ironwolf (OP)
Member
Offline
Activity: 76
Merit: 10
|
|
April 14, 2011, 09:48:04 AM |
|
I looked at BitcoinMonitor.com this evening and noticed this strange descending line of transactions. Each transaction has a fixed 0.05 BTC amount and the remainder in "change". Any ideas about what's up with this?
|
|
|
|
caveden
Legendary
Offline
Activity: 1106
Merit: 1004
|
|
April 14, 2011, 10:02:13 AM |
|
The faucet?
|
|
|
|
caveden
Legendary
Offline
Activity: 1106
Merit: 1004
|
|
April 14, 2011, 10:04:04 AM |
|
By the way, either the faucet is getting very popular, or some scumbag found a way to cheat and get all its money. Too many transactions...
|
|
|
|
Raulo
|
|
April 14, 2011, 10:10:22 AM |
|
By the way, either the faucet is getting very popular, or some scumbag found a way to cheat and get all its money. Too many transactions...
It's probably the latter because just a day ago there were significantly fewer transactions from the faucet and much less regular.
|
1HAoJag4C3XtAmQJAhE9FTAAJWFcrvpdLM
|
|
|
ironwolf (OP)
Member
Offline
Activity: 76
Merit: 10
|
|
April 14, 2011, 10:17:03 AM |
|
The pattern went down to zero and seems to have restarted again at around 17.5 BTC.
|
|
|
|
caveden
Legendary
Offline
Activity: 1106
Merit: 1004
|
|
April 14, 2011, 11:44:57 AM |
|
I've PMed Gavin about it.
|
|
|
|
ribuck
Donator
Hero Member
Offline
Activity: 826
Merit: 1060
|
|
April 14, 2011, 11:47:03 AM |
|
Also notice how there's a small gap in the Faucet withdrawals whenever a block is generated. This probably tells us something about network propagation speed or somesuch.
|
|
|
|
mahadri
Newbie
Offline
Activity: 1
Merit: 0
|
|
April 14, 2011, 12:21:51 PM |
|
Also notice how there's a small gap in the Faucet withdrawals whenever a block is generated. This probably tells us something about network propagation speed or somesuch.
No. After a new block, the faucet pays out from its ~45 BTC transaction, then pays out from a smaller transaction until the next block. The gap will disappear when the faucet funds drop below 45 BTC, when there's only one transaction available to pay out from.
|
|
|
|
Gavin Andresen
Legendary
Offline
Activity: 1652
Merit: 2301
Chief Scientist
|
|
April 14, 2011, 12:31:09 PM |
|
I've turned off the faucet; somebody is definitely stealing from it. There were 500 sends queued when I woke up this morning. They are using a different IP address, different google account, and are even changing the browser ID string on every request-- here are three entries from the request log, for example: 121.1.54.214 - zqdckyxnhmjj [14/Apr/2011:05:20:19 -0700] "POST /getsome HTTP/1.1" 200 1206 "http://freebitcoins.appspot.com/getsome" "Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6,gzip(gfe)" "freebitcoins.appspot.com" 213.0.109.214 - clkjqwbhwefj [14/Apr/2011:05:20:15 -0700] "POST /getsome HTTP/1.1" 200 1206 "http://freebitcoins.appspot.com/getsome" "Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.2.3) Gecko/20100403 Fedora/3.6.3-4.fc13 Firefox/3.6.3,gzip(gfe)" "freebitcoins.appspot.com" 193.110.115.0 - rdcxalrgxyrvb [14/Apr/2011:05:17:40 -0700] "POST /getsome HTTP/1.1" 200 1206 "http://freebitcoins.appspot.com/getsome" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.7) Gecko/20100726 CentOS/3.6-3.el5.centos Firefox/3.6.7,gzip(gfe)" "freebitcoins.appspot.com"
"zqdckyxnhmjj" and "clkjqwbhwefj" are the google account logins, which are obviously bogus. Well, obvious to humans, anyway...
|
How often do you get the chance to work on a potentially world-changing project?
|
|
|
Anonymous
Guest
|
|
April 14, 2011, 12:47:44 PM |
|
I've turned off the faucet; somebody is definitely stealing from it. There were 500 sends queued when I woke up this morning. They are using a different IP address, different google account, and are even changing the browser ID string on every request-- here are three entries from the request log, for example: 121.1.54.214 - zqdckyxnhmjj [14/Apr/2011:05:20:19 -0700] "POST /getsome HTTP/1.1" 200 1206 "http://freebitcoins.appspot.com/getsome" "Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6,gzip(gfe)" "freebitcoins.appspot.com" 213.0.109.214 - clkjqwbhwefj [14/Apr/2011:05:20:15 -0700] "POST /getsome HTTP/1.1" 200 1206 "http://freebitcoins.appspot.com/getsome" "Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.2.3) Gecko/20100403 Fedora/3.6.3-4.fc13 Firefox/3.6.3,gzip(gfe)" "freebitcoins.appspot.com" 193.110.115.0 - rdcxalrgxyrvb [14/Apr/2011:05:17:40 -0700] "POST /getsome HTTP/1.1" 200 1206 "http://freebitcoins.appspot.com/getsome" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.7) Gecko/20100726 CentOS/3.6-3.el5.centos Firefox/3.6.7,gzip(gfe)" "freebitcoins.appspot.com"
"zqdckyxnhmjj" and "clkjqwbhwefj" are the google account logins, which are obviously bogus. Well, obvious to humans, anyway... Someone hired a captcha farm ?
