Under Attack Again
-
[quote name=“wesphily” post=“22130” timestamp=“1374188599”]
[quote author=990fox link=topic=2847.msg22123#msg22123 date=1374185761]
Being new to mining I really freaked out when I awoke to see all the orphan blocks. After a lot of reading I have to say I am more confident in FTC Than before. This attack makes me want to contribute to the community more than ever.
[/quote]Thank you for your support. I can assure you that the only thing this attack has done is sped up the development of our new security features. Bush is working as hard as he can so we should see the results soon.
Thank you all for your patience.
[/quote]Awesome news. Thanks for all you guys are doing. :)
-
[quote]I’m a little confused. My pool network hashrate says near 2.9gh where as the site says the network hashrate is near 500mh.[/quote]
d2(your pool I know) takes 30 blocks here is 60. As the attacker stop the time on the chain for >11h the 60 block here takes the 60 blocks/13h at diff 74 to calculate the hash rate. The reality it’s 60/2h. More then 30 blocks have been found since the end of the attack (the retarget block) d2 is calculating a correct value. The stat page here is now ok also as we are now over the 60 block since retarget. -
[quote name=“groll” post=“22138” timestamp=“1374190231”]
[quote]I’m a little confused. My pool network hashrate says near 2.9gh where as the site says the network hashrate is near 500mh.[/quote]
d2(your pool I know) takes 30 blocks here is 60. As the attacker stop the time on the chain for >11h the 60 block here takes the 60 blocks/13h at diff 74 to calculate the hash rate. The reality it’s 60/2h. More then 30 blocks have been found since the end of the attack (the retarget block) d2 is calculating a correct value. The stat page here is now ok also as we are now over the 60 block since retarget.
[/quote]i appreciate the response. I noticed the correction then the post.
-
[quote name=“jeremiel” post=“22068” timestamp=“1374174439”]
Tallking with mullick on cryptsy chat I got this in regards to it’s pull from the market…mullick: @jeremiel: In fact looking through our conversation He said the system auto suspended the market.
Which means there is an internal rule within cryptsy to get something delisted. Either the attacker tripped it or something happening within the ftc network tripped it.
[/quote]Sorry I couldn’t respond earlier. It’s been a busy day. I am only a chat moderator at cryptsy but have contact with vern in case of any issues.
That post was in response to a concern a member had. He was concerned vern had not made an announcement as to why FTC trading had been suspended.
Vern notified me that something odd was going on with FTC. He had received several notifications for deposit reversals… He stated the system had detected it and suspended all trading for the FTC/BTC pair.
This implied to me that vern was not currently at the server but his security measures had done their job.
I did not want to cause panic. So i kept the information quite at first until I was able to confirmed. I investigated the blockchain and saw the evidence in blocks 51801 and 51802. I was then linked to this topic. At this time I felt confident to inform the users of what was happening. Further investigation by myself found more evidence listed in the OP
I will encourage vern to reply here. I will update you when I have more information
But yes the security measures are a result of the recent spree of attacks on extremely low hashrate blockchains. I do not believe the attacks are related due to the fact that all others were below 10Mh at the time. Any bored miner with a decent hashrate could have been responsible. But to pull of something of this magnitude is quite a challenge.
But that is just speculation.
-
look at the time of block 52178 compare to other 2h diff in the future, this the max allowed. he is testing all the limit he test the median on his last long fork as he had kept blocks and change the time just over those 6 block 51833-51836 inclusively.I’m a bit surprise he can do with 6 as median would be the 6th one of the 11. i need to check that code correctly as the specification don’t fit. (edit: ok he found 51835 with the low time so 5 blocks each side as expected and means is his block with changed time so he can continue use low time)
attacker actual address is 6kStRVT25dG9sRPvGoHZ4izHA6qKJ4E1R9
let me guess: will use to retarget lower at retarget time(i see other used, but will not disclose except to dev team as I don’t want to give idea)
I see that when at low diff the attacker mines with the network(this address mine legitimately since retarget), when diff goes up he disapear(possibly mining other coin) or attack us. he seems to have sometimes more then 2.5Gh/s but most of the time a lot less). from the last low diff when he still had more then 50% with network at 5.x Gh/s. at that time his address was 6wyj1e7A8E4VpEqAHje3bNREQASpLVeNqA. he found 28 block between 51206 and 51249 (28/43) stats page sow at some point 6Gh/s around that time, but few blocks later when I found this and check back was at 5.2Gh/s.
