Forum Replies Created
-
AuthorPosts
-
alexgKeymaster
Hello,
As discussed before, the best course of action would be to show the email you have to CP support and ask them if it is legitimate.
You did not mention whether there is a PGP signature present, but if it is, you should verify it.
Also check the email’s full headers for details.
I have still not received any such email from CoinPayments, and nobody else has mentioned this to me. I have not seen this mentioned on the CoinPayments website, blog, or twitter account. Such an important announcement should be more prominent if it was legitimate.
with regards
alexgKeymasterHello,
IF this email is true, then this would mean that you’d have to contact your hosting provider, and have them add this IP to the whitelist of your firewall.
HOWEVER this sounds fishy! This is also what a hacker would say if they were trying to forge deposits to your site. I am listing the reasons why this looks suspicious to me:
– I am also signed up to CoinPayments and have not yet received such an email.
– Furthermore, it would probably be simple for CoinPayments to route all IPNs from the old IP, even if they have to change their infrastructure on the back-end.
– I find it suspicious that the last two sentences in the email have obvious grammatical errors. Only a person not proficient in English would make such mistakes. Doesn’t sound like an official communication from a serious service such as CoinPayments. As we all know, most black-hat hackers are in Russia and the Balkans, not in English-speaking countries.
– It is somewhat surprising that they would give you only a small window of time to do this change. July 15th is in a week’s time, and you’d have to contact your hosting provider to let them know about the change. Not enough time for everyone to react without service disruption.
– Finally, all communication coming from CoinPayments is signed with their PGP key. Is there such a signature in the email, and have you verified it with their key? Their key can be found here: https://www.coinpayments.net/help-signed-emails The signature can be verified with Kleopatra or similar software.
I am curious. If this is indeed a social engineering effort as part of a larger hacking attempt, how would the attackers forge the HMAC signatures required on IPN messages? Perhaps they think I never bothered to add code that checks for HMACs? Is it possible that they are not even targeting this coin adapter, but only some other implementation that has this weakness? Maybe they scraped emails from the CoinPayments support forums and are sending this email to potential users of the platform?
Please check the email you received more carefully. If necessary, check the full email headers. What is the originating IP? Does it actually belong to CoinPayments? Does the PGP signature check out?
Be careful with this. I might be a bit paranoid but with such things you need to be paranoid because money is involved. IF it turns out that the email is legitimate, then you’d have to contact the hosting provider for your site and let them know that you want incoming IPNs from this IP whitelisted. But first let’s make sure. You could also show your email to CoinPayments support and ask them if it’s legit. If it’s not, they should probably know about this.
with regards
alexgKeymasterHello Megan,
Great to hear that everything is working!
I’ve been well, thank you, hope you are well too! I’m very busy with the big upcoming release. Actually I’ve been working on the Airdrop extension these days.
I’m somewhat behind schedule. When I started this revamp in August of 2020 I underestimated the effort by several months. In any case, I think people will appreciate how much more usable the admin UIs are. Creating/editing transactions is a breeze now that they’re custom post types, and you can search for transactions by user, currency, tag, status, or combinations of these.
In general the plugin and its extensions are coming along nicely in all fronts: UI/usability, automated testing/robustness, frontend performance, extensibility, code readability, and the documentation will be more legible and accessible. Once everything is ready, I will upload RC versions of the plugin on dashed-slug.net before pushing the final 6.0.0 to wordpress.org. If there are any significant bugs that escape my tests, hoefully they will become apparent once people try out the RC version.
Every component had to be rewritten from scratch almost, and my main focus right now is to retain the old functionality, and to make the transition easy for users.
You make a good point. An airdrop could be applicable to either a user role or to specific users.
I’m not sure if I will implement this right now, or after the upcoming release, but in any case I will do this soon, because it sounds useful. I am opening a ticket.
There’s also another request for choosing users based on limits on their user balance (https://www.dashed-slug.net/upcoming-bitcoin-and-altcoin-wallets-6/#comment-4575) so I will likely implement these two features together.
I’ll leave you with a very small preview of how nicely everything is organized in the WordPress menu (see attached).
with regards,
AlexAttachments:
You must be logged in to view attached files.alexgKeymasterHello,
I have replied to your email about this issue. The account should be active now. Thank you for your membership.
with regards
June 28, 2021 at 8:13 am in reply to: Litecoin testnet (LTCT) not available on checkout due to missing exchange rate #10714alexgKeymasterHello,
Whether a coin is available on WooCommerce checkout depends on whether the exchange rate is known, between that coin and the store’s default currency.
To check what exchange rates are known by the plugin, you can see the debug window at: “Wallets” -> “Exchange Rates” -> “Exchange rates debug views” -> “Exchange rates”.
So, for example, if the store’s currency is USD and you want to check out with LTCT, this will work if you have USD_LTCT, or LTCT_USD, or if you have USDT_BTC and BTC_LTCT.
In the special case of Litecoin Testnet, this exchange rate is not loaded directly from the external services, since LTCT does not actually have value. The plugin looks into this array of exchange rates, and if it finds the BTC_LTC exchange rate, it copies it into BTC_LTCT.
So, in conclusion, you must enable an exchange rates provider that offers the exchange rate between BTC and LTC. All the exchange rate providers should have this.
So, to ensure that the exchange rates are loaded right after you change your settings, you can click on the button “Clear/refresh data now!”.
Now, if you are seeing old/stale prices in the exchange rates debug view, this can only mean that there is a problem with running the cron jobs that are loading the data.
To check if the cron jobs are running, you can check at the admin dashboard, under “Bitcoin and Altcoin Wallets” -> “Debug” -> “Cron jobs last run on”. This should run every minute or so.
If cron jobs are not running, you can enable WordPress debugging in wp-config.php, and then enable “Wallets” -> “Cron jobs” -> “Verbose log output (debug)”. Then you can check the log at wp-config.php/debug.log and see if there is any errors. For example, the server may have been unable to contact an external API, or it may have timed out due to network conditions.
Hope this helps. Please let me know if you have any more questions about any of this.
with regards,
AlexP.S. As stated on the site, I reply to all queries once per day, Monday to Friday. So during workdays I reply within 24 hours.
alexgKeymasterHello,
You’re referring to this topic.
It got automatically blocked due to the URLs in it and I never got a notification.
I have now replied to your topic.
with regards
June 15, 2021 at 7:52 am in reply to: CloudFlare timeout (HTTP 524) when adding full node coin #10663alexgKeymasterHello,
This is strange indeed.
I’m guessing that you’d get 524 if Cloudflare times out trying to contact your site. Have you set the connection to your wallet through the admin before it crashed? If so, then check the connection with your wallet. As you know, timeouts are usually due to firewalls.
with regards
P.S. I have moved your topic to the Full Multi Coin Adapter forum because it looks like this is a Bitcoin fork.
alexgKeymasterHello, that’s a good question. Short answer: maybe!
It’s hard to promise things so far into the future when things in crypto move so fast.
We are still a few months away from wallets6 and several months away from an ERC-20 wallet adapter.
The way I understand it, the Binance chain is a not-so-decentralized blockchain that came to prominence due to the currently high network fees on Ethereum. As EIP-1559 (and taproot) are rolled out, the Ethereum and Bitcoin networks will become less congested. This may negate the need for Binance chain, or maybe everyone and everything will move to Cardano or Polkadot. Or maybe Metamask integration will be the top thing that everyone asks for. Or people will go back to Bitcoin and start issuing coins on Counterparty. Who knows? At the time when I’ll be finished with the ERC-20 wallet adapter, we will be living in a different world, and I don’t know which chain will be on highest demand at the time. So I defer the decision until then.
What is certain is that I won’t ever be able to build adapters for all the chains myself. Ultimately my goal is to make wallets6 more developer-friendly, so people can build their own adapters. Developer friendly means well-engineered, with clearer documentation, stable APIs, a solid testing framework, and concise code snippets and examples.
Right now I’m focusing on finishing wallets6. This will be the basis of all that is to come. After 9 months of development it’s coming along great and it will only be a few months until it’s released. After ERC-20 I will see what is needed most at the time.
with regards
alexgKeymasterThanks, it was based on your idea to try it without digest auth.
So, I’m curious, does the Italo wallet work fine? Did you test deposits/withdrawals? If you want, let us know.
alexgKeymasterThank you. That makes sense.
Italo is a fork of Oxen (previously Loki).
This is considerably different from Monero. For example, Oxen distinguishes between a restricted admin RPC port and a public RPC port, and Italo does the same.
I can now confirm that, as you say, without digest authentication the wallet API authenticates correctly. (I didn’t get the chance to fully test the italo wallet.)
In version 1.1.4 of the Monero coin adapter, I have added an option for basic authentication, so that all Oxen forks can be supported.
with regards
alexgKeymasterHello,
1. Is this error on a new site or on an existing site?
2. Are you using the CoinPayments adapter?
If you are using the CoinPayments adapter, please see here for a complete troubleshooter: https://www.dashed-slug.net/howto-debug-an-incoming-deposit-coinpayments-adapter/ You will likely have to contact your hosting provider about incoming IPNs.
If you are using a full node wallet, see here: https://www.dashed-slug.net/howto-debug-an-incoming-deposit-full-node-wallet/
Let me know if the above didn’t help.
with regards
alexgKeymasterHello,
If you have not modified the templates, then the closing comment tag should be there.
If it’s not found, this is likely due to an error being interjected with the HTML. This is especially likely if you have not set
WP_DEBUG_DISPLAY
to false in your wp-config.php. Did you check the debug.log for errors?In any case, please do the following:
1. Ensure that you are not modified the templates.
2. Let me know which shortcode you are using, and with what attributes exactly.
3. Email me a regular user username and password, and the link to the page, so I can login and check the issue on your site.with regards
May 21, 2021 at 8:16 am in reply to: Run – Airdrop – Sorry, you are not allowed to access this page. #10577alexgKeymasterHello,
Thank you for paying for membership, and sorry about that!
This is an issue that a few others had too, but I haven’t had the time to investigate why it is so.
Normally, on plugin activation, the plugin assigns the correct capabilities. But in some configurations this doesn’t work.
First, try to deactivate and re-activate the Airdrop extension. This may fix the issue.
If this doesn’t work, you can use any capability-editing plugin, to assign the following capabilities to the admin user:
publish_airdrops
edit_airdrops
edit_others_airdrops
delete_airdrops
delete_others_airdrops
read_private_airdrops
edit_airdrop
delete_airdrop
read_airdrop
A good plugin for editing capabilities is: https://wordpress.org/plugins/user-role-editor/
You can use it to edit the
Administrator
role and click on “Add Capability” to add the above capabilities. This will definitely fix the issue.Let me know if you face any difficulties with this. And if you have any more questions about the plugins, please open a new thread.
with regards
P.S. The activation code is likely in your spam folder and yes, it is the same code you saw on the website. It lets the premium plugin extensions discover updates despite not being hosted on wordpress.org. For more information about this, see here: https://www.dashed-slug.net/dashed-slug/extension-updates-activation/
alexgKeymasterHello,
Thank you for the additional details. I will investigate this wallet soon.
You could comment out that line to test what happens. If you do, let me know. Does the wallet work without it?
But this is not a permanent solution because it would affect your other Monero-based wallets. You can’t just copy the code into a new plugin, there would be too many name collisions.
I have to build that wallet, understand what its authentication method is, if any, and then understand why it’s different. As you know, there are several possible authentication methods on HTTP: https://curl.se/libcurl/c/CURLOPT_HTTPAUTH.html
Perhaps it’s a fork from an earlier version of Monero, or it’s simply modified.
Once I have a clear picture of what other authentication methods are possible with these types of wallets, I can add to the coin adapter settings.
I have added this to my backlog. I will get back to you about this, hopefully in the next week.
with regards
alexgKeymasterHello,
The Monero coin adapter returns this error if the response it gets from your wallet is a valid JSON response, but it does not include a “result” field.
In practice this could mean that there was a problem with authentication.
1. Is this error on a new wallet or on an existing wallet that suddenly stopped working?
2. Have you used the
--rpc-login
argument when startingmonero-wallet-rpc
?3. Is this a Monero wallet or other Monero fork? The Monero docs clearly state that
--digest
should be used. If you cannot curl to your wallet using--digest
then this is likely a wallet that is not exactly the same as Monero, so it would be best to contact the developers of the wallet about this.Let me know about points 1,2 and 3 please.
And, if there’s an issue with a Monero fork, I’d like to know what that wallet is, so I can make the adapters work with it.
with regards
-
AuthorPosts