Bitcoin Forum
December 04, 2016, 02:09:57 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 [13] 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 »
  Print  
Author Topic: Wonder who this solominer is? 88.6.216.9  (Read 55329 times)
Syke
Legendary
*
Offline Offline

Activity: 2086


View Profile
March 19, 2012, 10:55:51 PM
 #241

According to blockchain.info the ip has switched to 85.214.124.168. Which is registered to http://www.strato.de/server/, and looks to be hosted in Germany. The host looks to have no firewall, and has ssh on the default port. The abuse email is abuse-server@strato.de.

If this is indeed a botnet, then 85.214.124.168 is just going to be an infected C&C node. While it's definitely a good idea to notify the server owner, shutting that node down isn't going to stop the botnet.

Buy & Hold
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480817397
Hero Member
*
Offline Offline

Posts: 1480817397

View Profile Personal Message (Offline)

Ignore
1480817397
Reply with quote  #2

1480817397
Report to moderator
1480817397
Hero Member
*
Offline Offline

Posts: 1480817397

View Profile Personal Message (Offline)

Ignore
1480817397
Reply with quote  #2

1480817397
Report to moderator
1480817397
Hero Member
*
Offline Offline

Posts: 1480817397

View Profile Personal Message (Offline)

Ignore
1480817397
Reply with quote  #2

1480817397
Report to moderator
CA Coins
Donator
Sr. Member
*
Offline Offline

Activity: 306


View Profile
March 19, 2012, 11:19:19 PM
 #242

If this is a botnet, what contingency plans/options do we have?  I am sure if it is, it won't be the last.  Should we count on the anti-virus companies, or any other people, to stop the botnets for us?

I think the largest botnet so far discovered is on the order of 1 to 4 x10^5.  1x10^5 infected machines x 10Mhash/s =  1Th.  And there are estimated >1e9 PCs in the world?
Technomage
Legendary
*
Offline Offline

Activity: 1610


Affordable Physical Bitcoins - Denarium.com


View Profile WWW
March 19, 2012, 11:27:53 PM
 #243

I don't think that botnets in themselves are a problem for Bitcoin. It's unlikely that they're malicious, they are doing that because it's more profitable than doing something else. I'm bothered by the fact that this particular botnet is mining without adding any transactions, which is one of the main productive properties of mining. That botnet is in effect simply leeching off Bitcoin. That I don't like.

Denarium - Leading Physical Bitcoin Manufacturer - Special Xmas deals now live!
dizzy1
Full Member
***
Offline Offline

Activity: 134


View Profile
March 20, 2012, 01:28:54 AM
 #244

well either way it looks like that server that was hosting the bitcoind has been shut off. Seeing as it hasn't made any blocks in the last 2h50m. But its worrying that no block has been made it in the last 30m. (According to blockchain.info)
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
March 20, 2012, 01:35:00 AM
 #245

well either way it looks like that server that was hosting the bitcoind has been shut off. Seeing as it hasn't made any blocks in the last 2h50m. But its worrying that no block has been made it in the last 30m. (According to blockchain.info)
Even 1thash pools have bad luck. Don't rule it out just yet.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
amazingrando
Hero Member
*****
Offline Offline

Activity: 546



View Profile
March 20, 2012, 02:04:57 AM
 #246

Been watching this issue, but the thread is a bit tl;dr

If you mine without transactions, how much do you calculate someone is saving?

Another question that may have already been asked elsewhere is if it is possible to focus exclusively on transactions.  If mining rewards are going to keep halving, and transactions become the focus should people be thinking (maybe not anytime soon) converting from mining to transaction processing as a way to make money?

Bitbond - 105% PPS mining bond - mining payouts without buying hardware
wiretapped
Newbie
*
Offline Offline

Activity: 9



View Profile
March 20, 2012, 05:00:03 AM
 #247

Two other IPs have relayed new empty blocks (and have not relayed non-empty blocks) in recent days, including another two in a row yesterday:

http://blockchain.info/block-height/171806 (relayed by 188.127.227.12)
http://blockchain.info/block-height/171807 (relayed by 213.171.43.151)

Here are blockchain.info's lists of transactions first relayed by each of the four IPs I've seen relaying new empty blocks recently:
http://blockchain.info/ip-address/88.6.216.9 (29 empty blocks between March 3 and March 7)
http://blockchain.info/ip-address/85.214.124.168 (74 empty blocks between March 15 and March 19)
http://blockchain.info/ip-address/213.171.43.151 (9 empty blocks between March 14 and March 19)
http://blockchain.info/ip-address/188.127.227.12 (6 empty blocks between March 16 and March 19)

All of these IPs have also relayed other transactions, which leads me to this theory: Perhaps these IPs are just regular bitcoin nodes, and are not related to the empty-block miner at all? They could just be relaying transactions and blocks for everyone, and the empty-block miner is merely choosing for some reason to always relay their work through this small set of nodes.

It would be easy enough to test this theory (or confirm its negative it, at least) by trying to relay some transactions through them, but I haven't done that. I did however confirm that two of them (85.214.124.168 and 213.171.43.151) are currently listening on the default bitcoin port (8333).

Also, to repeat my earlier question, could there be any significance to the out-of-order timestamps in blocks 171759 and 171760 other than indicating that the empty-block miner's nodes don't have synchronized clocks?
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
March 20, 2012, 05:20:50 AM
 #248

Also, to repeat my earlier question, could there be any significance to the out-of-order timestamps in blocks 171759 and 171760 other than indicating that the empty-block miner's nodes don't have synchronized clocks?

If it were an ordinary pool, it would indicate that there were too pools.

In my opinion, this is pretty strong evidence of a botnet that distributes only the bare minimum information to each node, which then creates the next block by itself.

You can't really include transactions in the blocks without having more or less the full block chain available, which takes up a lot of drive space and RAM, which would make the bot much easier to detect.  By handing out only the latest block's hash, the system is as close to stateless as it can be.  Each zombie just needs that, and then it can create the rest alone.

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
wiretapped
Newbie
*
Offline Offline

Activity: 9



View Profile
March 20, 2012, 05:33:24 AM
 #249

And, 3 of the 5 empty blocks so far today have come from these two new IPs:

http://blockchain.info/ip-address/95.172.9.82 (2 empty blocks today)
http://blockchain.info/ip-address/85.127.161.5 (1 empty block today, 1 on March 14, and 1 non-empty block on March 13)

The other two came from the Deepbit mining pool, which also mined some empty blocks yesterday.
wiretapped
Newbie
*
Offline Offline

Activity: 9



View Profile
March 20, 2012, 05:48:11 AM
 #250

Also, to repeat my earlier question, could there be any significance to the out-of-order timestamps in blocks 171759 and 171760 other than indicating that the empty-block miner's nodes don't have synchronized clocks?

If it were an ordinary pool, it would indicate that there were too pools.

Why? Is there any reason pool members should be expected to have well-synchronized clocks?

FWIW, these two blocks just recently mined by Deepbit also have out-of-order timestamps:
http://blockchain.info/block-height/171974
http://blockchain.info/block-height/171975

as do lots of other blocks, I'm now realizing.
DeepBit
Donator
Hero Member
*
Offline Offline

Activity: 532


We have cookies


View Profile WWW
March 20, 2012, 07:06:39 AM
 #251

FWIW, these two blocks just recently mined by Deepbit also have out-of-order timestamps:
http://blockchain.info/block-height/171974
http://blockchain.info/block-height/171975
171974 was not mined by me.

http://blockorigin.pfoe.be/

Welcome to my bitcoin mining pool: https://deepbit.net ~ 3600 GH/s, Both payment schemes, instant payout, no invalid blocks !
Coming soon: ICBIT Trading platform
pieppiep
Sr. Member
****
Offline Offline

Activity: 402



View Profile
March 20, 2012, 07:59:49 AM
 #252

You can't really include transactions in the blocks without having more or less the full block chain available, which takes up a lot of drive space and RAM, which would make the bot much easier to detect.  By handing out only the latest block's hash, the system is as close to stateless as it can be.  Each zombie just needs that, and then it can create the rest alone.
I didn't think of that.
So the calculation I did, about 1.7 seconds time each 10 minutes for break even profit for including transactions, is probably to little time for each client to do by itself.
So even if the 'waste' of diskspace wouldn't matter it would be profit loss for a client that does including transaction itself.
Getting more and more interesting in this thread Smiley
ram1
Newbie
*
Offline Offline

Activity: 16



View Profile
March 20, 2012, 08:25:12 AM
 #253

I noticed the mystery miner's blocks coinbase values follow a consistent format... a constant 4 byte field of '87320b1a' followed by a 3 byte field in which the last byte is either unchanged or increments (usually by 1) from one block to the next.  Prior to the samples documented below, I saw the last byte of the 3 byte field counting from x'10' through x'20' (skipping x'1c').

I don't know the significance of the 4 byte value of '87320b1a', but I noticed it is commonly found in the coin base of many blocks besides the mystery blocks.  The 3 byte coinbase field is possibly unique to the mystery miner.

Sample 3 byte mystery miner coinbase fields and block numbers:

931f21  171886
accc21  171900
bc1922  171908
411f22  171910
a32422  171911
[at this point the counter reset to 00 apparently]
1a8400  171931
489700  171936
93a300  171938
280302  171964
e42102  171967
5d2802  171968
4f4502  171971     
wiretapped
Newbie
*
Offline Offline

Activity: 9



View Profile
March 20, 2012, 09:22:17 AM
 #254

FWIW, these two blocks just recently mined by Deepbit also have out-of-order timestamps:
http://blockchain.info/block-height/171974
http://blockchain.info/block-height/171975
171974 was not mined by me.

http://blockorigin.pfoe.be/

Yet blockchain.info claims it was! Interesting. Do they just attribute blocks by the IP address that first relayed it to them?
DeepBit
Donator
Hero Member
*
Offline Offline

Activity: 532


We have cookies


View Profile WWW
March 20, 2012, 09:39:27 AM
 #255

FWIW, these two blocks just recently mined by Deepbit also have out-of-order timestamps:
http://blockchain.info/block-height/171974
http://blockchain.info/block-height/171975
171974 was not mined by me.

http://blockorigin.pfoe.be/
Yet blockchain.info claims it was! Interesting. Do they just attribute blocks by the IP address that first relayed it to them?
Yes. It's unreliable method.

Welcome to my bitcoin mining pool: https://deepbit.net ~ 3600 GH/s, Both payment schemes, instant payout, no invalid blocks !
Coming soon: ICBIT Trading platform
jamesg
VIP
Legendary
*
Offline Offline

Activity: 1330


AKA: gigavps


View Profile
March 20, 2012, 11:56:23 AM
 #256

I think the bigger question here is how is our new MM cashing out?

To cash out $90k a month on mtgox.com is multiple steps in verifying your identification.
spiccioli
Legendary
*
Offline Offline

Activity: 1376

nec sine labore


View Profile
March 20, 2012, 12:14:03 PM
 #257

I think the bigger question here is how is our new MM cashing out?

To cash out $90k a month on mtgox.com is multiple steps in verifying your identification.

Next step could be asking mtgox if they're receiving BTC from the blocks mined by MM...

spiccioli
conspirosphere.tk
Legendary
*
Offline Offline

Activity: 1862


Revolution will be decentralized


View Profile WWW
March 20, 2012, 12:16:22 PM
 #258

I think the bigger question here is how is our new MM cashing out?
To cash out $90k a month on mtgox.com is multiple steps in verifying your identification.

Yes. Just when BTC price was recovering nicely you get this huge vertical drop. Either the botter cashed out, or ppl are catching up with this story.
Anyway I would not have ordered a 5830 yesterday if I had read this before. This is bad bot for miners and BTC, since someone can get it for free stealing, and that is not exactly what inspire the trust of the market. If some antivirus company will not save us soon, I fear that we are freaking doomed.

BadBear
v2.0
Administrator
Legendary
*
Offline Offline

Activity: 1652



View Profile WWW
March 20, 2012, 12:16:57 PM
 #259


Next step could be asking mtgox if they're receiving BTC from the blocks mined by MM...

spiccioli

Is that really a road we want to go down?

1Kz25jm6pjNTaz8bFezEYUeBYfEtpjuKRG | PGP: B5797C4F

Tired of annoying signature ads? Ad block for signatures
jamesg
VIP
Legendary
*
Offline Offline

Activity: 1330


AKA: gigavps


View Profile
March 20, 2012, 12:21:08 PM
 #260

Yes. Just when BTC price was recovering nicely you get this huge vertical drop. Either the botter cashed out, or ppl are catching up with this story.
Anyway I would not have ordered a 5830 yesterday if I had read this before. This is bad bot for miners and BTC, since someone can get it for free stealing, and that is not exactly what inspire the trust of the market. If some antivirus company will not save us soon, I fear that we are freaking doomed.

This is a bit over dramatic.

It is much more profitable for MM to play the mining game than it is for him to destroy the network. Your fears are unfounded because of simple human nature and greed.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 [13] 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!