....
If that is their real IP and not a proxy, it wouldn't be that hard for the ISP to see which customer was assigned that IP address at the times Eligus was accessed. Should law enforcement get involved that is. And on top of that, isn't cryptocurrency illegal in Russian? Some extra charges that could be filed. 
Pay attention to what was said: the pool servers are fine, they didn't get hacked. The portal, however, is a different story. Wiz is on it.
Wiz: I hope you're logging IP addresses, and have some back logs to troll. I'd be interested in knowing if the jack wagon changing the NMC address did so from the same IP as one of your registered users. He'd be a poor hacker if he did, but half these script kiddies don't understand how network services work, anyway.
Wiz: I hope you're logging IP addresses, and have some back logs to troll. I'd be interested in knowing if the jack wagon changing the NMC address did so from the same IP as one of your registered users. He'd be a poor hacker if he did, but half these script kiddies don't understand how network services work, anyway.
The IP of the attacker is 178.252.115.200, but this obviously isn't all that useful. This IP is actually associated with some attempted low-hashrate mining with the following addresses: 141Ui93eV83HSnpyDcvdtGtR3UqwYss5q7, 17hpCt7vWLCksCpUgQpFURjWHjZDhNDYhz, 1MsMx8hfYW6tS1Y9oGZhAbSqvrD8DDgNzN. But, no earnings to speak of on these, really.
Note: I have no issues publicly revealing private data like this on attackers.
Yeh. thx for sharing
Russian IP from Saint Petersburg based home internet. fun to know at least
That ISP appears only to have 8K addresses, I'd be curious to know how many Eligius members also hail from the 178.252.96.0 - 178.252.127.255 block.
Hi,
Will you restore our NMC addresses to a time before the attack or do we need to track this thread
to receive a go to be able to change it ourselves ?
Cheers and thanks for all your effort !
Will you restore our NMC addresses to a time before the attack or do we need to track this thread
to receive a go to be able to change it ourselves ?
Cheers and thanks for all your effort !
I will fix them.
Hi,
Will you restore our NMC addresses to a time before the attack or do we need to track this thread
to receive a go to be able to change it ourselves ?
Cheers and thanks for all your effort !
Will you restore our NMC addresses to a time before the attack or do we need to track this thread
to receive a go to be able to change it ourselves ?
Cheers and thanks for all your effort !
How often are NMC payments made? I'm not sure I've ever gotten one.
Edit: I passed on the situation via support ticket and IRC. I figure that's more useful than just complaining here.
I suggest checking if the exchange wallet you are using supports mined coins, apparently there are some that don't.Edit: I passed on the situation via support ticket and IRC. I figure that's more useful than just complaining here.
I was referring only to NMC. NMC coins aren't mined directly to the payment addresses I believe.
Pay attention to what was said: the pool servers are fine, they didn't get hacked. The portal, however, is a different story. Wiz is on it.
Wiz: I hope you're logging IP addresses, and have some back logs to troll. I'd be interested in knowing if the jack wagon changing the NMC address did so from the same IP as one of your registered users. He'd be a poor hacker if he did, but half these script kiddies don't understand how network services work, anyway.
Wiz: I hope you're logging IP addresses, and have some back logs to troll. I'd be interested in knowing if the jack wagon changing the NMC address did so from the same IP as one of your registered users. He'd be a poor hacker if he did, but half these script kiddies don't understand how network services work, anyway.
The IP of the attacker is 178.252.115.200, but this obviously isn't all that useful. This IP is actually associated with some attempted low-hashrate mining with the following addresses: 141Ui93eV83HSnpyDcvdtGtR3UqwYss5q7, 17hpCt7vWLCksCpUgQpFURjWHjZDhNDYhz, 1MsMx8hfYW6tS1Y9oGZhAbSqvrD8DDgNzN. But, no earnings to speak of on these, really.
Note: I have no issues publicly revealing private data like this on attackers.
