How did you setup your server to send a text when there is an SSH login? I'd like that for a couple of my servers.
The simplest way would be to add a command to your .bashrc on that account. It could also likely be done with a PAM module but I haven't researched if there is a specific one available. There is one to send OTP via SMS using PAM. Google "SMS PAM".
Topic: Blockchain.info - Bitcoin Block explorer & Currency Statistics - page 149. (Read 482400 times)
Excellent to see that there is now a way to check the javascript.
In light of the recent hackings (I'm sure i've said this before 
) I just want to add some clarity on security.
1) My Wallet is not vulnerable to hackings in the same way that happened to bitcoinica and slush. If the server root was compromised the attackers would not be able to empty any wallets as they are only stored encrypted.
2) What the attacker may be able to do is change the javascript files to intercept password overtime and then decrypt the wallets. This would only effect people who logged in during this time, but is weak point none the less.
I have made a small java app to help counter this:
https://github.com/zootreeves/My-Wallet-Integrity-Checker
Compiling from source is recommended but you can download here:
https://github.com/downloads/zootreeves/My-Wallet-Integrity-Checker/applet.jar
When you enter your wallet identifier it will download your My Wallet page and check:
a) The DOM for any inline javascript.
b) For any unrecognised external javascript file
c) Prompt for the user to review any inline javascript
d) Verify all local javascript files match those at https://github.com/zootreeves/blockchain.info
I have a cron job on my local machine to run this script regularly and alert me of any anomalies.
also note:
- It is recommended you enable double encryption which would keep your wallet safe if you only logged in to check your balance.
- Enabling two factor authentication protects from keyloggers on your own PC (and/or use the onscreen virtual keyboard to type in your second password).
- I receive SMS alerts on SSH login or when the tomcat context reloads (which is needed to alter any js).
) I just want to add some clarity on security.1) My Wallet is not vulnerable to hackings in the same way that happened to bitcoinica and slush. If the server root was compromised the attackers would not be able to empty any wallets as they are only stored encrypted.
2) What the attacker may be able to do is change the javascript files to intercept password overtime and then decrypt the wallets. This would only effect people who logged in during this time, but is weak point none the less.
I have made a small java app to help counter this:
https://github.com/zootreeves/My-Wallet-Integrity-Checker
Compiling from source is recommended but you can download here:
https://github.com/downloads/zootreeves/My-Wallet-Integrity-Checker/applet.jar
When you enter your wallet identifier it will download your My Wallet page and check:
a) The DOM for any inline javascript.
b) For any unrecognised external javascript file
c) Prompt for the user to review any inline javascript
d) Verify all local javascript files match those at https://github.com/zootreeves/blockchain.info
I have a cron job on my local machine to run this script regularly and alert me of any anomalies.
also note:
- It is recommended you enable double encryption which would keep your wallet safe if you only logged in to check your balance.
- Enabling two factor authentication protects from keyloggers on your own PC (and/or use the onscreen virtual keyboard to type in your second password).
- I receive SMS alerts on SSH login or when the tomcat context reloads (which is needed to alter any js).
February 29, 2012, 04:20:49 PM
Ok sure I have found the issue now. I checked the relay logs and it looks like the transaction is trying to spend a coinbase output from a P2Pool block which was orphaned. This a rare occurrence, but was bound to happen sooner or later.
That did it, thanks. 
February 29, 2012, 11:30:28 AM
It still keeps saying that the transaction was submitted, but nothing happens and nothing shows up in my transactions.
Ok sure I have found the issue now. I checked the relay logs and it looks like the transaction is trying to spend a coinbase output from a P2Pool block which was orphaned. This a rare occurrence, but was bound to happen sooner or later.
1) All orphaned blocks will now be properly marked e.g. 167283 (Available in json output as well)
2) All transactions which are not confirmed in the main chain will now be marked e.g. bc636ffa6089797c0acf4f8f864285c200790b496dc3551a6b8d9d5bbaa1b2bb
3) If two competing blocks are found at the same height all transactions in both blocks will be marked as unconfirmed until the split is resolved.
Now stop finding bugs, I've got other stuff to work on
Chris Moore kindly made a python script to decrypt My Wallet backups offline. I'm positing it here to archive:
Code:
#!/usr/bin/python
import base64, hashlib, hmac, json, sys
from Crypto.Cipher import AES
def prompt(p):
sys.stdout.write(p + ": ")
return sys.stdin.readline()[:-1]
def decrypt(encrypted, password):
encrypted = base64.b64decode(encrypted)
iv = encrypted[:16]
encrypted = encrypted[16:]
length = len(encrypted)
encrypted += ' ' * (15 - (length-1)%16)
hash = (hmac.new(password, iv + "\x00\x00\x00\x01", hashlib.sha1).digest() +
hmac.new(password, iv + "\x00\x00\x00\x02", hashlib.sha1).digest())[:32]
clear = AES.new(hash, AES.MODE_OFB, iv).decrypt(encrypted)[:length]
return clear
clear = decrypt(prompt("encrypted wallet"), prompt("password"))
obj = json.loads(clear)
if (obj.has_key('double_encryption')):
print("wallet uses double encryption")
password = obj['sharedKey'].encode('ascii') + prompt("2nd password")
for key in obj['keys']:
key['priv'] = decrypt(key['priv'], password)
print(json.dumps(obj, indent=4, sort_keys = True))
February 28, 2012, 11:59:37 PM
I couldnt send until the recent fix by piuk, just include 0.0005 fee in your transfer and it works.
It still keeps saying that the transaction was submitted, but nothing happens and nothing shows up in my transactions. February 28, 2012, 09:48:25 PM
I couldnt send until the recent fix by piuk, just include 0.0005 fee in your transfer and it works.
February 28, 2012, 08:16:36 PM
Still not working.
February 28, 2012, 07:08:44 PM
Nope, still not working.
Ok this time I'm sure I've got it. If you could try again that would be cracking.
February 28, 2012, 01:35:00 PM
Nope, still not working.
February 28, 2012, 06:03:42 AM
I'm using Chrome, but I tried it in Firefox with the same result. It has about 70 inputs and 2 outputs. No errors that I can see.
I think I know what i might be. The max http packet size was set to 8KB, so any transactions larger than that would probably fail.
I've increased it to 16KB now, if you are able to try again that would be great.
February 28, 2012, 05:18:26 AM
Is it in the transaction list then disappearing after a few hours? If so then It is likely to due to incorrect miners fees, try including a 0.005 BTC fee.
No, it's not showing up and I tried including the fee.If it is never showing in the transaction list at all: What browser are you using? How many inputs and outputs does the transaction have? Are there any errors in the javascript error console?
I'm using Chrome, but I tried it in Firefox with the same result. It has about 70 inputs and 2 outputs. No errors that I can see. February 28, 2012, 05:08:56 AM
I've been having problems sending coins out of my wallet. It says the transaction is submitted, but several hours later, it's not showing up in my transaction list. Yesterday I was having a similar problem, but it said that I didn't have the correct fees even though I included the miner fee.
Is it in the transaction list then disappearing after a few hours? If so then It is likely to due to incorrect miners fees, try including a 0.005 BTC fee.
If it is never showing in the transaction list at all: What browser are you using? How many inputs and outputs does the transaction have? Are there any errors in the javascript error console?
February 27, 2012, 09:11:31 PM
I've been having problems sending coins out of my wallet. It says the transaction is submitted, but several hours later, it's not showing up in my transaction list. Yesterday I was having a similar problem, but it said that I didn't have the correct fees even though I included the miner fee.
February 26, 2012, 07:29:46 AM
It's like a never ending hamster wheel that keeps getting steeper somehow, then you trip and start spinning around the wheel with your face plastered to the metal bars wondering how the hell you got in this mess in the first place.
Nice metaphor
---
Site fully back online now. It's a shame some data was lost on orphaned blocks and ip addresses, but I don't really have the will to try and recover it at the moment.
As I said before all fees are now removed from My Wallet. ALWAYS keep a backup of your keys then it is not a single point of failure if the Site goes offline.
Thank you to coretechs for donating.
February 25, 2012, 11:53:52 PM
Take a break man... I know how tiring it is. It's like a never ending hamster wheel that keeps getting steeper somehow, then you trip and start spinning around the wheel with your face plastered to the metal bars wondering how the hell you got in this mess in the first place.
Not that I speak from experience.
Your site is kick ass though, you did/do a spectacular job.
Not that I speak from experience.
Your site is kick ass though, you did/do a spectacular job.
February 25, 2012, 10:41:18 PM
FYI, there is a problem with outgoing transactions related to your removal of the fee. The error message is: "Transaction does not include the correct fees"
February 25, 2012, 04:12:29 PM
All transaction fees have been removed from My Wallet, the service is now completely free. I am taking a bit of a break from development but will be adding advertisements to payment notifications at some point in future.
I would buy you a beer if i could.
February 25, 2012, 03:49:38 PM
Your work on this system has been epic - you certainly deserve a break.
All transaction fees have been removed from My Wallet, the service is now completely free. I am taking a bit of a break from development but will be adding advertisements to payment notifications at some point in future.
I like this idea. Thank you. February 25, 2012, 03:20:21 PM
I know the feeling 
I support you in either way, you're doing a great job.
I support you in either way, you're doing a great job.Thanks.
Wipe it, start clean, and don't worry about it. You're providing a voluntary service, not a paid one, so no one has the right to complain, and a clean, perfectly working system is better than a messy patched up one.
Yes at least now at least now I can be sure the blockchain is completely consistent.
I'm able to log into my wallet now, but it shows 0.00 BTC. I had some 8 or so. Will I get them back or are they lost forever?
Wallet data is absolutely fine, it is the blockchain that is screwed up. When it's finished syncing your balance will be correctly displayed again. ETA about 2-3 hours.
All transaction fees have been removed from My Wallet, the service is now completely free. I am taking a bit of a break from development but will be adding advertisements to payment notifications at some point in future.
Jump to: