On the upside, ModoBot caught the caught the upswing in price for me.
Topic: ModoBot.com open enrollment (Read 2154 times)
Really meant to get back to this a long time ago - my apologies. Thank you for the bug report, and thank you for the suggestions.
On the upside, ModoBot caught the caught the upswing in price for me.
On the upside, ModoBot caught the caught the upswing in price for me.
Also, when the info is put into the form, there is no immediate indication that there is anything going on. i would expect more of a save and then a run button, versus the fill it in and it catches up with you system. Just a couple things, checking it out more now.
Really? Could you PM me the link so I can investigate? As far as I know it works, as people have been validating their accounts.
The link that came was more of a relative link to your Apache config or something. I simply snipped off the first portion and added it to the end of your URL, but there will be some that never get past this point.
Really? Could you PM me the link so I can investigate? As far as I know it works, as people have been validating their accounts.
I am currently testing the suite. Just a couple things that I noticed that might make a new client either confused or simply not continue. These are not to be negative, just observations. The cnfirmation email that I received did not have the correct link in it.
I think its more good to do trade manually than using bot because its more risky because we dont know that tool also bot are risky to use when you dont know what bot doing in your account..
As per request, updated to allow ability to switch between USD and Euro.
The bot is fully functional in the 'unpaid' version, if you want to check out that part of it.
Thank you for the feedback.
The bot is not for sale - the site will be a subscription based site, with a bot and reminders, completely web based. My audience are those that want to trade, but do not want to buy, or know how to set up, their own.
The 'Fake' credit card information is what is required by Stripe in order to use the test payment gateway. https://stripe.com/docs/testing. To fully activate the bot, it needs an email, and a paid 'subscription'. To mimic the paid subscription, there needs to be fictitious credit card information that Stripe recognizes. Stripe records a 'transaction', and lets the bot know that the 'transaction' was successful. This allows me to verify that the payment and logging system is working as it should, and that the bot is doing what it is supposed to do with that information. Have you an alternative suggestion? I suppose I could just fake it in the back end when a user signs up. Do you think that would work better?
I will be adding new coins, and I will be adding new sites. The structure is actually in place for multiple bots per person. All I ever trade is Bitcoin, so I don't even know what the popular alt-coin or exchange for said coin is at this point. I imagine if I asked 10 different people, I would get 10 different responses.
Sounds impressive.Yes I am the one among those who doesn't want to buy a bot and prefer online service that you are offering.I would wait to see if anyone has actually made any profit using your bot before i use it.I understand there's no guarantee to success but it should not be totally a failure all the time The bot is not for sale - the site will be a subscription based site, with a bot and reminders, completely web based. My audience are those that want to trade, but do not want to buy, or know how to set up, their own.
The 'Fake' credit card information is what is required by Stripe in order to use the test payment gateway. https://stripe.com/docs/testing. To fully activate the bot, it needs an email, and a paid 'subscription'. To mimic the paid subscription, there needs to be fictitious credit card information that Stripe recognizes. Stripe records a 'transaction', and lets the bot know that the 'transaction' was successful. This allows me to verify that the payment and logging system is working as it should, and that the bot is doing what it is supposed to do with that information. Have you an alternative suggestion? I suppose I could just fake it in the back end when a user signs up. Do you think that would work better?
I will be adding new coins, and I will be adding new sites. The structure is actually in place for multiple bots per person. All I ever trade is Bitcoin, so I don't even know what the popular alt-coin or exchange for said coin is at this point. I imagine if I asked 10 different people, I would get 10 different responses.
Bitstamp has been good to us - did you see that it is their 5th anniversary?
https://www.bitstamp.net/account/fifth-anniversary-quiz/
https://www.bitstamp.net/account/fifth-anniversary-quiz/
@zenitzz - I hope you read my earlier response. There are never any guarantees of profitability when it comes to trading, and anyone that claims otherwise should be avoided. Any evidence presented that claims fairness or profitability can be easily faked, and should be heavily scrutinized. You are correct that bots do not guarantee profitability. Claiming nonsense is a bit strong though without actually knowing the capabilities (or lack of capabilities) of the bot. Trading bots are tools that can be misused or misunderstood, like using pliers to pound a nail. It can be done, but don't blame someone else when the nails go in crooked.
Some people think bots will automatically going create profits without any sort of interaction, and that is indeed nonsense. My hammer cannot pound the nail by itself, and I shouldn't complain of a faulty hammer when it cannot. If I paid hundreds of dollars for a bot and I was under the misguided impression that it would automatically generate profits, I would complain too.