-
at 52236: network is time DOS for 2 hours a head for means of the last 11 blocks, so attacker has control unless he generate less then 6 block per 2 hours or everyone change time to 2 hours ahead.
the attacker was able to generate 6 blocks 2 hour ahead in 11 blocks so no block with current time enter the chain, only blocks ahead of current time can enter.
-
[quote name=“groll” post=“22167” timestamp=“1374210374”]
at 52236: network is time DOS for 2 hours a head for means of the last 11 blocks, so attacker has control unless he generate less then 6 block per 2 hours or everyone change time to 2 hours ahead.the attacker was able to generate 6 blocks 2 hour ahead in 11 blocks so no block with current time enter the chain, only blocks ahead of current time can enter.
[/quote]Explains a lot. Been mining on D2’s pool and just noticed every share over the past 130 minutes has been a reject…
-
[quote name=“raptorak” post=“22169” timestamp=“1374215103”]
[quote author=groll link=topic=2847.msg22167#msg22167 date=1374210374]
at 52236: network is time DOS for 2 hours a head for means of the last 11 blocks, so attacker has control unless he generate less then 6 block per 2 hours or everyone change time to 2 hours ahead.the attacker was able to generate 6 blocks 2 hour ahead in 11 blocks so no block with current time enter the chain, only blocks ahead of current time can enter.
[/quote]Explains a lot. Been mining on D2’s pool and just noticed every share over the past 130 minutes has been a reject…
[/quote]You still having the issues?
What needs to be done to fix?
-
jamestown on the trollbox was a former miner and believer in Feathercoin. He is now lost to us because of the “5th attack” again a few hours ago. He is saying that he is about to dump a lot of Feathercoin on to the BTC-e exchange and this makes me sad.
If he was just a troll I wouldn’t care but he seems smart and heart broken. That was another attack after the one yesterday?
-
What doesn’t kill us makes us stronger :).
I believe in our dev’s that they will come with a clever solution!
-
I will continue mining feathercoin forever. No matter even after 100000000th attack. For me it is this awesome community that makes me continue my belief in feathercoin. Whatever you want to do now, keep your dev team and we will support you.
-
[quote name=“groll” post=“22167” timestamp=“1374210374”]
at 52236: network is time DOS for 2 hours a head for means of the last 11 blocks, so attacker has control unless he generate less then 6 block per 2 hours or everyone change time to 2 hours ahead.the attacker was able to generate 6 blocks 2 hour ahead in 11 blocks so no block with current time enter the chain, only blocks ahead of current time can enter.
[/quote]He has started it at [url=http://explorer.feathercoin.com/block/65a157fcbd2a941fb9245fea365a25acebd0db80ebaa43204d89d840bf92b165]#52229[/url]. GetMedianTimePast() uses 11 previous blocks to calculate the median time stamp, and AcceptBlock() rejects any new blocks with time stamps lower than calculated. So, once he set up a chain of blocks which shifted GetMedianTimePast() way ahead into the future, no valid blocks with actual time are accepted by the network. I have expected a trick like that.
We need to reduce the future time allowance between blocks. Why 2 hours if our block target is 2.5 minutes? We had ~1 hour between blocks only when trapped at very high difficulty before #33000, but that’s not going to happen again, so 1 hour limit is more than enough.
