28.10.2021

Grin Payouts Issues – HotBit Exchange

GRIN payments work like this: a special URL is supplied to each customer with a distinct wallet to be used for submission of the funds.

The submission is done by GRIN wallet and is entirely automated (as in, despite the fact it is an URL, it is meant for robot interaction and not for human beings — a so-called API endpoint, if we can lose the definition a bit).

When our pool pays out the proceedings to our GRIN miners, for each payment it connects to that URL, passes in the required data, disconnects, and repeats the process over for the next customer.

Cloudflare Protection

Enter the world of the modern World Wide Web with automated spambots, crawlers, and DDoS attacks. To countermeasure these things specialized solutions are engineered, one of which is the widely popular CloudFlare. Its automated algorithms analyze each access to the web site pages and present special guard pages to the visitor if they think it is unusual activity.

HotBit is using CloudFlare to protect their Web front (a very right thing to do, I might add). However, this protection is also enabled on the GRIN payment endpoints, so when our pool pays out to different HotBit customer wallets in a succession, naturally CloudFlare thinks it may be some unusual activity and responds by presenting a visitor check webpage.

The problem is, the parties communicating are, in fact, computer programs, and they are not designed to bypass the “human check”.

This causes our payments to fail — overly cautious algorithms on the CloudFlare side plus improper configuration on the HotBit side (they should have added an exception for the machine-operated endpoints on their CloudFlare dashboard) make them stall and not go through.

Conclusion

The talented team of 2Miners engineers has managed to create a temporary workaround that bypasses CloudFlare security checks for the time being, but in reality, it is HotBit that should be fixing the issue on their side.

We are in contact with them but with the little outcome so far (they suggest using different VPNs to pay out to our miners). Hopefully, we will reach a competent person on their end at last…

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Leave a Reply

Your email address will not be published. Required fields are marked *