If they were dedicated to fixing the blockchain they would have more than one dev working on it Peter is the only one working on the problem. But now Gavin is focusing on his this payment protocol. We are in beta and he is adding more protocols to a beta, and the protocol is already broken. It requires a centralized CA. So if you can call bitcoin decentralized then go for it, but it isn't and I don't call it decentralized anymore when I explain it people. I call it p2p that is the correct term for it.

No a lot of services use a merchant tool setup, from like bitpay or coinbase.

Also anyone know what the foundation is going to do? They still have his site as a silver member.

So everyone you have an issue with your just going to temp ban and then permanent ban... If the person doesn't do anything that is illegal, why do you have to ban at all? It just shows you are not doing a good job in moderating if you just ban people. Let the community decided with the ignore button if they want someone to be ban someone from their view. It is funny how a forum about software that frees you so much, yet this is becoming like so strict to be here. I just can't wait until the day I come here and I have to pay to view the forum. I know it is coming, bitcoin foundation is bleeding into this forum.

Also I think if Matthew N. Wright is banned for scams, when is TF going to get the ban? Alright he is Theymos' buddy that is why.

This whole forum is a joke, if it wasn't for the 70K+ members and the deep pockets of some people I would have leave along time ago.

*facepalm* someone needs to read why the bitcoin-qt client needs the entire blockchain. This allows it to be trustless, that means it relies on nothing and can validate transactions and blocks. Electrum uses a 3rd party server, which if you connect to a cancer server, then you can be fooled to think you have bitcoins you really may not.

So I have seen a lot of people getting hacked left and right. I do feel sorry even thou I think people should be able to spot scams. I will be launching a bitcoin accepting site soon so security has been on my mind.

Disclaimer no site is 100% impossible to hack, your job as admin or programmer, is to make it very difficult, that at some point it becomes too much time for the hacker to spend or not enough rewards for the time spent hacking it.

1) So the first method is probably the best method. It is cold storage or offline funds. This is great for websites, that want to accept payments for a product / service / don't need to move funds around. One way to do this is to create addresses on an offline computer. For that you can use armory or vanitygen. Then what I like to do is have a php script that can read the csv file and import into a mysql table that will then correspond to an order, using table relationships. I also like to make a one way hash with a salt of each address while also using the mysql AES function. This way I have multiple lines of verification incase someone got my mysql login and decided to change the addresses in the table. This doesn't protect against a full compromise of server, but does protect your funds in that event. Now I also verify payments by using a bitcoind and having options txindex=1, blocknotify attached to a php script that checks the transactions of each block. Then using gettransaction you can check each output if they are a payment to any of your addresses then just marked it as paid.

2) My next method is using bitcoind to accept and send payments. My first rule is buy a good computer and keep it in your home, this should be for the bitcoind. I also would set it up with a server distro of linux with an IDS/good firewall. Bitcoind has accounts and that is great for keeping a "balance" of a user. That should be a backup system. Too many times have people have showed me using that as a backend. I always use it to compare and make sure mysql is update on balances or to detect an attack in progress. I also suggest building a proxy that can check withdraws against the balance of the bitcoind. I usually make 5 BTCs and greater a threshold so anything over that becomes a manual withdraw or a scale of 1/3 of the balance or greater. I usually have it email me that transaction and use the createrawtransaction api call.

3) My final method and one that I hardly talk about but probably going to be thing for more advance companies. Is the custom client or as I call it the read-only wallet. The great thing about bitcoin is that it is open source as you all know by this point, so many people have created libraries to interact with the network or using the bicoind source code and stripping out everything you didn't need. This made me think about writing my own client, in theory I was trying to keep all sending of payments within inside this application and only have one RPC call, which is getnewaddress. The pros about this situation is if someone did get into your server they wouldn't be able to connect to the client on another machine and send a false rpc connection to send the whole balance to their address. So the basic principles of this is that you have 3 machines. One is your frontend webserver, one is your mysql server, and the last would be this server that handles all your payments, by connecting to your mysql running a few queries to make sure everything is up and up. Then sending out your withdraw or an email if a few rules were broken. I can't talk to much about this but I have 3 of them deployed in different sites that I was hired to build and they are doing great. I think this is the future, bitcoind got us to this point but now we have to look on to future.


Just some tips for securing any linux server...

• Encrypt the swap and ram
• Encrypt the hard drive, it is a performance hit a little
• I use both fail2ban and denylist
• Custom IDS
• Application firewalls, but when you get the funds, do a hardware firewall

I welcome more people to join this thread with how they secure their sites, hopefully we can help more people. This doesn't protect from shady individuals or scams.

It looks like you fixed, but still change your bitcoind username and password and your mysql username and password those leaked out.

I went to register http://coinberg.com and got a funny redirect so I won't ruin the surprise but it was a nice laugh.

Yeah your framework is leaking you probably would like to change your bitcoind username and password and mysql database username and password.

No they have fees attached https://blockchain.info/address/1GLadosEkeAsLReqS3yQ51E1R3wVtbJCDF

What location?

How would he have stopped it? They got access to the wallet file copied it and setup their own bitcoind and sent the files, there is no way you can stop that attack. Other than writing your own bitcoind which 90% of the people here can't and probably don't want to do for the fear of breaking it. The moral of the story is don't use web wallets, people are too inexperienced for running that. I have had security training and I went to a top school for CS, I know how to handle these things like the big boys and I have amazing ideas for web wallets, but I will never make that moral decision to put the community at risk.

Who is the troll now! That is what you get for trusting a scammer

Armory makes it really easy to do this. I mean paper wallets can get crazy there are people that have special computers, some people even have special printers, me I just use an offline computer with armory to create it.

I actually use armory for my paper wallets, it so easy.

Everyone in this thread, look at bitcoin-qt and armory together the safes way to handle bitcoins on your computer. Otherwise the best way would be paper wallets, I have a lot of paper wallets.

1.5GB is not going to be enough, I am looking for something around 100GB+ I probably could make it work with 50GB. Also would your bandwidth be able to handle this?

This project is kinda far out in my timeline, but I am starting to work on it more and more. Hopefully more hosters will see this thread and weight in.

@goat business opportunity. We start a web wallet, give it 3 months when the balance is about ~$5-10million or more. I can do a better job, I make sure the server catches fire, the datacenter's fire system will happen to be off that day for testing . NO backups we pay 30% to people and buy a ferrari and island. Lets do it. Cause all these people are still wanting inputs to come back.

Highly unlikely but anything is possible!

LMAO WOW You can't be this stupid and in bitcoins, it isn't possible... REALLY Just isn't possible, he clearly took the $1 million dollars, cashed it out on gox and is now playing on your situation to make you feel like he didn't do it. Some of the smartest people in the community agree with me, so yeah I am going to watch my wealth in my local wallet now You go watch it... oh that is right someone took yours sorry...