Modobot does not have a sophisticated trading strategy. In fact, it doesn't really have any trading strategy. If you want to sell BTC at $700, Modobot will sell at $700, send a notification email, and then stop until further instructions from the operator.
@squatz1 - I would love to receive a review from a hero member also. API keys are valuable indeed, because a compromised set of API keys could lead to your money being stolen.
Here is how ModoBot protects those keys:
During open enrollment, you do not have to provide your API keys to test ModoBot. It has a sandbox mode that starts with a fictitious 5BTC and $500USD, and can be reset at any time. The notifications will work.
Some people think bots will automatically going create profits without any sort of interaction, and that is indeed nonsense. My hammer cannot pound the nail by itself, and I shouldn't complain of a faulty hammer when it cannot. If I paid hundreds of dollars for a bot and I was under the misguided impression that it would automatically generate profits, I would complain too.
Modobot does not have a sophisticated trading strategy. In fact, it doesn't really have any trading strategy. If you want to sell BTC at $700, Modobot will sell at $700, send a notification email, and then stop until further instructions from the operator.
@squatz1 - I would love to receive a review from a hero member also.
API keys are valuable indeed, because a compromised set of API keys could lead to your money being stolen. Here is how ModoBot protects those keys:
- The first line of protection is you. When you generate your API keys at BitStamp, one can set permissions for that key. The only permissions the bot needs is to buy and sell - the bot does not know how to move funds. If your API key is set correctly, ModoBot cannot move your funds, even if it did know how to.
- API keys are encrypted in the database. The site or database would need to be compromised for an attacker to get the data.
- In the case of a database compromise, the API keys are still encrypted (as are your password, and other important data).
- If the site is compromised, and the attacker is able to decode the APIs, they still would not be able to take your money because the API key has no permissions to do so. - No credit card information is stored on the site. Stripe is the payment processor, and as such, handles everything. Modobot stores a unique user id provided by Stripe, and a subscription number, also provided by stripe. The Stripe Id and subscription number are used to later cancel a subscription when the user wants to cancel.
- There is no wallet - cold or otherwise - for an attacker to go after, thus completely removing a reason for the site to be attacked anyway.
During open enrollment, you do not have to provide your API keys to test ModoBot. It has a sandbox mode that starts with a fictitious 5BTC and $500USD, and can be reset at any time. The notifications will work.
With you service like free trading bot, would that guarantee that we can profit in trading? If you can answer me with a positive answer maybe I would try your service as I am interested in making money.
Certainly not, all just nonsense. using bots to trade will only make you crumble in the end. many people has complain by using bot, will be better you perform manual trading. 
Would like to see a review from a Hero member or something on this service as I don't think everyone would want to go ahead and trust the bot with their valuable API's
I'll be watching this topic for future posts.
I'll be watching this topic for future posts.
Please do not use a real credit card. The payment processor will reject the payment (because it is in testing mode), and then the bot gets confused.
A test credit card number is already provided. Please use that to 'pay' for activation.
Thanks
A test credit card number is already provided. Please use that to 'pay' for activation.
Thanks
Thank you for the feedback.
The bot is not for sale - the site will be a subscription based site, with a bot and reminders, completely web based. My audience are those that want to trade, but do not want to buy, or know how to set up, their own.
The 'Fake' credit card information is what is required by Stripe in order to use the test payment gateway. https://stripe.com/docs/testing. To fully activate the bot, it needs an email, and a paid 'subscription'. To mimic the paid subscription, there needs to be fictitious credit card information that Stripe recognizes. Stripe records a 'transaction', and lets the bot know that the 'transaction' was successful. This allows me to verify that the payment and logging system is working as it should, and that the bot is doing what it is supposed to do with that information. Have you an alternative suggestion? I suppose I could just fake it in the back end when a user signs up. Do you think that would work better?
I will be adding new coins, and I will be adding new sites. The structure is actually in place for multiple bots per person. All I ever trade is Bitcoin, so I don't even know what the popular alt-coin or exchange for said coin is at this point. I imagine if I asked 10 different people, I would get 10 different responses.
The bot is not for sale - the site will be a subscription based site, with a bot and reminders, completely web based. My audience are those that want to trade, but do not want to buy, or know how to set up, their own.
The 'Fake' credit card information is what is required by Stripe in order to use the test payment gateway. https://stripe.com/docs/testing. To fully activate the bot, it needs an email, and a paid 'subscription'. To mimic the paid subscription, there needs to be fictitious credit card information that Stripe recognizes. Stripe records a 'transaction', and lets the bot know that the 'transaction' was successful. This allows me to verify that the payment and logging system is working as it should, and that the bot is doing what it is supposed to do with that information. Have you an alternative suggestion? I suppose I could just fake it in the back end when a user signs up. Do you think that would work better?
I will be adding new coins, and I will be adding new sites. The structure is actually in place for multiple bots per person. All I ever trade is Bitcoin, so I don't even know what the popular alt-coin or exchange for said coin is at this point. I imagine if I asked 10 different people, I would get 10 different responses.
Is this trading between usd and btc in bitstamp only or will you be adding new websites and new coins.
There is CAT doing trade between all altcoins and bitcoin and they make a killing by selling it, I suggest since you are good at programming enough to do this you should look at altcoin trading bot as well, that might bring in more customers and definitely will look more appealing for many of us. Specially if you sell it cheaper.
Also the fake credit card thing is an off for many people, try to remove that as well if you can.
There is CAT doing trade between all altcoins and bitcoin and they make a killing by selling it, I suggest since you are good at programming enough to do this you should look at altcoin trading bot as well, that might bring in more customers and definitely will look more appealing for many of us. Specially if you sell it cheaper.
Also the fake credit card thing is an off for many people, try to remove that as well if you can.
After an extensive and thorough examination of records, we can say with 100% confidence that ModoBot was completely unaffected by the Bitfinex hack. 
Since Modobot uses Bitstamp:
Bitstamp's take on the Bitfinex incident
https://www.bitstamp.net/article/our-take-bitfinex-incident/
Bitstamp's take on the Bitfinex incident
https://www.bitstamp.net/article/our-take-bitfinex-incident/
Holy cow... I went away for a few days, and this blew up a little bit. I didn't receive email notifications. 
Let me try to answer questions as best I can:
- There are never any guarantees of profitability when it comes to trading, and anyone that claims otherwise should be avoided. Any evidence presented that claims fairness or profitability can be easily faked, and should be heavily scrutinized.
- Regarding APIs, this is correct, and you should be skeptical. Modobot needs two keys from Bitstamp in order to conduct automated trading, however, Bitstamp has a very nice permissions system, so one can set up their Bitstamp account to ONLY allow buys and sells. Modobot has no need for permissions to transfer Bitcoin, so the worst an attacker can do is sell everything, or spend all of your cash. However, since there is no actual way to transfer funds, Modobot cannot do anything else, and does not even request a wallet address.
What you should be more concerned about is how the data is secured, and what measures have been taken to prevent compromise. Here is how I do it:
- Passwords are hashed in the database.
- Users are identified by an encrypted token.
- Users are cross-identified by a server token.
- Bitstamp credentials are encrypted in the database.
- Hashing uses a salt and multiple passes to create authentication tokens.
- Credit card info is handled by Stripe, and the only thing saved by Modobot is a subscriber id, and a stripe id, which you need to do to be able to track user accounts and record keeping.
I have been programming long enough to know that it would be foolish to ever think that Modobot is immune to attack. If the attacker somehow got into the database, and somehow figured out the encryption, and was able to get your Bitstamp credentials, they still wouldn't be able to transfer any money because there are no permissions. Unless the user expressly allows it, which they shouldn't, and that is how it is written in the documentation. At most, someone may use those tokens to attempt to social engineer Bitstamp. It is also a possibility that 10 minutes after I post this, someone will figure out how to break the site.
- Regarding malicious content - unless you are a developer, you have no way to know if anything is going on in the background of any website. And programs need authentication tokens all of the time, like every time one uses Facebook or Google to log into a website. Many 3rd party JavaScript libraries make use of authentication tokens, and those can often be found in plain text in the source code. If I may refer you to the point above, it is how that data is handled, and what measures have been taken to mitigate damage in the event of a breach. Moving the payment processing to Stripe removes any need for Modobot to handle any funds at all. As a consumer, one would be checking the credit card statements for fraudulent charges.
*********
Modobot has been going for a couple of years now, and it does what I want it to do, which is conduct simple trading, notify me of transactions, and notify me when a price point is reached. It does exactly that. There is no sophisticated trading strategy, because then I wouldn't be smart enough to know how to use it.
If I can find 10 or 20 paying subscribers, I can cover my hosting fees, and it provide motivation to make some things look a little better. As has been noted here, there are a lot of trust issues that need to be worked out, and it doesn't help that I abandoned the account I was originally posting from. So my solution is to open up registration and see what happens. You don't need credit card info of any kind. The order form is filled in with bogus test data, and although Stripe will process the data as an actual request, all of the data is fake.
Some people might want a simple bot, some people might want a price notification service - I certainly don't expect anyone to do unlimited trading, but I also feel there is no reason to artificially limit it either. I have about $50 worth of BTC that has been in there since this spring and was up to $64 at one point, but I credit that to watching the market, and picking a price point. Also, the uptick in price made a difference also.
At any rate, one can do the signup stuff, use the price point notification feature, test the bot, and never import your Bitstamp credentials at all.
I appreciate the opportunity to answer questions.
Let me try to answer questions as best I can:
- There are never any guarantees of profitability when it comes to trading, and anyone that claims otherwise should be avoided. Any evidence presented that claims fairness or profitability can be easily faked, and should be heavily scrutinized.
- Regarding APIs, this is correct, and you should be skeptical. Modobot needs two keys from Bitstamp in order to conduct automated trading, however, Bitstamp has a very nice permissions system, so one can set up their Bitstamp account to ONLY allow buys and sells. Modobot has no need for permissions to transfer Bitcoin, so the worst an attacker can do is sell everything, or spend all of your cash. However, since there is no actual way to transfer funds, Modobot cannot do anything else, and does not even request a wallet address.
What you should be more concerned about is how the data is secured, and what measures have been taken to prevent compromise. Here is how I do it:
- Passwords are hashed in the database.
- Users are identified by an encrypted token.
- Users are cross-identified by a server token.
- Bitstamp credentials are encrypted in the database.
- Hashing uses a salt and multiple passes to create authentication tokens.
- Credit card info is handled by Stripe, and the only thing saved by Modobot is a subscriber id, and a stripe id, which you need to do to be able to track user accounts and record keeping.
I have been programming long enough to know that it would be foolish to ever think that Modobot is immune to attack. If the attacker somehow got into the database, and somehow figured out the encryption, and was able to get your Bitstamp credentials, they still wouldn't be able to transfer any money because there are no permissions. Unless the user expressly allows it, which they shouldn't, and that is how it is written in the documentation. At most, someone may use those tokens to attempt to social engineer Bitstamp. It is also a possibility that 10 minutes after I post this, someone will figure out how to break the site.
- Regarding malicious content - unless you are a developer, you have no way to know if anything is going on in the background of any website. And programs need authentication tokens all of the time, like every time one uses Facebook or Google to log into a website. Many 3rd party JavaScript libraries make use of authentication tokens, and those can often be found in plain text in the source code. If I may refer you to the point above, it is how that data is handled, and what measures have been taken to mitigate damage in the event of a breach. Moving the payment processing to Stripe removes any need for Modobot to handle any funds at all. As a consumer, one would be checking the credit card statements for fraudulent charges.
*********
Modobot has been going for a couple of years now, and it does what I want it to do, which is conduct simple trading, notify me of transactions, and notify me when a price point is reached. It does exactly that. There is no sophisticated trading strategy, because then I wouldn't be smart enough to know how to use it.
If I can find 10 or 20 paying subscribers, I can cover my hosting fees, and it provide motivation to make some things look a little better. As has been noted here, there are a lot of trust issues that need to be worked out, and it doesn't help that I abandoned the account I was originally posting from. So my solution is to open up registration and see what happens. You don't need credit card info of any kind. The order form is filled in with bogus test data, and although Stripe will process the data as an actual request, all of the data is fake.
Some people might want a simple bot, some people might want a price notification service - I certainly don't expect anyone to do unlimited trading, but I also feel there is no reason to artificially limit it either. I have about $50 worth of BTC that has been in there since this spring and was up to $64 at one point, but I credit that to watching the market, and picking a price point. Also, the uptick in price made a difference also.
At any rate, one can do the signup stuff, use the price point notification feature, test the bot, and never import your Bitstamp credentials at all.
I appreciate the opportunity to answer questions.
How will know if this bot is "free" of any malicious content and safe to use it?
Of course any kind of "program" asking API...its something like FORBITTEN flag to use it,imho...
Of course any kind of "program" asking API...its something like FORBITTEN flag to use it,imho...
Jump to: