Blockchain.info - Bitcoin Block explorer & Currency Statistics

[ErebusBat]

To those who have lost coins from blockchain.info accounts; are you certain that you didn't enter your identifier and password into a phishing site? I saw an extremely sophisticated on many months ago, on a typo domain. I suspect that accounts for more lost coins than any actual hacking.

Yet another reason to use lastpass

[justusranvier]

To those who have lost coins from blockchain.info accounts; are you certain that you didn't enter your identifier and password into a phishing site? I saw an extremely sophisticated on many months ago, on a typo domain. I suspect that accounts for more lost coins than any actual hacking.

Yet another reason to use lastpass

Exactly

[JordanL]

To those who have lost coins from blockchain.info accounts; are you certain that you didn't enter your identifier and password into a phishing site? I saw an extremely sophisticated on many months ago, on a typo domain. I suspect that accounts for more lost coins than any actual hacking.

Yet another reason to use lastpass

Or a yubikey, which is my preferred method.

[centove]

Is this a part of the recovery as well but:

http://markets.blockchain.info/

Oops! Google Chrome could not connect to markets.blockchain.info

Something get lost in the shuffle?

[ErebusBat]

To those who have lost coins from blockchain.info accounts; are you certain that you didn't enter your identifier and password into a phishing site? I saw an extremely sophisticated on many months ago, on a typo domain. I suspect that accounts for more lost coins than any actual hacking.

Yet another reason to use lastpass

Or a yubikey, which is my preferred method.

Actually I was referring to the fact that lasts as remembers the URL for me, so typos are non existent.

[organofcorti]

To those who have lost coins from blockchain.info accounts; are you certain that you didn't enter your identifier and password into a phishing site? I saw an extremely sophisticated on many months ago, on a typo domain. I suspect that accounts for more lost coins than any actual hacking.

Yet another reason to use lastpass

Or a yubikey, which is my preferred method.

Or a yubikey with lastpass.

[glitch003]

Hey piuk, when I try to use the payment API I get this error: "Error Http Notifications Are Currently Disabled".  Just curious, how long until they're enabled?


Thanks!

[giantdragon]

Receive payments API don't work, I am getting an error: "Error Http Notifications Are Currently Disabled".

[ingrownpocket]

Hey piuk, when I try to use the payment API I get this error: "Error Http Notifications Are Currently Disabled".  Just curious, how long until they're enabled?


Thanks!

Receive payments API don't work, I am getting an error: "Error Http Notifications Are Currently Disabled".

Confirmed.

[dooglus]

I've seen advice recently both in this thread and on twitter that instead of validating callback requests using the IP address (since it keeps changing) I should include a per-user secret in the callback URL.

The problem with this is the callback URL appears in the source-code of the page presented to the user, so it won't stay secret for long.

http://blockchain.info/api/api_receive says:

Where you would like the pay now button to appear include the following code

Code:

<div style="font-size:16px;margin:10px;width:300px" class="blockchain-btn"
     data-address="1A8JiWcwvpY7tAopUkSnGuEYHmzGYfZPiq"
     data-callback="https://mydomain.com/callback_url">

I assume you're suggesting putting the 'secret' in the data-callback attribute?  But then the user just views the HTML source and sees the secret, and can then fake their own callback visit.

And like others have said, callbacks seem to be currently broken anyway.  Clicking the demo 'javascript buttons' on http://blockchain.info/api/api_receive tells me:

"Error Http Notifications Are Currently Disabled"

[ingrownpocket]

I've seen advice recently both in this thread and on twitter that instead of validating callback requests using the IP address (since it keeps changing) I should include a per-user secret in the callback URL.

The problem with this is the callback URL appears in the source-code of the page presented to the user, so it won't stay secret for long.

http://blockchain.info/api/api_receive says:

Where you would like the pay now button to appear include the following code

Code:

<div style="font-size:16px;margin:10px;width:300px" class="blockchain-btn"
     data-address="1A8JiWcwvpY7tAopUkSnGuEYHmzGYfZPiq"
     data-callback="https://mydomain.com/callback_url">

I assume you're suggesting putting the 'secret' in the data-callback attribute?  But then the user just views the HTML source and sees the secret, and can then fake their own callback visit.

And like others have said, callbacks seem to be currently broken anyway.  Clicking the demo 'javascript buttons' on http://blockchain.info/api/api_receive tells me:

"Error Http Notifications Are Currently Disabled"

The secret works if you use PHP to get the address and then print it on the page.

[internationalaw]

Hey @piuk, could you comment on how long it takes to get your 2 factor authentication reset? I've been locked out for over a week now and I've already submitted a form. I have some things I need to do with my BTC.

[dooglus]

The secret works if you use PHP to get the address and then print it on the page.

Interesting.

Do you have some example code to show what you mean?

Is this instead of using the javascript buttons that blockchain.info provide, or some modification to their code?

[giantdragon]

The secret works if you use PHP to get the address and then print it on the page.

Do you have some example code to show what you mean?

A working example:

Code:

$callback = urlencode("http://example.com/deposit.php?username={$_SESSION['username']}&secret={$depositSecret}");
$url = "https://blockchain.info/api/receive?method=create&address={$depositAddress}&shared=false&callback={$callback}";

$response = @file_get_contents($url);
$json = json_decode($response, true);

if(($json === false) || (is_null($json)) || (!isset($json['input_address'])))
	//error
else
	redirect("page.php?address={$json['input_address']}");

[BitPirate]

Hi,

The JSON-RPC API is again giving me "lock timeout exceeded, try restarting transaction" on all requests.

Looks like a MySQL error -- I guess you're missing a rollback() or commit() somewhere...

[elgreco]

Any idea when the satoshidice send option will work again?

[paraipan]

Don't know if bug or PEBCAK issue here, PM sent anyways.

[ingrownpocket]

The secret works if you use PHP to get the address and then print it on the page.

Do you have some example code to show what you mean?

A working example:

Code:

$callback = urlencode("http://example.com/deposit.php?username={$_SESSION['username']}&secret={$depositSecret}");
$url = "https://blockchain.info/api/receive?method=create&address={$depositAddress}&shared=false&callback={$callback}";

$response = @file_get_contents($url);
$json = json_decode($response, true);

if(($json === false) || (is_null($json)) || (!isset($json['input_address'])))
	//error
else
	redirect("page.php?address={$json['input_address']}");

Yes, that.

[Stephen Gornick]

I'm wondering why Blockchain.info is having trouble with this transaction:

 - https://blockchain.info/tx/d3887aa543417c6934e7831407d017ec15b4b288a23cdd2977505a6ea1aff739

When I enabled "Advanced" I click on the (Spent), which is the URL:
 - https://blockchain.info/tx-index/66120873

but am given the response:  "Transaction not found"

But here is that transaction:
 - https://blockchain.info/tx/440a659b8298dcc0ac336e1c245472f6bcc48a90d978a746241c74b4368ae92e

So is this just an indexing error somewhere?

[whiskers75]

Put a warning up about enabling 2 factor auth - I lost 1.2 BTC due to a "It would take a desktop PC about 175 years to crack your password" password. (http://howsecureismypassword.net)