|
Title: What next? Post by: hippich on September 16, 2011, 01:00:01 PM Today I opened admin panel of my http://betco.in to find out that some "smart" kid created 6 accounts and was playing currently running free roll SNG tourney. With all ins in each game. He was hunting for 1 chip (i.e. 1 bitcent). He was able to withdraw this "astonishing" amount of bitcoins during 3 HOURS - incredible 78 bitcents!
People, c'mon. What will be next? You will be looking to get 5 bitcents by scamming someone? Then 1 bitcent? very disappointed... Hope price will drop enough to get rid of all these scumbags. Title: Re: What next? Post by: hippich on September 16, 2011, 01:03:38 PM Here are nicks of this guy. Something suggest me he is russian. I am russian myself, so this is even more depressing:
MelloNear ZorroNext ZidanChampion jessygreen msGoodLuck alexalex And here are his addresses. 1LtxvKpmn4AG23NbqwzsbYTUkQaY625ceR 1AbCJgVvuz1Cc7DHg83zCEbgDTwtK1gKbM 1LSN7yZ6esfBxSfoKt77LpbDxQ8d3bzRL3 1FiMSaS9MxZYNbKgKM7bvkDj91cHDvtotc 12U3kJic1pREtLHWj2JsvtRmbMbFEsS24T 1DR2QEnzJrRBpX8DhpdpaiBvgyGpHxZy9W Title: Re: What next? Post by: hugolp on September 16, 2011, 01:04:20 PM I hope the price goes high enough to get ride of naive admins.
If there is a flaw someone is going to use it. If you want to run a business youll have to deal with it. Title: Re: What next? Post by: hippich on September 16, 2011, 01:07:42 PM well.. to use any flaw you need an effort. spend 3 hours to get 78 bitcents? this community was better before..
Title: Re: What next? Post by: aq on September 16, 2011, 01:11:38 PM well.. to use any flaw you need an effort. spend 3 hours to get 78 bitcents? this community was better before.. Apparently this "kid" is an investor, because once a Bitcoin will be worth $100, his investment of 3 hours will got paid at $25/hour ::)Title: Re: What next? Post by: hippich on September 16, 2011, 01:13:14 PM =) with all my optimism here, i do not see this happening soon. but i would like it to be like this..
Title: Re: What next? Post by: nmat on September 16, 2011, 01:13:44 PM Title: Re: What next? Post by: hugolp on September 16, 2011, 01:33:53 PM well.. to use any flaw you need an effort. spend 3 hours to get 78 bitcents? this community was better before.. Some people get a thrill out of "free" stuff. I think it happens the same with cheating. The guy feels more intelligent than you because he is using your system in a way you did not intent. As I said, if you run a business youll have to deal with this kind of stuff. Title: Re: What next? Post by: hippich on September 16, 2011, 01:36:29 PM I expected it could be hijacked like this. It is a main reason why I made 0.01 BTC prize pool for each tourney (I thought to make it something like 0.1 - 1 initially). I believed nobody will want to make it their full time job. Apparently I was wrong (guy was still running his "operation" when I spotted this).
Title: Re: What next? Post by: Phinnaeus Gage on September 16, 2011, 01:39:40 PM well.. to use any flaw you need an effort. spend 3 hours to get 78 bitcents? this community was better before.. Apparently this "kid" is an investor, because once a Bitcoin will be worth $100, his investment of 3 hours will got paid at $25/hour ::)Is the math right? Title: Re: What next? Post by: aq on September 16, 2011, 01:43:06 PM well.. to use any flaw you need an effort. spend 3 hours to get 78 bitcents? this community was better before.. Apparently this "kid" is an investor, because once a Bitcoin will be worth $100, his investment of 3 hours will got paid at $25/hour ::)Is the math right? $78/3hours = $26/hour So yes, I should have written $26 ;) Title: Re: What next? Post by: Phinnaeus Gage on September 16, 2011, 01:51:23 PM well.. to use any flaw you need an effort. spend 3 hours to get 78 bitcents? this community was better before.. Apparently this "kid" is an investor, because once a Bitcoin will be worth $100, his investment of 3 hours will got paid at $25/hour ::)Is the math right? $78/3hours = $26/hour So yes, I should have written $26 ;) My bad! I thought it was 78 bitcoins. Just now saw the cents. or My bad! My slide rule has a dent in it. Title: Re: What next? Post by: aq on September 16, 2011, 01:52:29 PM I expected it could be hijacked like this. It is a main reason why I made 0.01 BTC prize pool for each tourney (I thought to make it something like 0.1 - 1 initially). I believed nobody will want to make it their full time job. Apparently I was wrong (guy was still running his "operation" when I spotted this). If this was done by a bot, then 0.26 BTC/hour is actually a decent revenue. It would take some 11Gh/s to make the same amount.Title: Re: What next? Post by: piuk on September 16, 2011, 02:34:21 PM About 75% sure his ip is 128.253.153.95 (http://pi.uk.com/bitcoin/ip-address/128.253.153.95). It's from cornell.edu so possibly you could ring the university, but i'm not sure they could/would do much.
Title: Re: What next? Post by: hippich on September 16, 2011, 02:42:36 PM I expected it could be hijacked like this. It is a main reason why I made 0.01 BTC prize pool for each tourney (I thought to make it something like 0.1 - 1 initially). I believed nobody will want to make it their full time job. Apparently I was wrong (guy was still running his "operation" when I spotted this). If this was done by a bot, then 0.26 BTC/hour is actually a decent revenue. It would take some 11Gh/s to make the same amount.This was not a bot for sure. It was manual work. On the other hand - producing bot who can deal with whole poker protocol, website, registration, bitcoins, etc while would be pretty exciting work, will never pays back since amount of time to invest into it incredible. not saying you should be smarter then this guy to actually do that. =) Title: Re: What next? Post by: hippich on September 16, 2011, 02:46:25 PM About 75% sure his ip is 128.253.153.95 (http://pi.uk.com/bitcoin/ip-address/128.253.153.95). It's from cornell.edu so possibly you could ring the university, but i'm not sure they could/would do much. I am not going after him in any case. It is not a point of this post. 78 bitcents worth like 4 bucks. I just fascinated how small-minded some folks are (became?). I can understand why people hack mtgox. Not that I agree with it, but I can understand what motivates 'em. but this... It is like stealing plastic bags from Walmart =)) Title: Re: What next? Post by: Noviz on September 16, 2011, 02:58:52 PM Quote I just fascinated how small-minded some folks are (became?). Welcome to the internet Title: Re: What next? Post by: hippich on September 16, 2011, 03:35:59 PM It's a hobby, finding and successfully exploiting a flaw is rewarding in more ways than 0.78 BTC The only flaw was assuming nobody will be trying to cheat for bitcents. =) Quote But also for many people, Bitcoin is exactly this. A "flaw" where you are able to generate money out of nothing. Why are you surprised to see this here? Because it was not like this before =). I believe ridiculous bitcoin price jump caused all sort of scumbags getting into it. Title: Re: What next? Post by: Noviz on September 16, 2011, 03:46:53 PM It's a hobby, finding and successfully exploiting a flaw is rewarding in more ways than 0.78 BTC The only flaw was assuming nobody will be trying to cheat for bitcents. =) Well if that is what the flaw is then it shows your naivety as a developer. I think its harsh to blame the communities 'bad eggs' for your own bad design. You should never trust your users at all, especially in sites such as yours... it sounds bad but if you don't put the correct security, validation, verification in place then you could get one user in a million that would love to piss your site up. Why didn't you implement any safe-guard against duplicate accounts? Did you just not think anyone would try to do this type of thing? I thought duplicate accounts security would be one of the big things to implement in gambling websites, particularly poker. Title: Re: What next? Post by: hippich on September 16, 2011, 03:52:27 PM Noviz, could you give me a hint how to implement good anti-duplicate account measure? =) Just keep in mind - this is bitcoin, not credit cards used to fund account.
I know a bit about online security. And running 10 virtual boxes with VPNs set to different IP address seems like an easy solution against any anti-duplicate measure right now. =) Remember - there are no 100% secure websites. And you can't do it. What you should try to do - make it economically nonsense to exploit "flaws" (just like bitcoins 51% attack - it can be done, but with this amount of power you can get much more legitimate way). Where I was mistaken - amount of incentive needed to make people try to use this "flaw". Title: Re: What next? Post by: Noviz on September 16, 2011, 04:07:10 PM Noviz, could you give me a hint how to implement good anti-duplicate account measure? =) Just keep in mind - this is bitcoin, not credit cards used to fund account. I know a bit about online security. And running 10 virtual boxes with VPNs set to different IP address seems like an easy solution against any anti-duplicate measure right now. =) Remember - there are no 100% secure websites. And you can't do it. What you should try to do - make it economically nonsense to exploit "flaws" (just like bitcoins 51% attack - it can be done, but with this amount of power you can get much more legitimate way). Where I was mistaken - amount of incentive needed to make people try to use this "flaw". Ok fair enough, I see your point... but what surprised me was that you didn't seem to have put any thought into duplicate user security at all, judging by your previous posts. I suppose the anonymity of bitcoins compared to credit cards is one of the fundamental pitfalls that gambling sites will have to cope with. But I still think you were abit naive in thinking that no one would try to exploit the flaw :P If its there then someone will always exploit it. Title: Re: What next? Post by: hippich on September 16, 2011, 04:12:45 PM I put more global measures in place preventing large scams. Small scams.. I assume this is just business operation expenses? =))
My current measure is to control it manually. And prevent it early. Also I have some hard prevention mechanism in place which keep site from loosing many coins at once. I have some ideas how to make it more sophisticated and automated, but current profit from this project does not make any sense to do it (just like it would not make any sense for someone to build bot for this site - too much time and too little profit). I am more interested in... if 26 "free" bitcents per hour is interesting for people, will 2 bitcents interesting as well? Where is this line where it become economically not worth it? Title: Re: What next? Post by: petercyr on September 16, 2011, 04:23:10 PM There's pretty much no way you could verify user uniqueness without involving some more official channels..
IPs, emails, bitcoin addresses, forum users, cookies, sessions, system hash, etc etc can all be generated unlimited for free or faked. Anonymity definitely has its downsides when it comes to enforcing security. |
