|
holorga (OP)
|
 |
February 04, 2013, 08:55:40 AM |
|
hey, server was out of founds during the last hour, sorry about this, founds are on their way and you'll be able to withdraw soon.
|
|
|
|
|
holorga (OP)
|
|
February 04, 2013, 09:26:03 AM |
|
hey, server was out of founds during the last hour, sorry about this, founds are on their way and you'll be able to withdraw soon.
ok, founds are in |
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
 Offline
Activity: 1316
Merit: 1043
👻
|
|
February 04, 2013, 09:35:34 AM |
|
Just a friendly tip: It's funds  |
|
|
|
|
ingrownpocket
Legendary
Offline
Activity: 952
Merit: 1000
|
|
February 04, 2013, 10:59:32 AM |
|
You may want to order the transaction history query. It's showing the Jan transactions in the bottom and Feb transactions in the top  BTW, can you create a page like Bitcoin-Kamikaze has, where you show referrals stats? Something like this:  |
|
|
|
|
|
holorga (OP)
|
|
February 04, 2013, 06:34:08 PM |
|
You may want to order the transaction history query. It's showing the Jan transactions in the bottom and Feb transactions in the top BTW, can you create a page like Bitcoin-Kamikaze has, where you show referrals stats? Something like this: thanks for the feedback, I'm planning a rewrite soon (will move payment processing to blockchain.info to offer instant payouts) and I'll include more details about referals.. |
|
|
|
|
holorga (OP)
|
|
February 04, 2013, 06:35:07 PM |
|
Just a friendly tip: It's funds haha thanks |
|
|
|
|
addi
|
|
February 05, 2013, 09:50:24 PM |
|
I keep getting "invalid address" when I'm trying to withdraw. I tried with several addresses. I'm 100% sure these are working addresses. What's the matter there?
|
|
|
|
|
holorga (OP)
|
|
February 05, 2013, 09:53:08 PM |
|
I keep getting "invalid address" when I'm trying to withdraw. I tried with several addresses. I'm 100% sure these are working addresses. What's the matter there?
strange, can you give me your username and an address you are trying to use? |
|
|
|
|
addi
|
|
February 05, 2013, 10:01:30 PM |
|
hold on, it might be because I lack 4 confirmations on my deposit? just noticed that note edit: thank you for your quick reaction though, gives me a lot more confidence in your service |
|
|
|
|
holorga (OP)
|
|
February 05, 2013, 10:24:26 PM |
|
hold on, it might be because I lack 4 confirmations on my deposit? just noticed that note edit: thank you for your quick reaction though, gives me a lot more confidence in your service don't worry your btc is safe it still shouldn't tell you that the address is invalid, I've updated a code a bit, try it now. (reload page) and I've changed the confirmation requirement to 2, so you'll be able to cash out sooner. |
|
|
|
notaek
Legendary
Offline
Activity: 1268
Merit: 1009
|
|
February 09, 2013, 02:25:11 AM |
|
I sent 0.025 BTC to an address that was generated for me (you can see here: 1EY6boTD4jCY9CNdfP4i8BMioF1m4NYJ7b) but it never went through, it wasn't every added to my account...
What should I do?
|
|
|
|
|
holorga (OP)
|
|
February 09, 2013, 01:09:18 PM |
|
I sent 0.025 BTC to an address that was generated for me (you can see here: 1EY6boTD4jCY9CNdfP4i8BMioF1m4NYJ7b) but it never went through, it wasn't every added to my account...
What should I do?
you are right, I'm not sure what happened, sorry about that. the transaction wasn't registered by the system.. I've credited your account manually and I'll investigate. |
|
|
|
notaek
Legendary
Offline
Activity: 1268
Merit: 1009
|
|
February 10, 2013, 06:23:09 PM |
|
Thank you.
|
|
|
|
cleric
Newbie
Offline
Activity: 7
Merit: 0
|
 |
February 14, 2013, 12:59:17 PM |
|
Hello, I would like to report a possible security hole in the current scheme of things. The idea to use only 'url with secret' for logging in is neat but not entirely safe because the web server uses plain http with no encryption. Let's say you open the site for the first time and it gives you secret like http://minefield.bitcoinlab.org/?secret=fngrOdO23tDOTuPWThen you deposit some btc. If someone is sniffing the traffic it is fairly easy to extract the GET /?secret=fngrOdO23tDOTuPW string from the HTTP request. Then he needs simply to open the site with that secret and he can withdraw the btc to address of his choice. I can mention two solutions. 1/ get a https certificate and the run the website over ssl/tls. This will resolve the sniffing problem since all traffic would be encrypted. 2/ Make withdraw only possible to addresses from which deposits were received. But on second thought this is not very secure either. A hacker could break into your account, deposit minimal amount of btc and after the deposit is confirmed (and the sending address accepted as viable for withdraw) the hacker request the whole amount to his address. Best~ |
|
|
|
|
|
holorga (OP)
|
|
February 14, 2013, 01:21:09 PM
Last edit: February 14, 2013, 01:36:07 PM by holorga |
|
Hello, I would like to report a possible security hole in the current scheme of things. The idea to use only 'url with secret' for logging in is neat but not entirely safe because the web server uses plain http with no encryption. Let's say you open the site for the first time and it gives you secret like http://minefield.bitcoinlab.org/?secret=fngrOdO23tDOTuPWThen you deposit some btc. If someone is sniffing the traffic it is fairly easy to extract the GET /?secret=fngrOdO23tDOTuPW string from the HTTP request. Then he needs simply to open the site with that secret and he can withdraw the btc to address of his choice. I can mention two solutions. 1/ get a https certificate and the run the website over ssl/tls. This will resolve the sniffing problem since all traffic would be encrypted. 2/ Make withdraw only possible to addresses from which deposits were received. But on second thought this is not very secure either. A hacker could break into your account, deposit minimal amount of btc and after the deposit is confirmed (and the sending address accepted as viable for withdraw) the hacker request the whole amount to his address. Best~ hey, yeah I'm aware of this, I do know what https is and what it is for I don't think that this is very important, but I do plan to switch to https soon. and on why I don't think its important: the number of local networks being sniffed by attackers interested in bitcoin is super small, people that know what https and sniffing is, will make sure that they have a secure connection if they care to, and people that don't, will probably get owned anyway. so I'm maybe saving one person in a few millions, and this website didn't receive that much GET requests yet. and statistically, I'm saving them around 0.05 bitcoin... but still, yes, https, soon. PS I may sound too dismissive, that's not the idea, thanks for reporting |
|
|
|
cleric
Newbie
Offline
Activity: 7
Merit: 0
|
|
February 14, 2013, 08:27:33 PM |
|
hey, yeah I'm aware of this, I do know what https is and what it is for Sorry, I didn't mean to offend you. I have no doubt you know all that, but since the post will probably be read by other people, I wrote it in a more detailed manner, so they could know what we are talking about |
|
|
|
|
|
hiddenoreo
|
|
February 17, 2013, 03:29:40 PM |
|
i dont understand how i lost 3 - 4 btc playing this.....
waste of btc.
|
|
|
|
ingrownpocket
Legendary
Offline
Activity: 952
Merit: 1000
|
|
February 18, 2013, 09:27:21 AM |
|
|
|
|
|
|
|
holorga (OP)
|
|
February 18, 2013, 11:53:39 AM |
|
yeah yeah will implement it I'm finishing another project these days, in a month or two I'll be able to get back to this.. |
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
February 21, 2013, 10:19:55 AM |
|
yeah yeah will implement it I'm finishing another project these days, in a month or two I'll be able to get back to this.. I deposited 1 bitcoin but it's not showing up  user-5125f42adf7b95cc10034bba |
|
|
|
|
|
