Bitcoin Forum
December 03, 2016, 10:08:26 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 [10] 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 »
  Print  
Author Topic: Wonder who this solominer is? 88.6.216.9  (Read 55327 times)
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
March 17, 2012, 04:01:39 AM
 #181

85.214.124.168 resolves to h1816161.stratoserver.net.

The following A records are set to 85.214.124.168:
antirechts-team.de, enlight-visuals.de, geknicktemit.de, jas-transport.com, muemmelmann.com

The bolded domain is the only one out of the list that is active. Either the botnet op works there, or (more likely) he has compromised that server to be his pool. Anyone feel like contacting them to see what they say?


EDIT: nvm, stupid he.net search only returning a halfassed set of results. Robtex shows better info, seems that it is a shared host.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480802906
Hero Member
*
Offline Offline

Posts: 1480802906

View Profile Personal Message (Offline)

Ignore
1480802906
Reply with quote  #2

1480802906
Report to moderator
Shadow383
Sr. Member
****
Offline Offline

Activity: 336


View Profile
March 17, 2012, 06:20:45 AM
 #182

One question that comes to mind...

1.3TH/s at current price/difficulty is over $30k per week in bitcoins.
I know it's fairly easy to launder funds through mt gox, but surely if they're selling any significant portion of what they mine there would be red flags somewhere?

I can believe it though, and to be honest I think the problem's only going to get worse  Roll Eyes
Turbor
Legendary
*
Offline Offline

Activity: 1008


BitMinter


View Profile WWW
March 17, 2012, 10:05:50 AM
 #183

So far, Sudo is only talking. He refused to point some of his hashpower to BitMinter to back up what he claims !

dizzy1
Full Member
***
Offline Offline

Activity: 134


View Profile
March 18, 2012, 07:43:54 AM
 #184

Going from the computer names in paste linked, it looks like all the machines are running windows. So this could be the work of a script kiddie and the recent windows rdp exploit.
PulsedMedia
Sr. Member
****
Offline Offline

Activity: 402


View Profile WWW
March 18, 2012, 07:48:09 AM
 #185

Going from the computer names in paste linked, it looks like all the machines are running windows. So this could be the work of a script kiddie and the recent windows rdp exploit.

I thought the recent RDP exploit was a mere DDoS, and proof of concept was done ~wednesday, far after it became known ... It's not even been "weaponized" yet, so kinda hard for that exploit ...

http://PulsedMedia.com - Semidedicated rTorrent seedboxes
pieppiep
Sr. Member
****
Offline Offline

Activity: 402



View Profile
March 18, 2012, 07:51:04 AM
 #186

Going from the computer names in paste linked, it looks like all the machines are running windows. So this could be the work of a script kiddie and the recent windows rdp exploit.

I thought the recent RDP exploit was a mere DDoS, and proof of concept was done ~wednesday, far after it became known ... It's not even been "weaponized" yet, so kinda hard for that exploit ...
Well, you never know if it was found earlier and kept secret to build a strong big botnet.
PulsedMedia
Sr. Member
****
Offline Offline

Activity: 402


View Profile WWW
March 18, 2012, 08:29:17 AM
 #187

Going from the computer names in paste linked, it looks like all the machines are running windows. So this could be the work of a script kiddie and the recent windows rdp exploit.

I thought the recent RDP exploit was a mere DDoS, and proof of concept was done ~wednesday, far after it became known ... It's not even been "weaponized" yet, so kinda hard for that exploit ...
Well, you never know if it was found earlier and kept secret to build a strong big botnet.

Very much true, but still a denial of service exploit does not give full access ... So in this case it's not the case.

http://PulsedMedia.com - Semidedicated rTorrent seedboxes
pieppiep
Sr. Member
****
Offline Offline

Activity: 402



View Profile
March 18, 2012, 08:41:28 AM
 #188

Going from the computer names in paste linked, it looks like all the machines are running windows. So this could be the work of a script kiddie and the recent windows rdp exploit.

I thought the recent RDP exploit was a mere DDoS, and proof of concept was done ~wednesday, far after it became known ... It's not even been "weaponized" yet, so kinda hard for that exploit ...
Well, you never know if it was found earlier and kept secret to build a strong big botnet.

Very much true, but still a denial of service exploit does not give full access ... So in this case it's not the case.
http://technet.microsoft.com/en-us/security/bulletin/ms12-020
On this webpage it says "Vulnerabilities in Remote Desktop Could Allow Remote Code Execution"
PulsedMedia
Sr. Member
****
Offline Offline

Activity: 402


View Profile WWW
March 18, 2012, 08:43:58 AM
 #189

http://technet.microsoft.com/en-us/security/bulletin/ms12-020
On this webpage it says "Vulnerabilities in Remote Desktop Could Allow Remote Code Execution"

Ok, i think i recalled wrong :/

http://PulsedMedia.com - Semidedicated rTorrent seedboxes
Isokivi
Hero Member
*****
Offline Offline

Activity: 924


Items flashing here available at btctrinkets.com


View Profile WWW
March 18, 2012, 02:10:44 PM
 #190

I've been watching this thread for a while and today came up with a way to possibly confirm if this new miner indeed is a botnet, I e-mailed an active researcher in a major company dealing in antiviral/security-software, I have no way of knowing if the mail will ever be even read or responded to. However should I get a reply I will be reporting in.

Bitcoin trinkets now on my online store: btc trinkets.com <- Bitcoin Tiepins, cufflinks, lapel pins, keychains, card holders and challenge coins.
ArticMine
Legendary
*
Offline Offline

Activity: 1792


Monero Core Team


View Profile
March 18, 2012, 04:06:27 PM
 #191

This is what Im looking at:
http://bitcoin.sipa.be/speed-lin-2k.png

And obviously not the 8 hour avg green line, but the 3 day estimate. Though variability is high enough to  make firm conclusions impossible,  its not quite what youd expect if 1.3 TH joined the network out of the blue. There is no spike up, its flat or down best I can tell.

DrHaribo did have another hypothesis; rather than stealing blocks he suggested it might be possible for an attacker with a botnet to intercept a % of winning blocks of other pools to keep difficulty down. That would show up in stats eventually, but made me wonder why we arent using HTTPS on our miners to prevent such sabotage in the first place.

One possibility is Microsoft Windows malware that targets existing Bitcoin miners and steals a portion of their winning blocks. The impact would be.
It would affect all pools and solo miners running infected Microsoft Windows
No increase in over all network hashrate or difficulty
A significant drop in reward vs expected reward as shown for example by Bitminter https://bitminter.com/stats/rewards
Zero transaction blocks as a way of minimizing the risk of detection
Infected machines not mining Bitcoins can be used for other illegal activities

One way to test this is for the larger pool operators to test if miners using GNU / Linux are statistically "luckier" than those using Microsoft Windows.

Concerned that blockchain bloat will lead to centralization? Storing less than 4 GB of data once required the budget of a superpower and a warehouse full of punched cards. https://upload.wikimedia.org/wikipedia/commons/8/87/IBM_card_storage.NARA.jpg https://en.wikipedia.org/wiki/Punched_card
DeepBit
Donator
Hero Member
*
Offline Offline

Activity: 532


We have cookies


View Profile WWW
March 18, 2012, 04:11:48 PM
 #192

One possibility is Microsoft Windows malware that targets existing Bitcoin miners and steals a portion of their winning blocks. The impact would be.
It's impossible unless this malware also provides all those miners with work too.

Welcome to my bitcoin mining pool: https://deepbit.net ~ 3600 GH/s, Both payment schemes, instant payout, no invalid blocks !
Coming soon: ICBIT Trading platform
roomservice
Full Member
***
Offline Offline

Activity: 190



View Profile
March 18, 2012, 04:21:25 PM
 #193

You still wonder who this is? Ok, let me quote myself  Smiley

I bet this company here is testing one of their fpga/asic products: http://www.sevensols.com/

It's located in Granada, Spain. That's where the ip is from.

"Tonight's the night. And it's going to happen again, and again. It has to happen. Nice night."
molecular
Donator
Legendary
*
Offline Offline

Activity: 2128



View Profile
March 18, 2012, 04:21:39 PM
 #194

I bet this company here is testing one of their fpga/asic products: http://www.sevensols.com/

It's located in Granada, Spain. That's where the ip is from.

Hmm, Granada. Lots of sun. All the mountains around are full of windmills. Maybe someones making good use of surpluses from wind/solar?

EDIT: tried to read the thread, but it's too long. Is there consenus it was/is sevensols?

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
ArticMine
Legendary
*
Offline Offline

Activity: 1792


Monero Core Team


View Profile
March 18, 2012, 04:27:55 PM
 #195

One possibility is Microsoft Windows malware that targets existing Bitcoin miners and steals a portion of their winning blocks. The impact would be.
It's impossible unless this malware also provides all those miners with work too.

If the malware also provides work effectively stealing a portion of the hash rate it would still have the impact I mentioned. If would appear to the pool that it is taking longer to solve to block.

Concerned that blockchain bloat will lead to centralization? Storing less than 4 GB of data once required the budget of a superpower and a warehouse full of punched cards. https://upload.wikimedia.org/wikipedia/commons/8/87/IBM_card_storage.NARA.jpg https://en.wikipedia.org/wiki/Punched_card
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
March 18, 2012, 04:32:07 PM
 #196

One possibility is Microsoft Windows malware that targets existing Bitcoin miners and steals a portion of their winning blocks. The impact would be.
It's impossible unless this malware also provides all those miners with work too.

If the malware also provides work effectively stealing a portion of the hash rate it would still have the impact I mentioned.
Couldn't it just intercept golden nonces and discard them? That would cause bad luck, with the same/high hashrate.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Isokivi
Hero Member
*****
Offline Offline

Activity: 924


Items flashing here available at btctrinkets.com


View Profile WWW
March 18, 2012, 05:51:10 PM
 #197

I've been watching this thread for a while and today came up with a way to possibly confirm if this new miner indeed is a botnet, I e-mailed an active researcher in a major company dealing in antiviral/security-software, I have no way of knowing if the mail will ever be even read or responded to. However should I get a reply I will be reporting in.
I got a reply:
(translated to english) "We have seen a few bitcoin botnets... I'll check if any match the discription."

If it's a botnet then this could potentially mean trouble for it in long run  Grin


Bitcoin trinkets now on my online store: btc trinkets.com <- Bitcoin Tiepins, cufflinks, lapel pins, keychains, card holders and challenge coins.
deepceleron
Legendary
*
Offline Offline

Activity: 1470



View Profile WWW
March 18, 2012, 06:27:50 PM
 #198

One possibility is Microsoft Windows malware that targets existing Bitcoin miners and steals a portion of their winning blocks. The impact would be.
It's impossible unless this malware also provides all those miners with work too.

If the malware also provides work effectively stealing a portion of the hash rate it would still have the impact I mentioned.
Couldn't it just intercept golden nonces and discard them? That would cause bad luck, with the same/high hashrate.

When mining, you are doing a brute force hashing of everything that will go into a block. The merkle tree you are hashing includes the address that a block will pay out to if it is found, along with a "coinbase", which is per-worker information added by the pool to make a miner's work unique. You are also hashing all the transactions to be included in the block. Mystery miner's blocks have zero transactions, they are different than a normal pool's blocks.

Because of the pool-specific and worker-specific data included in a block, you cannot simply pick out certain hashes like one that solves a block and send them somewhere else, they would still pay to the original wallet's address as that information is embedded in what is being hashed. If the miners were getting altered work, they could not send it back to the original pool as the shares would be invalid, they would not be hashes of what the pool was requesting.

In order to steal work, the attacker would have to pWN the pool. If you can get into deepbit and silently get 10% of their block finds to pay to your wallet, that's better than just stealing their wallet once. As about half the pools here have been compromised at some point, we see that getting in is possible, but rootkitting and altering pool software to make a continuous undetectable diversion of mining rewards would be more difficult.

If it's a botnet then this could potentially mean trouble for it in long run  Grin
A yet-undetected botnet seems difficult to believe, it would be on the scale of Zeus2. I have seen no bitcoin bot alerts since Sept 2011 and those were naive trojans. CPU mining my Core 2 Quad (probably faster than the average internet-connected computer) gets 11mhash/s; to get into the 2000ghash/s the miner is likely doing, they would need 200,000 such fulltime botty machines. A CPU+GPU bot would need fewer, but I have a feeling that systems with GPUs running mining-capable drivers that can hash faster than their CPU are in the minority, if we were to survey all Internet-connected machines worldwide.

gusti
Legendary
*
Offline Offline

Activity: 1102


View Profile
March 18, 2012, 06:33:13 PM
 #199

Could this be a vulnerability, or backdoor introduced by any popular mining software programmer,
which might be stealing and redirecting a % of hashing power ?
(my apologies to all good faith programmers for the accusations pulled out of my ass)

If you don't own the private keys, you don't own the coins.
molecular
Donator
Legendary
*
Offline Offline

Activity: 2128



View Profile
March 18, 2012, 06:35:32 PM
 #200

watching

Goat, just click 'notify' instead of posting in the thread to 'watch' it

I just tried this and you must be joking, c_k: that sends emails! I don't want my inbox full of "topic reply: whatever"-messages. I want replies to show up behind the "Show new replies to your posts."-links. Any other way to achieve this than using "subscribe"-posts?

[goes to find out how to remove that notification crap]

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
Pages: « 1 2 3 4 5 6 7 8 9 [10] 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!