Yeh. thx for sharing
Russian IP from Saint Petersburg based home internet. fun to know at least
YEAH got my 1st BTC from my new T-IV machine, only need another 8.3 to break even :-)
joolz
joolz
I guess I don't understand how everyone's NMC address was changed to the same thing if there was no hack. I also haven't seen an NMC payout since the 9th. Do we need to go back and change our NMC addresses to what they should be or will they be restored from backup?
It was an exploit of the stats code (open source), not a hack of the actual server(s).
Oh I see. You were being more precise in your terminology than I was, which is weird because usually I am the most pedantic person in any conversation I have. Thanks for the clarification.
Pay attention to what was said: the pool servers are fine, they didn't get hacked. The portal, however, is a different story. Wiz is on it.
Wiz: I hope you're logging IP addresses, and have some back logs to troll. I'd be interested in knowing if the jack wagon changing the NMC address did so from the same IP as one of your registered users. He'd be a poor hacker if he did, but half these script kiddies don't understand how network services work, anyway.
Wiz: I hope you're logging IP addresses, and have some back logs to troll. I'd be interested in knowing if the jack wagon changing the NMC address did so from the same IP as one of your registered users. He'd be a poor hacker if he did, but half these script kiddies don't understand how network services work, anyway.
The IP of the attacker is 178.252.115.200, but this obviously isn't all that useful. This IP is actually associated with some attempted low-hashrate mining with the following addresses: 141Ui93eV83HSnpyDcvdtGtR3UqwYss5q7, 17hpCt7vWLCksCpUgQpFURjWHjZDhNDYhz, 1MsMx8hfYW6tS1Y9oGZhAbSqvrD8DDgNzN. But, no earnings to speak of on these, really.
Note: I have no issues publicly revealing private data like this on attackers.
Pay attention to what was said: the pool servers are fine, they didn't get hacked. The portal, however, is a different story. Wiz is on it.
Wiz: I hope you're logging IP addresses, and have some back logs to troll. I'd be interested in knowing if the jack wagon changing the NMC address did so from the same IP as one of your registered users. He'd be a poor hacker if he did, but half these script kiddies don't understand how network services work, anyway.
Wiz: I hope you're logging IP addresses, and have some back logs to troll. I'd be interested in knowing if the jack wagon changing the NMC address did so from the same IP as one of your registered users. He'd be a poor hacker if he did, but half these script kiddies don't understand how network services work, anyway.
I guess I don't understand how everyone's NMC address was changed to the same thing if there was no hack. I also haven't seen an NMC payout since the 9th. Do we need to go back and change our NMC addresses to what they should be or will they be restored from backup?
It was an exploit of the stats code (open source), not a hack of the actual server(s).
And, no, I will fix everyone's NMC addresses using the verified data on the core server, which is not affected by this (since the new options/signatures didn't pass the re-verification).
I will also get the proper payouts out to everyone.
I guess I don't understand how everyone's NMC address was changed to the same thing if there was no hack. I also haven't seen an NMC payout since the 9th. Do we need to go back and change our NMC addresses to what they should be or will they be restored from backup?
good to hear that the mining was not compromised I noticed a 2-3 times today that my miner failed to connected to the pool for a few minutes. Is there something going on with the mining server too?
I've gone through all of the servers just as a precaution and everything is fine. Connectivity has been solid, and all pool servers are functional.
good to hear that the mining was not compromised I noticed a 2-3 times today that my miner failed to connected to the pool for a few minutes. Is there something going on with the mining server too?
How often are NMC payments made? I'm not sure I've ever gotten one.
Edit: I passed on the situation via support ticket and IRC. I figure that's more useful than just complaining here.
I suggest checking if the exchange wallet you are using supports mined coins, apparently there are some that don't.Edit: I passed on the situation via support ticket and IRC. I figure that's more useful than just complaining here.
I was referring only to NMC. NMC coins aren't mined directly to the payment addresses I believe. For my BTC I mine to my normal Electrum wallet.
Jump to: