Erkan-Yilmaz / GRC

announcement collection for Gridcoin
https://twitter.com/GridcoinIRC
6 stars 0 forks source link

SECURITY alert: GRCpool users -> change your passwords -> attack to bruteforce pwds #48

Open Erkan-Yilmaz opened 7 years ago

Erkan-Yilmaz commented 7 years ago

Find updates on the situation in comments below...


From Facebook:


"SECURITY ALERT

I hoped to have more information gathered for this, but I don't, and want to get the word out sooner than later. I will be following up with more information in the next day or so. I was notified from a pool member they received the email about their payout address changing without them initiating it.

When investigating that I noticed there is attack occurring on the login page trying to brute force passwords.

At that time payouts and the ability to change the payout address were disabled. They will likely remain disabled through tomorrows payout as I continue to look at the records.

I added captcha to the login page immediatly so no more passwords could be discovered. Furthermore, all traffic is being routed through Cloudflare. You might see some browser check messages as a result of this.

There are about 50 hits per second getting through to the server still at this time. There are a couple accounts I have forced a password reset on to error on the side of caution, which I will be sending out individual emails about.

If you had 2fa you shouldn't have anything to worry about. Obviously the best bet is to change the password on the accounts if you have any concerns. I will be adding a second layer of confirmation to accounts which do not use 2fa in the future.

Please do reach out to me if you have had some unauthorized change on your account so I can add it to the search profile for this as I look through logs and database records."


grcp



Read updates here, or check out the pool admin's steemit and above Facebook and twitter

Erkan-Yilmaz commented 7 years ago

update about 1h ago:


"Hi,

Just a brief followup where things stand for now.

The attack has slowed down but is still active. I made more modifications to the login procedure which aligns with scenarios common to other cryptocurrency sites.

All operations are running except for payout and address changes. I am considering sending the next round of payouts for those with 2FA active and accounts which have had the same GRC address for a while. I sent out emails to individuals whose GRC address had changed over a very broad time range just to verify that they made the change. I would like to give a little more time for responses to come in before opening payouts completely. Also, address changes are off because if anybody has had their address changed, I want to know about it so I can track down the details. So if you happen to be in that situation, please let me know.

On a more positive note, DrugDiscovery@Home was white listed yesterday and is available in the pool.

As always, if you need to chat real time, feel free to contact me on the teamgridcoin.slack.com channel in #grcpool or @bgb."


grcp2