Technomage
Legendary
Offline
Activity: 2184
Merit: 1056
Affordable Physical Bitcoins - Denarium.com
|
|
March 19, 2012, 11:18:00 AM |
|
I think that Bitcoin devs should put this issue as a high priority. We can't simply wait and trust that this person knows that it's bad for his business if he starts doing this in a larger scale, we must find a way to make it unprofitable for any miner to not include any transactions. This requires significant changes to Bitcoin in my opinion and should be worked on as a priority.
|
Denarium closing sale discounts now up to 43%! Check out our products from here!
|
|
|
DeepBit
Donator
Hero Member
Offline
Activity: 532
Merit: 501
We have cookies
|
|
March 19, 2012, 11:21:45 AM |
|
we must find a way to make it unprofitable for any miner to not include any transactions. This requires significant changes to Bitcoin May be people just need to add fees to their TXes ? :)
|
Welcome to my bitcoin mining pool: https://deepbit.net ~ 3600 GH/s, Both payment schemes, instant payout, no invalid blocks ! Coming soon: ICBIT Trading platform
|
|
|
Technomage
Legendary
Offline
Activity: 2184
Merit: 1056
Affordable Physical Bitcoins - Denarium.com
|
|
March 19, 2012, 11:28:16 AM |
|
May be people just need to add fees to their TXes ? I don't know what this has to do with anything. The botnet-blocks do not have any transactions in them, ever, regardless of fees. You could add a fee of 1000 BTC and it wouldn't be included in those blocks. I always add a fee of 0.0005 personally because free transactions seem to get stuck more often these days.
|
Denarium closing sale discounts now up to 43%! Check out our products from here!
|
|
|
muyuu
Donator
Legendary
Offline
Activity: 980
Merit: 1000
|
|
March 19, 2012, 11:50:19 AM |
|
May be people just need to add fees to their TXes ? I don't know what this has to do with anything. The botnet-blocks do not have any transactions in them, ever, regardless of fees. You could add a fee of 1000 BTC and it wouldn't be included in those blocks. I always add a fee of 0.0005 personally because free transactions seem to get stuck more often these days. Well, it has to do with anything that mining "properly" (adding transactions) would be a lot more worthwhile compared to doing what this guy is doing.
|
GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D) forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
March 19, 2012, 12:53:16 PM |
|
Would it be possible for me to modify my bitcoind so that it would refuse to relay transactions blocks to a specified blacklist? That way, it is possible that he won't be notified of new blocks, and will start producing orphans. Same thing in reverse as well - refuse to relay his blocks, causing them to become orphan. Obviously, this would have to be more than just my nodes in order to be effective, but it is an idea that could be somewhat effective.
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
March 19, 2012, 12:56:04 PM |
|
Would it be possible for me to modify my bitcoind so that it would refuse to relay transactions blocks to a specified blacklist? That way, it is possible that he won't be notified of new blocks, and will start producing orphans. Same thing in reverse as well - refuse to relay his blocks, causing them to become orphan. Obviously, this would have to be more than just my nodes in order to be effective, but it is an idea that could be somewhat effective.
In theory yes but remember Bitcoin network is designed to be self healing. If the "blacklist" nodes share info with even a single node that also shares info with "mystery" then he will still receive all updates. Any mining pool (botnet or not) maintains thousands of connections to nodes to ensure timely updated and rapid broadcasting of new blocks.
|
|
|
|
Technomage
Legendary
Offline
Activity: 2184
Merit: 1056
Affordable Physical Bitcoins - Denarium.com
|
|
March 19, 2012, 01:04:07 PM |
|
Well, it has to do with anything that mining "properly" (adding transactions) would be a lot more worthwhile compared to doing what this guy is doing. That is true in most cases but it appears that for this guy this is not the case. I believe there is a reason why he's doing this and most likely the reason is that the way he has the mining set up minimizes traffic to and from the miners (infected PC's). There are a few ways this could make sense, not perhaps with the standard mining software but with a software of his own. If it truly was more worthwhile for him to add transactions, I believe he would be doing that. There are two possible reasons why he is not doing that. Either he can actually keep the miners less noticeable by doing this OR he is doing this with completely malicious intent, probably shorting BTC like hell at the same time. Neither option is good for the rest of us, we have a big problem here that requires immediate attention.
|
Denarium closing sale discounts now up to 43%! Check out our products from here!
