BitPay.com is online

[jfreak53]

I just was able to get on the site and download the most recent whmcs module but no go, its still the old version. I emailed steve a while ago but no response yet, i know he's busy but if the merchants could at least use their sites. I sent in my servers ips under the hope that they would be allowed access maybe. A response or status report would be nice. I mean you have 1000 merchants just to be offline like this completely.

[euchreplayer]

Well now my password is not working and the password reset page is not working. Anybody got any updates on this?

[QuantumKiwi]

So back to the point, how do we get our API's working properly again???

I wouldn't mind accepting peoples payments for services and get some bills paid

[jfreak53]

I wouldn't mind it either, my previous idea had reference, but nobody wants to respond from the company not even by email. Give them the server IPs and let them ok those IPs.

We have resorted to making our own automated BTC payment system, we're almost done with it for WHMCS. Though we offer many other form's of payments most people don't like paying with CC from the BTC community. So instead of loosing clientele we have resorted to making our own, if it work's look's like bitpay has lost their first customer over this. Sorry guys but no communication is not good news.

[BitPay Business Solutions]

The DDOS protection we setup is breaking the client SSL certificate used in our API and all of the shopping cart plugins.  However, it is blocking the attack and our site is reachable now.

We have recently added API keys as an easier authentication method for the API.  The API keys are passing through the firewalls just fine.

if you are using our API, then please update your authentication method to replace the client SSL with the API key.  instructions can be found here:

https://bitpay.com/downloads/bitpayApi.pdf

if you are using one of our cart plugins like Magento, WHMCS, opencart, or zen cart, we need to update all of these plugins to use the new auth method.  If you are a programmer, you can update the plugin yourself using the instructions in the above link.

We are still under attack (for the 4th day in a row) so things are extremely busy right now.  We will update the plugins as soon as we get time.

[osoverflow]

Bitpay is down right now. You should use global distributed servers to prevent DDoS.

[BitPay Business Solutions]

Bitpay is down right now. You should use global distributed servers to prevent DDoS.

we will get there.  one problem at a time.

the CDN from cloudflare looks like a nice service to do just that.

[QuantumKiwi]

Really, im not impressed bitpay.


You have lost another customer.

No support? No replys? No direct support to merchants who GAIN you the profits, you take a percentage of our cut and we are getting little to no support.

Your telling us merchants with API's to modify the API ourselves...... Get real. Im getting a coder to code my own module and take my own payments.

Companies who do not respect clients and look after them in hard times - LOOSE CLIENTS.

Bye BitPay! Hello Quantum Kiwi BTC Pay!

[paraipan]

Keep up the good work guys, this is really starting too look more like an attack on bitcoin, 4 days already  




@QuantumKiwi go troll somewhere else, welcome to my "ignore"

[Littleshop]

Bitpay will emerge stronger from this one stronger and harder to attack.

[QuantumKiwi]

Im not trolling, im a very pissed off business owner that cannot take payments from clients.

Clients are looking at us like fools.

I think im entitled to be fairly annoyed - No support, being told to recode the API myself??

And Bitpay takes a percentage from our profits...... Im not willing to give the company that benefit after this.

Sorry BitPay, but while shit hits the fan you have to keep your clients INFORMED. Leaving merchants with API's just hanging there is not acceptable.

[BitPay Business Solutions]

our site is under a massive DDOS attack, has been for 4 days now, and our DDOS protection service says it is massive, in the top 5% of attacks they see.  Someone is very, very determined to knock out bitcoin and bitpay right now.

Our site will be up when the attacker stops, or when we keep adding enough firewalls to block all of the botnets.

Once we add the firewalls up, the API and all of the plugins will need to be reconfigured.  We can only do one thing at a time.  First thing is to stop or block the attack.  We can't get to steps 3 and 4 until that is done, otherwise its a waste of time.

There are other bitcoin payment solutions out there, or you can build your own.

[Mageant]

our site is under a massive DDOS attack, has been for 4 days now, and our DDOS protection service says it is massive, in the top 5% of attacks they see.  Someone is very, very determined to knock out bitcoin and bitpay right now.

Our site will be up when the attacker stops, or when we keep adding enough firewalls to block all of the botnets.

Once we add the firewalls up, the API and all of the plugins will need to be reconfigured.  We can only do one thing at a time.  First thing is to stop or block the attack.  We can't get to steps 3 and 4 until that is done, otherwise its a waste of time.

There are other bitcoin payment solutions out there, or you can build your own.

Is there any indication where this is coming from or why they are doing it?
Are they asking for a ransom?

[jfreak53]

Top 5%? Are you guys the ones that are being hit with the 65Gbps?
http://blog.cloudflare.com/65gbps-ddos-no-problem

[BitPay Business Solutions]

Top 5%? Are you guys the ones that are being hit with the 65Gbps?
http://blog.cloudflare.com/65gbps-ddos-no-problem

That would be us, yes.  Steve is in touch with them on a regular basis.  This botnet attacker is just relentless.

[greyhawk]

Top 5%? Are you guys the ones that are being hit with the 65Gbps?
http://blog.cloudflare.com/65gbps-ddos-no-problem

That would be us, yes.  Steve is in touch with them on a regular basis.  This botnet attacker is just relentless.

How does this mesh with the end of the article?

What was fun to watch was that while the customer under attack was being targeted by 65Gbps of traffic, not a single packet from that attack made it to their network or affected their operations. In fact, CloudFlare stopped the entire attack without the customer even knowing there was a problem. From the network graph you can see after about 30 minutes the attacker gave up.

[Puppet]

Why dont you set up a host of private IPs for your customers to use to process payments? I might be missing something, but let the criminal DDoS your public site all he wants, if he doesnt know the IPs your customers use, then the impact should be minimal, no?

[SgtSpike]

Top 5%? Are you guys the ones that are being hit with the 65Gbps?
http://blog.cloudflare.com/65gbps-ddos-no-problem

That would be us, yes.  Steve is in touch with them on a regular basis.  This botnet attacker is just relentless.

How does this mesh with the end of the article?

What was fun to watch was that while the customer under attack was being targeted by 65Gbps of traffic, not a single packet from that attack made it to their network or affected their operations. In fact, CloudFlare stopped the entire attack without the customer even knowing there was a problem. From the network graph you can see after about 30 minutes the attacker gave up.

Perhaps a biased article?

[MoonShadow]

Bitpay will emerge stronger from this one stronger and harder to attack.

That which does not kill you, makes you stronger.

If this doesn't apply to any activity on the Internet, then it can't apply to anything.

[jfreak53]

Though to be honest I am very unhappy with not being able to use my payment system and no communication from the company I do understand priority, especially with a 65Gbps attack, MY GOD!!! I am still an unhappy customer, but priority comes first some times. With us when a server goes offline the customer just want's their site back up, while we're still trying to figure out why it went offline and save data. So I do understand but am still a bit of an unhappy customer.  Maybe instill a company policy of when there are problem's like this, send out a mass customer email, that's what we do. All our customer's got emails when we couldn't do bitcoin payment's anymore using a mass mail program.  Just a thought.

I cannot do the API configuration (Not I do not agree with us having to do it but again priority) because bitpay.com is still offline and I cannot get in to get my Key so we cannot reconfigure the script yet for this reason. But from what I can tell it's just a single edit, change from SSL to HTTP Auth with is a header field, real quick and simple if we could get in  

In our case we do offer CC payment's, so if a customer needed to pay before we got our own system up 3 hours ago they could have real simple using CC.

My theory is it's not a regular attacker, who has that money to attack for 72 hours at 65Gbps? We're talking something around $20 a min. here in cost or more! My personal opinion is it's Paypal or Visa going after you guys, but that's just my theory. They are the only ones looking to gain from this. Any other attacker no matter what the ransom it wouldn't pay their cost of running that big of an attack for 4 days. Plus if you don't pay and they are busted they just lost their money for the attack ha ha ha

So it's gotta be a big corp doing it that stands to gain from you going down and Bitcoin's being hurt.

I agree with the private IP routing, that would actually work.