Topic: INFO ABOUT HACK MPOS POOLS / PLUMS INFO / GET SOME FREE COINS HERE. #YOLO #SWAG (Read 3459 times)
January 11, 2014, 08:49:23 AM
I think they are bruteforcing easy passwords, I use very strong random character passwords on all my pools and got notifications about xx failed login attempts on a few pools.
January 11, 2014, 12:19:26 AM
Reusing passwords on multiple sites in 2014 
That's all this is, a db dump with a front end and a few cracked passwords.
That's all this is, a db dump with a front end and a few cracked passwords.
as stated here, both me and xisi work on MPOS (well i work on stratum but still) by default MPOS has a default lock out at 3 attempts which is why i believe the majority are fabricated accounts. while the others are just ones with a weak ass password grabbed from a db dump
January 11, 2014, 12:14:57 AM
Reusing passwords on multiple sites in 2014
That's all this is, a db dump with a front end and a few cracked passwords.
That's all this is, a db dump with a front end and a few cracked passwords.
January 11, 2014, 12:08:52 AM
no doubt they may be legit accounts but i believe 1/2 are fabricated accounts, 1/2 are accounts with weak passwords which the OP has guessed.
OK, so maybe he fabricated some accounts - there's no easy way to prove that one way or the other.
How about the other accounts with actively running miners and balances - some of them with decent passwords and PINs? Bruteforce on both the password and PIN? None of these pools have any invalid login attempt protection? Something doesn't smell right...
January 11, 2014, 12:02:54 AM
no doubt they may be legit accounts but i believe 1/2 are fabricated accounts, 1/2 are accounts with weak passwords which the OP has guessed.
January 11, 2014, 12:00:00 AM
i have checked all of my pools in this list and it looks to me like the OP has used a bot or manually generated accounts and then somehow has the details there, i can assure you all passwords and pins are hashed and salted in MPOS both by default and in my configs.
An example of this is coye.cryptopools.com. the pool doesnt exist since i fell asleep before the launch so it goes to show the details are fetched from another location.
An example of this is coye.cryptopools.com. the pool doesnt exist since i fell asleep before the launch so it goes to show the details are fetched from another location.
January 10, 2014, 11:52:08 PM
i have checked all of my pools in this list and it looks to me like the OP has used a bot or manually generated accounts and then somehow has the details there, i can assure you all passwords and pins are hashed and salted in MPOS both by default and in my configs.
An example of this is coye.cryptopools.com. the pool doesnt exist since i fell asleep before the launch so it goes to show the details are fetched from another location.
Another example is ftc.d2.cc it shows a username clicking login takes the user to digitalcoin.scryptmining.com
it looks me like the creator of the app is sending the login details via HTTP POST as a normal user would which allows people to access these fradulent accounts they have made under false pretenses
An example of this is coye.cryptopools.com. the pool doesnt exist since i fell asleep before the launch so it goes to show the details are fetched from another location.
Another example is ftc.d2.cc it shows a username clicking login takes the user to digitalcoin.scryptmining.com
it looks me like the creator of the app is sending the login details via HTTP POST as a normal user would which allows people to access these fradulent accounts they have made under false pretenses
January 10, 2014, 11:45:20 PM
Yet another reminder to not reuse passwords anywhere. I highly suggest any of you who still fall into this category, take a few minutes and install a decent password manager:
http://passwordsafe.sourceforge.net
http://keepass.info/
http://passwordsafe.sourceforge.net
http://keepass.info/
January 10, 2014, 11:32:56 PM
Glad my pool didn't show up on the list. We don't scam anyways though. That is some pretty sensitive info hanging out there!
In list most popular pools, i can add any pool on mpos ( ° ͜ʖ ͡°) January 10, 2014, 11:25:48 PM
Glad my pool didn't show up on the list. We don't scam anyways though. That is some pretty sensitive info hanging out there!
January 10, 2014, 11:13:52 PM
http://gyazo.com/66709a118ce84c887b4e84028077ac3a.png
HEY, YOU CAN GET SOME LTC, DOGE, CAT, GME, LENNY AND MORE COINS HERE - http://webhancement.us/gg.php
I GIVE YOUR LINK BECOUSE GUY WITH WHOM I WORKED SCAM ME ON MORE MONEY.
THIS BUG - 2 DAYS. AND YES, THEM WHO WRITE "WHO STOLE MY COINS FROM POOL?
" BECAUSE OF THIS.
...
MORE INFO ABOUT BUG(ALL VERSIONS MPOS) - 0.5 BTC
WTF?, HOW TO WARD OFF IT?!
USE VERY VERY STRONG PASSWORD(I RECOMMEND USE LASTPASS) AND SET ACCOUNT AS ANONYMOUS.
ENJOY. Miners.
http://www.wykop.pl/wpis/6841332/oto-lista-pooli-z-ktorych-zanotowano-kradzieze-zro/
http://www.wykop.pl/wpis/6840458/uwaga-uwaga-bardzo-wazne-ogloszenie-dotyczaca-bezp/
HEY, YOU CAN GET SOME LTC, DOGE, CAT, GME, LENNY AND MORE COINS HERE - http://webhancement.us/gg.php
I GIVE YOUR LINK BECOUSE GUY WITH WHOM I WORKED SCAM ME ON MORE MONEY.
THIS BUG - 2 DAYS. AND YES, THEM WHO WRITE "WHO STOLE MY COINS FROM POOL?
" BECAUSE OF THIS....
MORE INFO ABOUT BUG(ALL VERSIONS MPOS) - 0.5 BTC
WTF?, HOW TO WARD OFF IT?!
USE VERY VERY STRONG PASSWORD(I RECOMMEND USE LASTPASS) AND SET ACCOUNT AS ANONYMOUS.
ENJOY. Miners.
http://www.wykop.pl/wpis/6841332/oto-lista-pooli-z-ktorych-zanotowano-kradzieze-zro/
http://www.wykop.pl/wpis/6840458/uwaga-uwaga-bardzo-wazne-ogloszenie-dotyczaca-bezp/
Jump to: