Pages:
Author

Topic: Simplecoin.us Back ONLINE! (Read 4244 times)

sr. member
Activity: 406
Merit: 250
October 20, 2011, 04:06:26 PM
#23
TBX online!
sr. member
Activity: 406
Merit: 250
October 20, 2011, 02:15:16 PM
#22
Site & BTC/NMC pools are back online!
sr. member
Activity: 406
Merit: 250
October 19, 2011, 04:56:06 PM
#21
As the site begins to return, please note that ALL accounts have been frozen (will show up banned) and require a password reset.

If you are unable to access your account's registered email address, please contact me.
sr. member
Activity: 406
Merit: 250
October 19, 2011, 03:59:47 PM
#20
We appreciate the hard work!  What your planned time-frame to go live again?

If all works out, I should be ready tonight (CST), if not hopefully tomorrow. The rebuild has gone very smoothly so far.
hero member
Activity: 742
Merit: 503
October 19, 2011, 03:58:19 PM
#19
We appreciate the hard work!  What your planned time-frame to go live again?
sr. member
Activity: 406
Merit: 250
October 19, 2011, 12:44:11 PM
#18
While everything checks out, even the logs (no successful connections to ssh or webmin but my own either)... I'm still not sold that there was no foul play.

So, I'm wiping the servers and restoring everything freshly.

That may add another day of downtime, but I want to be sure this issue is resolved once and for all.

Wiping the server and starting over is only going to solve the problem if you fix however someone got access to it...since you can't fiind a way that someone accessed it then the problem can't be fixed (if there is a problem) so wiping and reloading seems like a waste of time lol

Wiping WILL remove any possible threats (I could have just turned the pool back on, but I'd rather be safe). I will be taking additional precautions as well.
SSH will be locked to my local certificate and IP.
Webmin will be locked to my local IP.
The only publicly open ports will be nginx and possibly pushpool (although I've heard of no one who needed to bypass the proxy). All others will be firewalled off entirely.




sr. member
Activity: 1183
Merit: 251
October 19, 2011, 12:33:24 PM
#17
While everything checks out, even the logs (no successful connections to ssh or webmin but my own either)... I'm still not sold that there was no foul play.

So, I'm wiping the servers and restoring everything freshly.

That may add another day of downtime, but I want to be sure this issue is resolved once and for all.

Wiping the server and starting over is only going to solve the problem if you fix however someone got access to it...since you can't fiind a way that someone accessed it then the problem can't be fixed (if there is a problem) so wiping and reloading seems like a waste of time lol
sr. member
Activity: 406
Merit: 250
October 19, 2011, 12:18:01 PM
#16
While everything checks out, even the logs (no successful connections to ssh or webmin but my own either)... I'm still not sold that there was no foul play.

So, I'm wiping the servers and restoring everything freshly.

That may add another day of downtime, but I want to be sure this issue is resolved once and for all.
hero member
Activity: 628
Merit: 500
October 18, 2011, 06:56:53 PM
#15
Ok, upon reboot. Everything is still intact. User tables, user data, even the missing files.

I'd like to hope this is a false alarm and just a mounted drive issue. However, I'm still going to thoroughly audit everything before turning the site back on.
Sounds like a professional response. Thanks.
sr. member
Activity: 406
Merit: 250
October 18, 2011, 05:47:01 PM
#14
Ok, upon reboot. Everything is still intact. User tables, user data, even the missing files.

I'd like to hope this is a false alarm and just a mounted drive issue. However, I'm still going to thoroughly audit everything before turning the site back on.
sr. member
Activity: 406
Merit: 250
October 18, 2011, 04:32:21 PM
#13
When will you be paying all outstanding balances? or was that compromised also?

I regret to inform everyone there was a likely breach at simplecoin.us.

What is known so far:
The main pool server home directory was wiped clean, including wallet backups. The pool username also had the password changed.
The live pool wallets were thankfully not in the home directory and were recovered.

What has been done:
The balances of the wallets are being transferred. There are no apparent losses so far.
The servers have been physically shut down to prevent any other data loss.


What is your specific time frame for completion of this task, since "There are no apparent losses so far."


Right now the priority is to transfer funds as the blocks are confirmed. There is not a specific time frame, as the level of damage has not yet even been fully assessed.
sr. member
Activity: 406
Merit: 250
October 18, 2011, 04:30:12 PM
#12
When will you be paying all outstanding balances? or was that compromised also?

I regret to inform everyone there was a likely breach at simplecoin.us.

What is known so far:
The main pool server home directory was wiped clean, including wallet backups. The pool username also had the password changed.
The live pool wallets were thankfully not in the home directory and were recovered.

What has been done:
The balances of the wallets are being transferred. There are no apparent losses so far.
The servers have been physically shut down to prevent any other data loss.


What is your specific time frame for completion of this task, since "There are no apparent losses so far."


When will you be paying all outstanding balances? or was that compromised also?

I will be paying out balances as soon as I can confirm their validity.
hero member
Activity: 988
Merit: 1000
October 18, 2011, 04:27:16 PM
#11
When will you be paying all outstanding balances? or was that compromised also?

I regret to inform everyone there was a likely breach at simplecoin.us.

What is known so far:
The main pool server home directory was wiped clean, including wallet backups. The pool username also had the password changed.
The live pool wallets were thankfully not in the home directory and were recovered.

What has been done:
The balances of the wallets are being transferred. There are no apparent losses so far.
The servers have been physically shut down to prevent any other data loss.


What is your specific time frame for completion of this task, since "There are no apparent losses so far."
sr. member
Activity: 406
Merit: 250
October 18, 2011, 04:20:01 PM
#10
When will you be paying all outstanding balances? or was that compromised also?

I will be paying out balances as soon as I can confirm their validity.
sr. member
Activity: 406
Merit: 250
October 18, 2011, 04:16:40 PM
#9
When will you be paying all outstanding balances? or was that compromised also?

I regret to inform everyone there was a likely breach at simplecoin.us.

What is known so far:
The main pool server home directory was wiped clean, including wallet backups. The pool username also had the password changed.
The live pool wallets were thankfully not in the home directory and were recovered.

What has been done:
The balances of the wallets are being transferred. There are no apparent losses so far.
The servers have been physically shut down to prevent any other data loss.

What this means to you:
It is possible your user data is compromised. While PINs & Passwords were encrypted, please change any passwords that you used here.


I am working hard to minimize the damage from this likely intrusion, I will post updates as more information is known.
hero member
Activity: 988
Merit: 1000
October 18, 2011, 04:15:49 PM
#8
When will you be paying all outstanding balances? or was that compromised also?
hero member
Activity: 540
Merit: 500
The future begins today
October 18, 2011, 04:01:33 PM
#7
Good to know that, a friend of mine was asking me all the afternoon what happened to simplecoin.

Please keep us informed.

Regards,
sr. member
Activity: 406
Merit: 250
October 18, 2011, 03:49:21 PM
#6
thank you!

hoping for the best!
Agreed, good luck. Let me know if you need any help parsing through logs, checking IPs... of course i know a lot of that is sedative data anyways, but the offer still stands.

Thanks. Right now I'm focusing on the coins. Maybe I'll get lucky and the IP will be in the user logs. I'm hoping shutting the machine down kept them from covering their tracks.
hero member
Activity: 628
Merit: 500
October 18, 2011, 03:46:55 PM
#5
thank you!

hoping for the best!
Agreed, good luck. Let me know if you need any help parsing through logs, checking IPs... of course i know a lot of that is sedative data anyways, but the offer still stands.

Edit: sensitive (crazy auto correct)
sr. member
Activity: 406
Merit: 250
October 18, 2011, 03:19:49 PM
#4
well that sounds like a definite hack not Probable. Its good to hear that user wallets are safe. I hope the situation doesn't change and everything is recovered without problems.

Short of someone at the datacenter changing things (they were fixing ipv6 issues), it most likely is an intrusion.
Pages:
Jump to: