Blockchain.info - Bitcoin Block explorer & Currency Statistics - page 58.

Timbo925

sr. member

Activity: 352

Merit: 250

Quote from: whiskers75 on April 21, 2013, 06:04:56 AM

Put a warning up about enabling 2 factor auth - I lost 1.2 BTC due to a "It would take a desktop PC about 175 years to crack your password" password. (http://howsecureismypassword.net)

Dont test your password at these kind of sites. Just plain stupid to enter it somewhere online to test the strengt ...

whiskers75

hero member

Activity: 658

Merit: 502

Doesn't use these forums that often.

Put a warning up about enabling 2 factor auth - I lost 1.2 BTC due to a "It would take a desktop PC about 175 years to crack your password" password. (http://howsecureismypassword.net)

Stephen Gornick

legendary

Activity: 2506

Merit: 1010

I'm wondering why Blockchain.info is having trouble with this transaction:

- https://blockchain.info/tx/d3887aa543417c6934e7831407d017ec15b4b288a23cdd2977505a6ea1aff739

When I enabled "Advanced" I click on the (Spent), which is the URL:
- https://blockchain.info/tx-index/66120873

but am given the response: "Transaction not found"

But here is that transaction:
- https://blockchain.info/tx/440a659b8298dcc0ac336e1c245472f6bcc48a90d978a746241c74b4368ae92e

So is this just an indexing error somewhere?

ingrownpocket

legendary

Activity: 952

Merit: 1000

Quote from: giantdragon on April 19, 2013, 11:33:55 PM

Quote from: dooglus on April 19, 2013, 11:00:22 PM

Quote from: ingrownpocket on April 19, 2013, 04:48:57 PM

The secret works if you use PHP to get the address and then print it on the page.

Do you have some example code to show what you mean?

A working example:

Code:

$callback = urlencode("http://example.com/deposit.php?username={$_SESSION['username']}&secret={$depositSecret}");
$url = "https://blockchain.info/api/receive?method=create&address={$depositAddress}&shared=false&callback={$callback}";

$response = @file_get_contents($url);
$json = json_decode($response, true);

if(($json === false) || (is_null($json)) || (!isset($json['input_address'])))
	//error
else
	redirect("page.php?address={$json['input_address']}");

Yes, that.

paraipan

legendary

Activity: 924

Merit: 1004

Firstbits: 1pirata

Don't know if bug or PEBCAK issue here, PM sent anyways.

elgreco

full member

Activity: 147

Merit: 100

Any idea when the satoshidice send option will work again?

BitPirate

full member

Activity: 238

Merit: 100

RMBTB.com: The secure BTC:CNY exchange. 0% fee!

Hi,

The JSON-RPC API is again giving me "lock timeout exceeded, try restarting transaction" on all requests.

Looks like a MySQL error -- I guess you're missing a rollback() or commit() somewhere...

giantdragon

legendary

Activity: 1582

Merit: 1002

Quote from: dooglus on April 19, 2013, 11:00:22 PM

Quote from: ingrownpocket on April 19, 2013, 04:48:57 PM

The secret works if you use PHP to get the address and then print it on the page.

Do you have some example code to show what you mean?

A working example:

Code:

$callback = urlencode("http://example.com/deposit.php?username={$_SESSION['username']}&secret={$depositSecret}");
$url = "https://blockchain.info/api/receive?method=create&address={$depositAddress}&shared=false&callback={$callback}";

$response = @file_get_contents($url);
$json = json_decode($response, true);

if(($json === false) || (is_null($json)) || (!isset($json['input_address'])))
	//error
else
	redirect("page.php?address={$json['input_address']}");

dooglus

legendary

Activity: 2940

Merit: 1333

Quote from: ingrownpocket on April 19, 2013, 04:48:57 PM

The secret works if you use PHP to get the address and then print it on the page.

Interesting.

Do you have some example code to show what you mean?

Is this instead of using the javascript buttons that blockchain.info provide, or some modification to their code?

internationalaw

member

Activity: 78

Merit: 10

Community Manager at Letstalkbitcoin.com

Hey @piuk, could you comment on how long it takes to get your 2 factor authentication reset? I've been locked out for over a week now and I've already submitted a form. I have some things I need to do with my BTC.

ingrownpocket

legendary

Activity: 952

Merit: 1000

Quote from: dooglus on April 19, 2013, 03:11:24 PM

I've seen advice recently both in this thread and on twitter that instead of validating callback requests using the IP address (since it keeps changing) I should include a per-user secret in the callback URL.

The problem with this is the callback URL appears in the source-code of the page presented to the user, so it won't stay secret for long.

http://blockchain.info/api/api_receive says:

Quote

Where you would like the pay now button to appear include the following code

Code:

     data-address="1A8JiWcwvpY7tAopUkSnGuEYHmzGYfZPiq"
     data-callback="https://mydomain.com/callback_url">

I assume you're suggesting putting the 'secret' in the data-callback attribute? But then the user just views the HTML source and sees the secret, and can then fake their own callback visit.

And like others have said, callbacks seem to be currently broken anyway. Clicking the demo 'javascript buttons' on http://blockchain.info/api/api_receive tells me:

"Error Http Notifications Are Currently Disabled"

The secret works if you use PHP to get the address and then print it on the page.

dooglus

legendary

Activity: 2940

Merit: 1333

I've seen advice recently both in this thread and on twitter that instead of validating callback requests using the IP address (since it keeps changing) I should include a per-user secret in the callback URL.

The problem with this is the callback URL appears in the source-code of the page presented to the user, so it won't stay secret for long.

http://blockchain.info/api/api_receive says:

Quote

Where you would like the pay now button to appear include the following code

Code:

     data-address="1A8JiWcwvpY7tAopUkSnGuEYHmzGYfZPiq"
     data-callback="https://mydomain.com/callback_url">

I assume you're suggesting putting the 'secret' in the data-callback attribute? But then the user just views the HTML source and sees the secret, and can then fake their own callback visit.

And like others have said, callbacks seem to be currently broken anyway. Clicking the demo 'javascript buttons' on http://blockchain.info/api/api_receive tells me:

"Error Http Notifications Are Currently Disabled"

ingrownpocket

legendary

Activity: 952

Merit: 1000

Quote from: glitch003 on April 19, 2013, 12:12:16 PM

Hey piuk, when I try to use the payment API I get this error: "Error Http Notifications Are Currently Disabled". Just curious, how long until they're enabled?

Thanks!

Quote from: giantdragon on April 19, 2013, 12:15:40 PM

Receive payments API don't work, I am getting an error: "Error Http Notifications Are Currently Disabled".

Confirmed.

giantdragon

legendary

Activity: 1582

Merit: 1002

Receive payments API don't work, I am getting an error: "Error Http Notifications Are Currently Disabled".

glitch003

full member

Activity: 219

Merit: 101

Hey piuk, when I try to use the payment API I get this error: "Error Http Notifications Are Currently Disabled". Just curious, how long until they're enabled?

Thanks!

organofcorti

donator

Activity: 2058

Merit: 1007

Poor impulse control.

Quote from: JordanL on April 18, 2013, 07:35:30 PM

Quote from: ErebusBat on April 18, 2013, 04:49:38 PM

Quote from: JordanL on April 18, 2013, 02:43:55 PM

To those who have lost coins from blockchain.info accounts; are you certain that you didn't enter your identifier and password into a phishing site? I saw an extremely sophisticated on many months ago, on a typo domain. I suspect that accounts for more lost coins than any actual hacking.

Yet another reason to use lastpass

Or a yubikey, which is my preferred method.

Or a yubikey with lastpass.

ErebusBat

hero member

Activity: 560

Merit: 500

I am the one who knocks

Quote from: JordanL on April 18, 2013, 07:35:30 PM

Quote from: ErebusBat on April 18, 2013, 04:49:38 PM

Quote from: JordanL on April 18, 2013, 02:43:55 PM

To those who have lost coins from blockchain.info accounts; are you certain that you didn't enter your identifier and password into a phishing site? I saw an extremely sophisticated on many months ago, on a typo domain. I suspect that accounts for more lost coins than any actual hacking.

Yet another reason to use lastpass

Or a yubikey, which is my preferred method.

Actually I was referring to the fact that lasts as remembers the URL for me, so typos are non existent.

centove

full member

Activity: 194

Merit: 100

Is this a part of the recovery as well but:

http://markets.blockchain.info/

Oops! Google Chrome could not connect to markets.blockchain.info

Something get lost in the shuffle?

JordanL

donator

Activity: 294

Merit: 250

Quote from: ErebusBat on April 18, 2013, 04:49:38 PM

Quote from: JordanL on April 18, 2013, 02:43:55 PM

To those who have lost coins from blockchain.info accounts; are you certain that you didn't enter your identifier and password into a phishing site? I saw an extremely sophisticated on many months ago, on a typo domain. I suspect that accounts for more lost coins than any actual hacking.

Yet another reason to use lastpass

Or a yubikey, which is my preferred method.

justusranvier

legendary

Activity: 1400

Merit: 1013

Quote from: ErebusBat on April 18, 2013, 04:49:38 PM

Quote from: JordanL on April 18, 2013, 02:43:55 PM

To those who have lost coins from blockchain.info accounts; are you certain that you didn't enter your identifier and password into a phishing site? I saw an extremely sophisticated on many months ago, on a typo domain. I suspect that accounts for more lost coins than any actual hacking.

Yet another reason to use lastpass

Exactly

Topic: Blockchain.info - Bitcoin Block explorer & Currency Statistics - page 58. (Read 482537 times)