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
March 19, 2012, 01:08:35 PM |
|
If it truly was more worthwhile for him to add transactions, I believe he would be doing that. There are two possible reasons why he is not doing that. Either he can actually keep the miners less noticeable by doing this OR he is doing this with completely malicious intent, probably shorting BTC like hell at the same time. Neither option is good for the rest of us, we have a big problem here that requires immediate attention.
OR transactions on average are only worth 0.3% more than empty blocks. It simply isn't worthwhile to include transactions. If you were an employer and offered employees $100K just to show up for work and they pay for performance for another $3K max such that the deadbeat who simply shows up and takes a nap gets $100K and the person who kills themselves with stress gets $103K you likely will end up with a lot of workers taking a nap.
|
|
|
|
pieppiep
|
|
March 19, 2012, 01:25:29 PM |
|
If it truly was more worthwhile for him to add transactions, I believe he would be doing that. There are two possible reasons why he is not doing that. Either he can actually keep the miners less noticeable by doing this OR he is doing this with completely malicious intent, probably shorting BTC like hell at the same time. Neither option is good for the rest of us, we have a big problem here that requires immediate attention.
OR transactions on average are only worth 0.3% more than empty blocks. It simply isn't worthwhile to include transactions. If you were an employer and offered employees $100K just to show up for work and they pay for performance for another $3K max such that the deadbeat who simply shows up and takes a nap gets $100K and the person who kills themselves with stress gets $103K you likely will end up with a lot of workers taking a nap. If he doesn't use a pool to get the work and if blocks with transactions give at average 0.3% more profit, totaling 100.3% of what he now gets, he can spend 600 - (600 / 1.003) = 1.795 seconds each 10 minutes on each client to include the transactions to break even. If it takes less than 1.795 seconds it's more profit. If he has a pool server you can divide this time by the number of clients connected to this pool if the pool also does mining. If the pool doesn't do mining there is no lost at all, only more profit.
|
|
|
|
Isokivi
|
|
March 19, 2012, 02:48:19 PM |
|
If it's a botnet Im fairly sure I will have confirmation of it within a few days, the "active researcher in a major company dealing in antiviral/security-software" I mentioned contacting a few pages back in this thread is actually prettymuch the "biggest star" in he's line of work: I got Mikko H. Hyppönen, the Chief Research Officer of F-Secure to look in to it. As soon as I have more I will be posting here.
|
Bitcoin trinkets now on my online store: btc trinkets.com <- Bitcoin Tiepins, cufflinks, lapel pins, keychains, card holders and challenge coins.
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
March 19, 2012, 02:55:14 PM |
|
If it's a botnet Im fairly sure I will have confirmation of it within a few days, the "active researcher in a major company dealing in antiviral/security-software" I mentioned contacting a few pages back in this thread is actually prettymuch the "biggest star" in he's line of work: I got Mikko H. Hyppönen, the Chief Research Officer of F-Secure to look in to it. As soon as I have more I will be posting here.
Even if you don't use or even like some of their software, they have an excellent if not the best team of researchers. The same applies to some other well-known vendors such as Symantec, who also have world-class teams.
|
|
|
|
kjj
Legendary
Offline
Activity: 1302
Merit: 1026
|
|
March 19, 2012, 03:18:11 PM |
|
To me, all of the evidence so far suggests that he is mining with custom software, and the control node is pushing the absolute bare minimum data out, just the hash of the block to be built upon.
