Also, just as an FYI, i do network security in a completely different sector, but the attacks are usually the same. The "sneak forwarding" is a common targeted attack. More likely though, is the human element, an administrator paid to set things up. Systems are usually surprisingly secure. Almost every successful attack i see involves phishing or an inside job. Just as an fyi though, nmap is a powerful tool, and anyone can intercept and reconstruct any email that is sent over the internet if it is not pgp encrypted. i've done this for more than one client to prove the point.

Way to never read anything before making your post... keep living the dream. I know you will never read this

I set up Stratum mining to not waste hashrate on the pool. However I didn't fix the hole because I think that the hole is OVH itself, so it's clearly possible that attackers shut down the pool again. I'll migrate out of OVH ASAP.

I cross-checked my mailbox setup and no forwarding is configured here. For now I fully blame OVH for this issue.

Also, just as an FYI, i do network security in a completely different sector, but the attacks are usually the same. The "sneak forwarding" is a common targeted attack.

Way to never read anything before making your post... keep living the dream. I know you will never read this

Way to never read anything before making your post... keep living the dream. I know you will never read this

Interesting analysis. Is it possible that the algo for the OTP is "known" ? So the attacker would simply have to know what the next OTP password is once it's been submitted?

I cross-checked my mailbox setup and no forwarding is configured here. For now I fully blame OVH for this issue.

Also, just as an FYI, i do network security in a completely different sector, but the attacks are usually the same. The "sneak forwarding" is a common targeted attack.

Pool just found new block. Because database isn't running and shares are not stored, I'll spread blocks mined during database outage to miners who'll continue mining on the pool since the database will be up again.

If I agreed with you, we both would be wrong. Never mind, no offence taken on my side whatsoever.

Way to never read anything before making your post... keep living the dream. I know you will never read this

Interesting analysis. Is it possible that the algo for the OTP is "known" ? So the attacker would simply have to know what the next OTP password is once it's been submitted?

I cross-checked my mailbox setup and no forwarding is configured here. For now I fully blame OVH for this issue.

Also, just as an FYI, i do network security in a completely different sector, but the attacks are usually the same. The "sneak forwarding" is a common targeted attack.