Eligius: 0% Fee BTC, 105% PPS NMC, No registration, CPPSRB - page 246.

bolverk

newbie

Activity: 52

Merit: 0

Quote from: sikke on March 13, 2014, 05:36:52 PM

Quote from: wizkid057 on March 13, 2014, 05:14:27 PM

Quote from: bolverk on March 13, 2014, 05:12:31 PM

Pay attention to what was said: the pool servers are fine, they didn't get hacked. The portal, however, is a different story. Wiz is on it.

Wiz: I hope you're logging IP addresses, and have some back logs to troll. I'd be interested in knowing if the jack wagon changing the NMC address did so from the same IP as one of your registered users. He'd be a poor hacker if he did, but half these script kiddies don't understand how network services work, anyway.

The IP of the attacker is 178.252.115.200, but this obviously isn't all that useful. This IP is actually associated with some attempted low-hashrate mining with the following addresses: 141Ui93eV83HSnpyDcvdtGtR3UqwYss5q7, 17hpCt7vWLCksCpUgQpFURjWHjZDhNDYhz, 1MsMx8hfYW6tS1Y9oGZhAbSqvrD8DDgNzN. But, no earnings to speak of on these, really.

Note: I have no issues publicly revealing private data like this on attackers.

Yeh. thx for sharing

Russian IP from Saint Petersburg based home internet. fun to know at least Grin

That ISP appears only to have 8K addresses, I'd be curious to know how many Eligius members also hail from the 178.252.96.0 - 178.252.127.255 block.

wizkid057

legendary

Activity: 1223

Merit: 1006

Quote from: Kivela on March 13, 2014, 05:51:21 PM

Hi,

Will you restore our NMC addresses to a time before the attack or do we need to track this thread
to receive a go to be able to change it ourselves ?

Cheers and thanks for all your effort !

I will fix them.

Kivela

newbie

Activity: 11

Merit: 0

Hi,

Will you restore our NMC addresses to a time before the attack or do we need to track this thread
to receive a go to be able to change it ourselves ?

Cheers and thanks for all your effort !

Luke-Jr

legendary

Activity: 2576

Merit: 1186

Quote from: roy7 on March 13, 2014, 04:12:58 PM

Quote from: freebit13 on March 13, 2014, 03:53:03 PM

Quote from: roy7 on March 13, 2014, 01:36:38 PM

How often are NMC payments made? I'm not sure I've ever gotten one.

Edit: I passed on the situation via support ticket and IRC. I figure that's more useful than just complaining here. Wink

I suggest checking if the exchange wallet you are using supports mined coins, apparently there are some that don't.

I was referring only to NMC. NMC coins aren't mined directly to the payment addresses I believe.

I would advise against assuming this, even though it is currently correct...

sikke

sr. member

Activity: 504

Merit: 250

Quote from: wizkid057 on March 13, 2014, 05:14:27 PM

Quote from: bolverk on March 13, 2014, 05:12:31 PM

Pay attention to what was said: the pool servers are fine, they didn't get hacked. The portal, however, is a different story. Wiz is on it.

Wiz: I hope you're logging IP addresses, and have some back logs to troll. I'd be interested in knowing if the jack wagon changing the NMC address did so from the same IP as one of your registered users. He'd be a poor hacker if he did, but half these script kiddies don't understand how network services work, anyway.

The IP of the attacker is 178.252.115.200, but this obviously isn't all that useful. This IP is actually associated with some attempted low-hashrate mining with the following addresses: 141Ui93eV83HSnpyDcvdtGtR3UqwYss5q7, 17hpCt7vWLCksCpUgQpFURjWHjZDhNDYhz, 1MsMx8hfYW6tS1Y9oGZhAbSqvrD8DDgNzN. But, no earnings to speak of on these, really.

Note: I have no issues publicly revealing private data like this on attackers.

Yeh. thx for sharing

Russian IP from Saint Petersburg based home internet. fun to know at least Grin

joolzg

member

Activity: 76

Merit: 10

YEAH got my 1st BTC from my new T-IV machine, only need another 8.3 to break even :-)

joolz

not.you

legendary

Activity: 1726

Merit: 1018

Quote from: wizkid057 on March 13, 2014, 05:10:46 PM

Quote from: not.you on March 13, 2014, 04:52:07 PM

I guess I don't understand how everyone's NMC address was changed to the same thing if there was no hack. I also haven't seen an NMC payout since the 9th. Do we need to go back and change our NMC addresses to what they should be or will they be restored from backup?

It was an exploit of the stats code (open source), not a hack of the actual server(s).

Oh I see. You were being more precise in your terminology than I was, which is weird because usually I am the most pedantic person in any conversation I have. Thanks for the clarification.

wizkid057

legendary

Activity: 1223

Merit: 1006

Quote from: bolverk on March 13, 2014, 05:12:31 PM

Pay attention to what was said: the pool servers are fine, they didn't get hacked. The portal, however, is a different story. Wiz is on it.

Wiz: I hope you're logging IP addresses, and have some back logs to troll. I'd be interested in knowing if the jack wagon changing the NMC address did so from the same IP as one of your registered users. He'd be a poor hacker if he did, but half these script kiddies don't understand how network services work, anyway.

The IP of the attacker is 178.252.115.200, but this obviously isn't all that useful. This IP is actually associated with some attempted low-hashrate mining with the following addresses: 141Ui93eV83HSnpyDcvdtGtR3UqwYss5q7, 17hpCt7vWLCksCpUgQpFURjWHjZDhNDYhz, 1MsMx8hfYW6tS1Y9oGZhAbSqvrD8DDgNzN. But, no earnings to speak of on these, really.

Note: I have no issues publicly revealing private data like this on attackers.

bolverk

newbie

Activity: 52

Merit: 0

Pay attention to what was said: the pool servers are fine, they didn't get hacked. The portal, however, is a different story. Wiz is on it.

Wiz: I hope you're logging IP addresses, and have some back logs to troll. I'd be interested in knowing if the jack wagon changing the NMC address did so from the same IP as one of your registered users. He'd be a poor hacker if he did, but half these script kiddies don't understand how network services work, anyway.

wizkid057

legendary

Activity: 1223

Merit: 1006

Quote from: not.you on March 13, 2014, 04:52:07 PM

I guess I don't understand how everyone's NMC address was changed to the same thing if there was no hack. I also haven't seen an NMC payout since the 9th. Do we need to go back and change our NMC addresses to what they should be or will they be restored from backup?

It was an exploit of the stats code (open source), not a hack of the actual server(s).

And, no, I will fix everyone's NMC addresses using the verified data on the core server, which is not affected by this (since the new options/signatures didn't pass the re-verification).

I will also get the proper payouts out to everyone.

not.you

legendary

Activity: 1726

Merit: 1018

I guess I don't understand how everyone's NMC address was changed to the same thing if there was no hack. I also haven't seen an NMC payout since the 9th. Do we need to go back and change our NMC addresses to what they should be or will they be restored from backup?

wizkid057

legendary

Activity: 1223

Merit: 1006

Quote from: ajw7989 on March 13, 2014, 04:45:27 PM

good to hear that the mining was not compromised I noticed a 2-3 times today that my miner failed to connected to the pool for a few minutes. Is there something going on with the mining server too?

I've gone through all of the servers just as a precaution and everything is fine. Connectivity has been solid, and all pool servers are functional.

ajw7989

legendary

Activity: 924

Merit: 1000

good to hear that the mining was not compromised I noticed a 2-3 times today that my miner failed to connected to the pool for a few minutes. Is there something going on with the mining server too?

roy7

sr. member

Activity: 434

Merit: 250

Quote from: freebit13 on March 13, 2014, 03:53:03 PM

Quote from: roy7 on March 13, 2014, 01:36:38 PM

How often are NMC payments made? I'm not sure I've ever gotten one.

