BitPay.com is online

[BitPay Business Solutions]

Posted on our blog

http://blog.bitpay.com/

Starting around 4:00 pm on Saturday September 15, bitpay.com came under a syn-flood denial-of-service attack.

At no time does it appear that any of bitpays servers or databases were ever compromised. All bitcoins and all funds are fully secure and accounted for.

Bitpay will deploy stronger protection against DDOS attacks, but we expect our service to be down for several days.  We apologize for this inconvenience.

Our site was back online for about 12 hours today. It worked great during the London Conference, then the attacker found a way to defeat our DDOS protection.  

I am still in Europe and Steve is also away.  We have taken the site offline until we can return home and properly deploy new servers.  Or until the attacker gives up and moves on.

[koin]

I am still in Europe and Steve is also away.

i would think a payment processing business with a thousand merchants relying on them would do better than allow the situation where not even one principal is available to keep the machines running.

[jfreak53]

How long do you think this will take? Are we talking tomorrow or days? As we count on your servers to process payments we are kind of dead in the water with bitcoins till then unless we pull out manual payments.

[Littleshop]

How long do you think this will take? Are we talking tomorrow or days? As we count on your servers to process payments we are kind of dead in the water with bitcoins till then unless we pull out manual payments.

That is the beauty of bitcoin.  Anyone who wants any of my product can message me here or through my store.  I can take your bitcoin myself and verify the payment. 

It is less convenient and I hope the attackers are know they are damaging bitcoin by making it appear less reliable.   

If Visa/MC is down, I can not take the payment myself without them.   

[Steve]

How long do you think this will take? Are we talking tomorrow or days? As we count on your servers to process payments we are kind of dead in the water with bitcoins till then unless we pull out manual payments.

This really depends on the attacker at this point…we'll keep trying to bring the site back online and improve our anti-DDOS capabilities as best we can…I expect he'll continue to attack.  There's really nothing else we can do.

[BitPay Business Solutions]

We have deployed some additional DDOS protection so https://bitpay.com is back online.  Not all merchants are able to get through the firewall just yet, but we are working with each one.

Email stephen@bitpay.com with any issues.  Steve cannot access PM on this forum so you will not get through unless you email him directly.

If the attacker steps  the attack the site may go down again without warning.

We will be deploying a much more robust system in a few weeks.  But this protection may hold us over until that can come online.

[caveden]

Didn't the attacker state his motives? Is it for money, or what?

[Steve]

Didn't the attacker state his motives? Is it for money, or what?

We cannot elaborate on any specific information like this.

[Steve]

Here are a couple additional things to note:
- bit-pay.com no longer bounces to bitpay.com (we'll re-enable it when I have more time)
- http://bitpay.com no longer redirects to https://bitpay.com (again, I'll re-enable when I have more time) …you have to go directly to https://bitpay.com

Also, one of the issues that this has created for us is that the old SSL client certificate based method of API authentication no longer works (due to the anti-DDOS proxying of connections).  We were planning to keep that method active until all merchants had a chance to migrate.  Unfortunately we've not yet had a chance to upgrade all shopping cart plugins to use the new API key based method of authentication.  If you're using one of our shopping carts and are unable to process a checkout, send me a private message.

[QuantumKiwi]

Im getting an invalid invoice error with my WHMCS api?

Regards,
Staff @ QuantumKiwi

[jfreak53]

I'm getting the same thing, have been all day. I think it's with the API, I emailed steve and still waiting for a response back.

[euchreplayer]

I too am getting an error when the customer is trying to checkout.  I am guessing the API has to be updated.  Steve could you please post/let us know when and how we should update our api.  I might have a really old one as it is directing me to bit-pay.com/checkout
Thanks

[jfreak53]

The redirect you can actually fix yourself in the php library file, under the curl class. I did this awhile ago as the updated WHMCS module wasn't on the site. But I have had this fix for awhile now and it is still giving me the invoice error. So it probably is the API as the original module is kind of old.

[jfreak53]

I have a question, is Bitpay still doing ACH transfers out on a daily basis? Or are these also suspended during the attack? As I have a lot of cash in there right now that need's to be transferred out at the end of the day :S

[malevolent]

Didn't the attacker state his motives? Is it for money, or what?

He asked for 1k BTC.

[BitPay Business Solutions]

I have a question, is Bitpay still doing ACH transfers out on a daily basis? Or are these also suspended during the attack? As I have a lot of cash in there right now that need's to be transferred out at the end of the day :S

ACH transfers are not interrupted.  All funds are fully accounted for and banks are just fine.

[lenny_]

Didn't the attacker state his motives? Is it for money, or what?

He asked for 1k BTC.

Any source?

[malevolent]

Didn't the attacker state his motives? Is it for money, or what?

He asked for 1k BTC.

Any source?

Got this but saw it elsewhere too where I can't remember now
http://bitcoinmagazine.net/walletbit-under-ddos-1000btc-demanded/

[lenny_]

It's about WalletBit (which is already back online), not about BitPay, mate.

[malevolent]

It's about WalletBit (which is already back online), not about BitPay, mate.

Sorry! I think I should go to sleep now 

But tbh I wouldn't be surprised if this was not the same person / group of people.

Especially given recent DDoS ''offers'' in the marketplace.