If the mining nodes (bots?) were running full bitcoin clients, there would be no reason not to include transactions. If the nodes were running normal mining clients, there would be no reason not to include transactions.
By pushing out just the previous block's hash, the one thing needed to keep the clients current, the operator probably hoped to minimize traffic and reduce the chances of detection.
Has anyone portscanned the relay node? If the relay node is the same as the control node, which isn't a sure thing, it should be listening on a totally innocent port, like 53 or 80 or 110, but handing out the hash of the current highest block.
|
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8 I routinely ignore posters with paid advertising in their sigs. You should too.
|
|
|
wachtwoord
Legendary
Offline
Activity: 2338
Merit: 1136
|
|
March 19, 2012, 03:55:20 PM |
|
If it's a botnet Im fairly sure I will have confirmation of it within a few days, the "active researcher in a major company dealing in antiviral/security-software" I mentioned contacting a few pages back in this thread is actually prettymuch the "biggest star" in he's line of work: I got Mikko H. Hyppönen, the Chief Research Officer of F-Secure to look in to it. As soon as I have more I will be posting here.
lol nice going, F-Secure is a star in the business
|
|
|
|
Ferroh
Member
Offline
Activity: 111
Merit: 100
|
|
March 19, 2012, 04:27:39 PM |
|
This is the typical and IMO arrogant excuse that's been repeated like a dogma over and over. Close our eyes, have faith in Satoshi's bible and all will be well.
Oh well...
Doesn't take a genious to do the maths. If there is 500Th going on, even getting BFL Minirigs (15k $, ~20Ghash/s) at 10% price would require 375 000 000$ to make 50% ... Nevermind the ~3.1MW consumption ... The current network mining total is about 11.4 TH. http://blockchain.info/statsTo get 10% of the mining power you only need to spend $860k. We are currently at about 2.2% of the 500TH number you suggested.
|
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1003
|
|
March 19, 2012, 04:44:00 PM |
|
watching
Goat, just click 'notify' instead of posting in the thread to 'watch' it I just tried this and you must be joking, c_k: that sends emails! I don't want my inbox full of "topic reply: whatever"-messages. I want replies to show up behind the "Show new replies to your posts."-links. Any other way to achieve this than using "subscribe"-posts? [goes to find out how to remove that notification crap]Same here, I also don't want emails.. btw just click the "notify" one more time to disable the function.
|
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
dizzy1
|
|
March 19, 2012, 06:30:04 PM |
|
According to blockchain.info the ip has switched to 85.214.124.168. Which is registered to http://www.strato.de/server/, and looks to be hosted in Germany. The host looks to have no firewall, and has ssh on the default port. The abuse email is abuse-server@strato.de.
|
|
|
|
ShadesOfMarble
Donator
Hero Member
Offline
Activity: 543
Merit: 500
|
|
March 19, 2012, 09:00:06 PM |
|
So, did you send an email?
|
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
March 19, 2012, 09:05:36 PM |
|
So, did you send an email?
We have no concrete proof of any abuse, do we?
|
|
|
|
dizzy1
|
|
March 19, 2012, 09:32:26 PM |
|
So, did you send an email?
No, because as rjk said we have no proof. But if someone who can read German could go over the tos, they may have clauses against illegal activites or botnet operating. Or we could just email and say that we suspect the owner may be running a large botnet.
|
|
|
|
ShadesOfMarble
Donator
Hero Member
Offline
Activity: 543
Merit: 500
|
|
March 19, 2012, 10:00:30 PM |
|
http://www.strato.de/agb/ says no hosting of extremism, pornographic or "commercial erotic" content, you are not allowed to use the service for sending spam e-mails and you are not allowed to host: IRC Servers, Bots, Bouncer, Tor, JAP, Proxyserver, Streaming-Services, Download-Services, P2P-Filesharing
|
|
|
|
|