Edit: I passed on the situation via support ticket and IRC. I figure that's more useful than just complaining here. Wink

I suggest checking if the exchange wallet you are using supports mined coins, apparently there are some that don't.

I was referring only to NMC. NMC coins aren't mined directly to the payment addresses I believe. For my BTC I mine to my normal Electrum wallet.

freebit13

hero member

Activity: 616

Merit: 500

I got Satoshi's avatar!

Quote from: roy7 on March 13, 2014, 01:36:38 PM

How often are NMC payments made? I'm not sure I've ever gotten one.

Edit: I passed on the situation via support ticket and IRC. I figure that's more useful than just complaining here. Wink

I suggest checking if the exchange wallet you are using supports mined coins, apparently there are some that don't.

praeluceo

full member

Activity: 123

Merit: 100

Quote from: wizkid057 on March 13, 2014, 03:34:49 PM

Investigating issue with stats/My Eligius exploit.

Taking stats offline temporarily to investigate and compare database with the most recent backups and to parse through some logs.

I will put them back online as soon as I have pulled the majority of the data to a secondary server for verification. Shouldn't take more than an hour.

There has been no compromise of the pool or its servers.

Yes, most of the NMC payouts went to some rogue address today. Sad

This, honestly, is my fault, because I generally at the very least do a cursory parse through the NMC payout list before submitting it to the network. In my haste I did not today and seems that was a mistake on my part which will not happen again. There is enough NMC buffer to cover the loss and I will make sure everyone gets paid properly once I correct the issues.

I will post more details as soon as I finish my audits of the stats code.

-wk

Could you inform us of the address(es) that the thief inserted for the payouts since it'll probably be fixed by the time you bring MyStats back online? I would be...interested in tracking that wallet's historic and future transactions.

edit: didn't realize I was on the wrong page and had lost a page of comments! My mistake, oops, sorry!
Apparently we're watching for this guy: http://explorer.namecoin.info/a/N4CVwS13ELKimdJNEChgMJnLZiA7L6MU5F

wizkid057

legendary

Activity: 1223

Merit: 1006

Quote from: ?? on ??

Are we ok to continue mining?

Yes, there has been no compromise of any server. This just affects stats and NMC.

The security model of how the pool servers are partitioned from the web server prevents any issue like this from affecting the pool itself.

wizkid057

legendary

Activity: 1223

Merit: 1006

Investigating issue with stats/My Eligius exploit.

Taking stats offline temporarily to investigate and compare database with the most recent backups and to parse through some logs.

I will put them back online as soon as I have pulled the majority of the data to a secondary server for verification. Shouldn't take more than an hour.

There has been no compromise of the pool or its servers.

Yes, most of the NMC payouts went to some rogue address today. Sad

This, honestly, is my fault, because I generally at the very least do a cursory parse through the NMC payout list before submitting it to the network. In my haste I did not today and seems that was a mistake on my part which will not happen again. There is enough NMC buffer to cover the loss and I will make sure everyone gets paid properly once I correct the issues.

I will post more details as soon as I finish my audits of the stats code.

-wk

MrTeal

legendary

Activity: 1274

Merit: 1004

Quote from: gallery2000 on March 13, 2014, 03:13:08 PM

How long does it take to get pay? I got 0.9 BTC but have not been paid for two days.

After an orphan WK has to do a manual payout, which he usually does once per day. There's some traveling going on right now though, so expect a delay. I also wouldn't be surprised if there was a delay related to the NMC kerfuffle.

gallery2000

hero member

Activity: 784

Merit: 1000

Live Stars - Adult Streaming Platform

How long does it take to get pay? I got 0.9 BTC but have not been paid for two days.

Topic: Eligius: 0% Fee BTC, 105% PPS NMC, No registration, CPPSRB - page 246. (Read 1061452 times)