|
|
|
|
jav
|
|
April 14, 2011, 12:57:55 PM |
|
They are using a different IP address, different google account, and are even changing the browser ID string on every request-- here are three entries from the request log, for example:
What is wrong with some people? Seriously... someone with the technical skills to automate this can't think of something more worthwhile to do than to steal pennies? It's really unfortunate, because the Faucet is probably the most important promotional tool that Bitcoin has. So what's next? manual approval of every Faucet transaction? maybe a group of trusted forum members could do this, so that there is always someone online? would be pretty tedious though, I guess.
|
|
|
|
HostFat
Staff
Legendary
Offline
Activity: 4270
Merit: 1209
I support freedom of choice
|
|
April 14, 2011, 01:02:00 PM |
|
What is wrong with some people? Seriously... someone with the technical skills to automate this can't think of something more worthwhile to do than to steal pennies? Destroying is easier than creating
|
|
|
|
Anonymous
Guest
|
|
April 14, 2011, 01:06:12 PM |
|
They are using a different IP address, different google account, and are even changing the browser ID string on every request-- here are three entries from the request log, for example:
What is wrong with some people? Seriously... someone with the technical skills to automate this can't think of something more worthwhile to do than to steal pennies? It's really unfortunate, because the Faucet is probably the most important promotional tool that Bitcoin has. So what's next? manual approval of every Faucet transaction? maybe a group of trusted forum members could do this, so that there is always someone online? would be pretty tedious though, I guess. Pay someone .01 of the .05 to sit there clicking "confirm"
|
|
|
|
caveden
Legendary
Offline
Activity: 1106
Merit: 1004
|
|
April 14, 2011, 01:07:15 PM |
|
What is wrong with some people? Seriously... someone with the technical skills to automate this can't think of something more worthwhile to do than to steal pennies?
+1
|
|
|
|
jpent
Newbie
Offline
Activity: 32
Merit: 0
|
|
April 14, 2011, 01:18:50 PM |
|
Is this pattern definitely due to the faucet then? I was thinking it could also be caused by mining pools sending out rewards.
|
|
|
|
Gavin Andresen
Legendary
Offline
Activity: 1652
Merit: 2301
Chief Scientist
|
|
April 14, 2011, 01:40:30 PM |
|
That pattern is definitely the faucet. The big mining pools are already using the new 'sendmany' functionality to pay lots of people with one transaction.
I'm thinking of doing something similar for the Faucet. Perhaps:
+ Bundle up requests for payments, so instead of sending out payment right away you have to wait a bit (15 minutes or an hour or... something somewhat random and non-predictable).
+ Dropping the Faucet reward AGAIN so there is less incentive to cheat. I'll need to use sendmany so the faucet isn't paying as much in fees as it is in bitcoins it gives out.
And maybe:
+ Publicly display the queue of waiting requests. This would be the tricky part-- I don't want to just dump email address and IP address, but I do want to dump enough information so people looking at the information can tell the difference between a cheater and legitimate users.
+ A way of flagging requests as "looks like cheating to me". This is also hard-- griefers might decide it would be fun to flag lots of legitimate requests.
|
How often do you get the chance to work on a potentially world-changing project?
|
|
|
Mr.512
Newbie
Offline
Activity: 1
Merit: 0
|
|
April 14, 2011, 05:41:28 PM |
|
They are using a different IP address, different google account, and are even changing the browser ID string on every request-- here are three entries from the request log, for example:
What is wrong with some people? Seriously... someone with the technical skills to automate this can't think of something more worthwhile to do than to steal pennies? It's really unfortunate, because the Faucet is probably the most important promotional tool that Bitcoin has. So what's next? manual approval of every Faucet transaction? maybe a group of trusted forum members could do this, so that there is always someone online? would be pretty tedious though, I guess. Pay someone .01 of the .05 to sit there clicking "confirm" That is probably by far the most intellectual idea. It's a smart idea to have someone online at all times, I'm sure there's someone Gavin can trust.
|
|
|
|
BitterTea
|
|
April 14, 2011, 05:49:11 PM |
|
+ Dropping the Faucet reward AGAIN so there is less incentive to cheat. I'll need to use sendmany so the faucet isn't paying as much in fees as it is in bitcoins it gives out.
I think I suggested this to you when I first found Bitcoin, but why not make the faucet's payout a direct function of the available balance? Like... payout = balance / 2000. This would mean diminishing returns for an attacker. Oooh, what about integrating faucet authentication with Gribble? There's almost always somebody on IRC.
|
|
|
|
randomguy7
|
|
April 14, 2011, 05:58:21 PM |
|
I don't think making the payout smaller is going to stop people cheating. Can't we add a switch to the gui to switch to testnet and run the faucet with testnet coins?
|
|
|
|
BitterTea
|
|
April 14, 2011, 06:08:35 PM |
|
I don't think making the payout smaller is going to stop people cheating. Can't we add a switch to the gui to switch to testnet and run the faucet with testnet coins?
Sure, but the whole point is to give people some coins they can spend. Granted, I'm not sure what you're going to buy with .05 BTC, but whatev. I think introducing testnet into this will just confuse people.
|
|
|
|
|