Author

Topic: INFO ABOUT HACK MPOS POOLS / PLUMS INFO / GET SOME FREE COINS HERE. #YOLO #SWAG (Read 3475 times)

newbie
Activity: 14
Merit: 0
I think they are bruteforcing easy passwords, I use very strong random character passwords on all my pools and got notifications about xx failed login attempts on a few pools.
hero member
Activity: 518
Merit: 500
Bitrated user: ahmedbodi.
Reusing passwords on multiple sites in 2014  Roll Eyes

That's all this is, a db dump with a front end and a few cracked passwords.

as stated here, both me and xisi work on MPOS (well i work on stratum but still) by default MPOS has a default lock out at 3 attempts which is why i believe the majority are fabricated accounts. while the others are just ones with a weak ass password grabbed from a db dump
newbie
Activity: 20
Merit: 0
Reusing passwords on multiple sites in 2014  Roll Eyes

That's all this is, a db dump with a front end and a few cracked passwords.
legendary
Activity: 1442
Merit: 1001
no doubt they may be legit accounts but i believe 1/2 are fabricated accounts, 1/2 are accounts with weak passwords which the OP has guessed.

OK, so maybe he fabricated some accounts - there's no easy way to prove that one way or the other.

How about the other accounts with actively running miners and balances - some of them with decent passwords and PINs? Bruteforce on both the password and PIN? None of these pools have any invalid login attempt protection? Something doesn't smell right...
hero member
Activity: 518
Merit: 500
Bitrated user: ahmedbodi.
no doubt they may be legit accounts but i believe 1/2 are fabricated accounts, 1/2 are accounts with weak passwords which the OP has guessed.
legendary
Activity: 1442
Merit: 1001
i have checked all of my pools in this list and it looks to me like the OP has used a bot or manually generated accounts and then somehow has the details there, i can assure you all passwords and pins are hashed and salted in MPOS both by default and in my configs.

An example of this is coye.cryptopools.com. the pool doesnt exist since i fell asleep before the launch so it goes to show the details are fetched from another location.

I My friend checked and some of the logins appear to be legit, with balances and with actively running miners. One pool not being up aside, this doesn't look like a hoax to me.
hero member
Activity: 518
Merit: 500
Bitrated user: ahmedbodi.
i have checked all of my pools in this list and it looks to me like the OP has used a bot or manually generated accounts and then somehow has the details there, i can assure you all passwords and pins are hashed and salted in MPOS both by default and in my configs.

An example of this is coye.cryptopools.com. the pool doesnt exist since i fell asleep before the launch so it goes to show the details are fetched from another location.
Another example is ftc.d2.cc it shows a username clicking login takes the user to digitalcoin.scryptmining.com

it looks me like the creator of the app is sending the login details via HTTP POST as a normal user would which allows people to access these fradulent accounts they have made under false pretenses
legendary
Activity: 1442
Merit: 1001
Yet another reminder to not reuse passwords anywhere. I highly suggest any of you who still fall into this category, take a few minutes and install a decent password manager:

http://passwordsafe.sourceforge.net
http://keepass.info/
newbie
Activity: 4
Merit: 0
Glad my pool didn't show up on the list. We don't scam anyways though.  That is some pretty sensitive info hanging out there!
In list most popular pools, i can add any pool on mpos ( ° ͜ʖ ͡°)
member
Activity: 98
Merit: 10
Glad my pool didn't show up on the list. We don't scam anyways though.  That is some pretty sensitive info hanging out there!
newbie
Activity: 4
Merit: 0
http://gyazo.com/66709a118ce84c887b4e84028077ac3a.png

HEY, YOU CAN GET SOME LTC, DOGE, CAT, GME, LENNY AND MORE COINS HERE - http://webhancement.us/gg.php

I GIVE YOUR LINK BECOUSE GUY WITH WHOM I WORKED SCAM ME ON MORE MONEY.
THIS BUG - 2 DAYS. AND YES, THEM WHO WRITE "WHO STOLE MY COINS FROM POOL?Huh" BECAUSE OF THIS.
...
MORE INFO ABOUT BUG(ALL VERSIONS MPOS) - 0.5 BTC

WTF?, HOW TO WARD OFF IT?!
USE VERY VERY STRONG PASSWORD(I RECOMMEND USE LASTPASS) AND SET ACCOUNT AS ANONYMOUS.
ENJOY. Miners.


http://www.wykop.pl/wpis/6841332/oto-lista-pooli-z-ktorych-zanotowano-kradzieze-zro/
http://www.wykop.pl/wpis/6840458/uwaga-uwaga-bardzo-wazne-ogloszenie-dotyczaca-bezp/
Jump to: