Pages:
Author

Topic: [OFFLINE] SIMPLECOIN.US [PPLNS/SMPPS] - page 16. (Read 38109 times)

sr. member
Activity: 406
Merit: 250
October 18, 2011, 02:37:59 PM
Now that I have the wallets, I shut down the servers until all blocks have confirmed. Until all the generation is complete, the funds are still at risk.
Sounds like a good plan. What type of hack was it?

Not sure yet. With the machines off it is hard to tell. As best I could tell, only the main pool server was affected. Only SSH, webmin & nginx were running on that server. My ssh connection suddenly dropped, and my password changed. So I stopped SSH, rechanged the password. In that time the pool user directory was wiped clean. I grabbed the wallets and shutdown the machine.

SSH was running fail2ban, so it's unlikely it was bruteforce. The security updates were up to date as well. Once I'm sure the currency information is secure I'll fire the machines back up and look for the culprit.

Are password and account info ok or is it still to early to tell?

Too early to tell. I did switch the machine physically off. I'll go through the data once the coins are safe. It looked like only the pool home directory had been wiped and the user password reset, although I didn't want to risk any more data being lost. So, the machine was shut down.
hero member
Activity: 628
Merit: 500
October 18, 2011, 02:22:41 PM
Now that I have the wallets, I shut down the servers until all blocks have confirmed. Until all the generation is complete, the funds are still at risk.
Sounds like a good plan. What type of hack was it?

Not sure yet. With the machines off it is hard to tell. As best I could tell, only the main pool server was affected. Only SSH, webmin & nginx were running on that server. My ssh connection suddenly dropped, and my password changed. So I stopped SSH, rechanged the password. In that time the pool user directory was wiped clean. I grabbed the wallets and shutdown the machine.

SSH was running fail2ban, so it's unlikely it was bruteforce. The security updates were up to date as well. Once I'm sure the currency information is secure I'll fire the machines back up and look for the culprit.

Are password and account info ok or is it still to early to tell?
sr. member
Activity: 406
Merit: 250
October 18, 2011, 02:17:14 PM
Now that I have the wallets, I shut down the servers until all blocks have confirmed. Until all the generation is complete, the funds are still at risk.
Sounds like a good plan. What type of hack was it?

Not sure yet. With the machines off it is hard to tell. As best I could tell, only the main pool server was affected. Only SSH, webmin & nginx were running on that server. My ssh connection suddenly dropped, and my password changed. So I stopped SSH, rechanged the password. In that time the pool user directory was wiped clean. I grabbed the wallets and shutdown the machine.

SSH was running fail2ban, so it's unlikely it was bruteforce. The security updates were up to date as well. Once I'm sure the currency information is secure I'll fire the machines back up and look for the culprit.
hero member
Activity: 628
Merit: 500
October 18, 2011, 02:10:29 PM
Now that I have the wallets, I shut down the servers until all blocks have confirmed. Until all the generation is complete, the funds are still at risk.
Sounds like a good plan. What type of hack was it?
sr. member
Activity: 406
Merit: 250
October 18, 2011, 02:08:43 PM
Now that I have the wallets, I shut down the servers until all blocks have confirmed. Until all the generation is complete, the funds are still at risk.
sr. member
Activity: 406
Merit: 250
October 18, 2011, 01:16:55 PM
The pool server has been hacked!!!!

Pool is going down.
OH NO!!

They managed to wipe the pool user directory, which included wallet backups. They did not however get to the actual wallets.

BTC & NMC balances have been moved (and hopefullly were not double spent).

That is good news. what about TBX and GG? were those currencies recovered?

Recovering geist now (waiting on blockchain). TBX is on another machine, but will be recovered after gg.

GG sent.
hero member
Activity: 628
Merit: 500
October 18, 2011, 01:08:24 PM
The pool server has been hacked!!!!

Pool is going down.
OH NO!!

They managed to wipe the pool user directory, which included wallet backups. They did not however get to the actual wallets.

BTC & NMC balances have been moved (and hopefullly were not double spent).

That is good news. what about TBX and GG? were those currencies recovered?
sr. member
Activity: 406
Merit: 250
October 18, 2011, 01:02:44 PM
The pool server has been hacked!!!!

Pool is going down.
OH NO!!

They managed to wipe the pool user directory, which included wallet backups. They did not however get to the actual wallets.

BTC & NMC balances have been moved (and hopefullly were not double spent).
hero member
Activity: 628
Merit: 500
October 18, 2011, 12:50:54 PM
The pool server has been hacked!!!!

Pool is going down.
OH NO!!
sr. member
Activity: 406
Merit: 250
October 18, 2011, 12:45:06 PM
The pool server has been hacked!!!!

Pool is going down.

Trying to xfer out all funds.

BTC xferred.
member
Activity: 172
Merit: 10
October 18, 2011, 12:43:12 PM
Are email notification able to be turned off yet?
sr. member
Activity: 406
Merit: 250
October 18, 2011, 12:14:22 PM
I haven't mined at this pool for 24 hours now but I still have unconfirmed namecoins.  Could this have something to do with block 21,010 (or 21,011) listed in the PPLNS previous blocks which has 0 confirms?  Is this the cause of the unconfirmed namecoins on Lobomir's account too?

Have you had any thoughts on a possible cause for the crazy luck at this pool yet?  What happend for example between 22,391 and 22,645 on the PPLNS pool?


It is block 21010 (on the site), which was orphaned. Seems the orphan cleaner missed a block. As for the luck, I'm still looking for anything that could be cause, but we're still finding blocks (BTC & NMC), and have very low stales. I switched over to khal's new nmc client yesterday, so we'll see if that changes anything.
legendary
Activity: 1246
Merit: 1011
October 18, 2011, 05:23:22 AM
I haven't mined at this pool for 24 hours now but I still have unconfirmed namecoins.  Could this have something to do with block 21,010 (or 21,011) listed in the PPLNS previous blocks which has 0 confirms?  Is this the cause of the unconfirmed namecoins on Lobomir's account too?

Have you had any thoughts on a possible cause for the crazy luck at this pool yet?  What happend for example between 22,391 and 22,645 on the PPLNS pool?
sr. member
Activity: 406
Merit: 250
October 17, 2011, 01:32:37 PM
pools up. site down.

Swapping to the new namecoin client. Thanks to using luke-jr's implementation there is no need to take the pool down for namecoin updates Smiley

UPDATE: The new namecoin client is in place.
hero member
Activity: 628
Merit: 500
hero member
Activity: 628
Merit: 500
October 17, 2011, 01:25:29 PM
pools up. site down.
sr. member
Activity: 406
Merit: 250
October 17, 2011, 01:16:17 PM
Simple, did you get the msg about the much needed update to namecoind? http://dot-bit.org/forum/viewtopic.php?p=2182#p2182

  That goes for anyone else that may be solo mining or mining thru namecoind at some of the smaller pools as well.....

I'll have it switched shortly.
hero member
Activity: 504
Merit: 500
October 17, 2011, 01:04:59 PM
Simple, did you get the msg about the much needed update to namecoind? http://dot-bit.org/forum/viewtopic.php?p=2182#p2182

  That goes for anyone else that may be solo mining or mining thru namecoind at some of the smaller pools as well.....
hero member
Activity: 628
Merit: 500
October 17, 2011, 12:21:25 PM
And to celebrate.... I'm giving away another 10 BTC for block finders, extending the existing ones!
woohoo!

EDIT:i'm a little sad and really glad to be pushed off the top hashrate spot

I felt the same when you pushed me out of the top slot  Tongue

Its so worth it. Let the coins come. we might even get to be sticky Smiley
sr. member
Activity: 406
Merit: 250
October 17, 2011, 11:30:08 AM
And to celebrate.... I'm giving away another 10 BTC for block finders, extending the existing ones!
woohoo!

EDIT:i'm a little sad and really glad to be pushed off the top hashrate spot

I felt the same when you pushed me out of the top slot  Tongue
Pages:
Jump to: