Bitcoin Forum

Hello,

Made some revisions to my lending website.

Everything is automated. 

Get a loan in 1 click.

Cleaned up user interface.

I could use some beta testers.  If anyone is looking for a small loan feel free to check it out.

www.lendmecoin.com (http://www.lendmecoin.com)

You can message me using the mailing system if you have questions.  My user name is "Admin".

<!DOCTYPE html> and nothing above it so your inputs are not thin.

I am always looking for ways to improve.  I am a self taught programmer and if you were to elaborate, then I can possibly make some fixes.

Thanks.

register.php and other pages:


Add before the head.

Ah perfect.  Thank you for pointing that out.

Added guide section and ironed out initial bugs.

It'd be a good idea to add some pages that don't require login to view.  It looks pretty minimal to me.

If you are interested, I'm happy to do a code review for you and point out any bugs / security issues / etc for a link to CoinLenders.com

Yes I agree I do need https.  Which is something I am working on.  You really think that people will not use my service?

Perhaps it was a bit premature to call it "beta" testing, when in fact you are right, it is more like closed alpha. 

I learn from making mistakes more than anything, and am not a professional programmer.  This is something that I am doing in my spare time to contribute to the bitcoin community.

Please keep the suggestions coming.  What about my service would you consider unprofessional?

I may take you up on your offer at some point.  At this time I am determined to work through any problems that I may have.

Thank you for the offer.

I doubt he pmed you so you could blast his questions in a bad way all over the forums. He obviously asked because he wants to learn, and not have everything handed to him, unlike some that are posting asking for a shitton of money to hire programmers for an amazing idea they have.

It is quite alright that he is posting my question so others can judge me.  I have nothing to hide.  I will continue to make improvements to the site everyday regardless.

It might not be a great idea to have this as my first site.  I like to learn to run before I walk.  I do expect to lose money initially, and I have already come to terms with that.  I have requested to have other help me code my site in the past, but have found that they are unreliable coders and typically are way too expensive for what they offer.  I think it is in my best interest to learn these things on my own so that I do not have to lean on anyone in the future.  If I had time to program 100 sites before I made this one I would probably be an old man and none of my ideas would come to fruition.

Although, I do appreciate the advice on the SSL certificate.  I did have an idea on what direction to go in, but I did want some confirmation with someone who knew what they were talking about.

Thanks again!

I am thinking of using Back Track 5 to test my system.  Would anyone recommend something different for penetration testing?

You're not going to have any luck using it correctly.

You better hire a pentester.

Any suggestions that do not involve having others do the work for me?

If my site crashes and burns I want to at least learn something from the experience.

I'm happy to look over your code and explain to you how to fix it (and how people can exploit it).

So, how do I increase my credit score?

Your credit will increase over time automatically, if you have a valid bitcoin address in the system.  You can also complete loans, and that will give you a boost for every one that is completed.

just signed up... not qualified for anything.

How do I take a loan?  Was going to try it out.  Looks like a cool site.

I did some light testing on your site.

I was able to register as the username admin.

You are running:
Apache/2.2.16 (Debian) Server at www.lendmecoin.com Port 80

This version is vulnerable.
http://httpd.apache.org/security/vulnerabilities_22.html

You also have some XSS vulnerabilities:

https://i.imgur.com/qhpHaoy.png

Another one would be that you have been logged out of lendmecoin.

http://www.lendmecoin.com/LMC1/logout.php

Yes I did notice that you were able to register as the admin.  I will be solving XSS security issues sometime today after I get home from work.

Thank you for pointing out the vulnerabilities of the apache that I am currently using.  I will visit your link sometime this weekend and get anything that I have missed sorted out.

Thanks again for all the help.

Fixed XSS errors and added encrypted session hashing.

Working on SSL now.  Need to get my validation done and I will get it up and running shortly.

I have no idea what I am looking at.

I think some malformed database or query is the source but I hope this is not normal what I am seeing:
https://i.imgur.com/y3p8rjH.png

What is your user name?  If you do not use a common user name, which they may be perceived as an attempt to penetrate the system.  Then you will not be able to login.

I see the most recent user that registered is named "."

I am able to login and my username is "'"

"Look before you leap for as you sow, ye are like to reap."
Samuel Butler

Did you try recently?  I am trying to pull up your profile and it kicks me out.

Apparently you deleted my profile now...

Nope you are still in there.  I can change your user name if you like....

Seems like some serious bugs, or glitches. Can't log-in. I guess it's because I registered from another computer/IP.

Yeah, if you give me your ip I can add it to my white list if you like.

Oh, that's why I couldn't log in.

You do know some people have dynamic IP's that change up to once an hour, right?

Yes I know.  It is for security.  I should probably put some kind of message to the user when this happens so people are not scratching their heads...