[code] // Check timestamp
if (GetBlockTime() > GetAdjustedTime() + 2 * 60 * 60)
return error(“CheckBlock() : block timestamp too far in the future”);[/code]It’s worth to increase nMedianTimeSpan, too.
-
This comes from Bitcoin as 6 block every 10 minutes so 1 hour of block. this require 51% to sustain as 50% of the block represent 50% of the window. this is different in FTC with 2.5 minutes
2 things: make it the other sustains it
The first seems nearly ok you need >50% of the block to do so. a 40% with luck can do. but should be short live if not sustained.
to sustain you should need >50% of the block at current diff so for 2.5 it’s not 6 but 24 so median should be calculated on 49 blocks not 11. reducing the window to 6X2.5 can also be a solution, this will lead to some block rejected for time diff but 15 minutes seems ok. I don’t have time to check this exactly but i think GetAdjustedTime() is current time adjusted by the network time adjustement message. if it’s the case the adlustment should be lower then this to prevent DOS on time. (gettime() + adjust maxed at 35 *60)
note: dayligth saving times should not change anything as it’s UTC so this should have no impact. This was the reason in old time we puts 2h window in time validation of transaction in banking. even so 1-2 blocks would be rejected that is less problematic then what we currently have.
so my correction proposal is to replace the 2 * 60 * 60 by 15*60.
p.s. sorry for the attack posting with just some info not complete when the attack occur. I was going to bed when I see it so posted it in haste.
-
[quote name=“chrisj” post=“22189” timestamp=“1374223625”]
jamestown on the trollbox was a former miner and believer in Feathercoin. He is now lost to us because of the “5th attack” again a few hours ago. He is saying that he is about to dump a lot of Feathercoin on to the BTC-e exchange and this makes me sad.If he was just a troll I wouldn’t care but he seems smart and heart broken. That was another attack after the one yesterday?
[/quote]I understand his frustration. With that being said, he could pull up coinchoose, close his eyes, point to any coin and it will be more likely to compromise. We’re attacked because of the status of the coin. [b]We hate to lose people[/b], we’re doing everything we can to resolve it . This isn’t something that was put on the back burner… it’s not a simple solution and we’ll need to be the first Scrypt coin to implement one.
-
[quote name=“Justabitoftime” post=“22227” timestamp=“1374243731”]
[quote author=chrisj link=topic=2847.msg22189#msg22189 date=1374223625]
jamestown on the trollbox was a former miner and believer in Feathercoin. He is now lost to us because of the “5th attack” again a few hours ago. He is saying that he is about to dump a lot of Feathercoin on to the BTC-e exchange and this makes me sad.If he was just a troll I wouldn’t care but he seems smart and heart broken. That was another attack after the one yesterday?
[/quote]Current Network Speed 842,750,247 KHash/s (60 block avg.)!
I understand his frustration. With that being said, he could pull up coinchoose, close his eyes, point to any coin and it will be more likely to compromise. We’re attacked because of the status of the coin. [b]We hate to lose people[/b], we’re doing everything we can to resolve it . This isn’t something that was put on the back burner… it’s not a simple solution and we’ll need to be the first Scrypt coin to implement one.
[/quote] -
Obviously something isn’t being reported correctly on the stats page, I notified Bush.
-
block explorer is showing low difficulty and blocks being generated within seconds of each other. even if the stats page isn’t reporting correctly, the block explorer should be and what it is showing is truly disturbing.
-
I wish i knew what was going on?
Hope it can be fixed ;D
-
Also noticed, that the timestamps of the latest blocks are not in normal order.
If you start at the current block and move backward, the creation times of previous blocks are later than those of following blocks
Example:
Block 52514 timestamp 1374248324 (2013-07-19 15:38:44)
Block 52515 timestamp 1374248320 (2013-07-19 15:38:40)Strange…
-
I’m afraid we have to act quickly. Either with advanced checkpointing or something else. People start to panic.