|
Title: Proof Of Faucet Concepts And It's Vulnerability Post by: cakir on December 10, 2014, 10:12:32 PM Hi We all meet "Proof of Faucet" concept with MiracleCoin as all we know it's worthless now, but it sill has a value.
Then A second POF coin appeared that named "Find You Coin" which is already a trash. I want to reveal a Vulnerability about this concept. As you know these faucet distrubitions are just "senseless". Why? Because it can be easily manipulated, Why? Because it's only checking client's ip address. How to collect more coin with just one pc? First of all I downloaded and synced FindYouCoin's wallet. Then I copied blockchain data from %appdata%\FindYouCoin to D:\FindYouCoin D:\FindYouCoin2 D:\FindYouCoin3 D:\FindYouCoin4 ... etc. I deleted wallet.dat file in these folders. Then, I created a few shortcuts to my original Wallet executable like these; C:\Users\Username\Desktop\FindYouCoin-qt.exe -datadir=D:\FindYouCoin -proxy=ip2:port2 C:\Users\Username\Desktop\FindYouCoin-qt.exe -datadir=D:\FindYouCoin2 -proxy=ip3:port3 C:\Users\Username\Desktop\FindYouCoin-qt.exe -datadir=D:\FindYouCoin3 -proxy=ip4:port4 ... etc. Then I started all wallets. All of them got coins from faucet distrubition because all of them were seen as a diffrent users' wallets. This concept doesn't check for proxys... And I dumped all of coins from distrubition. I'm not going to answer how much btc I got. I opened this thread to warn everybody about these type coins. Developers may disable -proxy parameter of the wallet in case of this kinda abuse. Title: Re: Proof Of Faucet Concepts And It's Vulnerability Post by: e1ghtSpace on December 15, 2014, 04:30:36 AM I tried this but my wallets wouldn't connect to peers. Which proxies did you use?
Title: Re: Proof Of Faucet Concepts And It's Vulnerability Post by: cakir on December 15, 2014, 05:04:17 AM I tried this but my wallets wouldn't connect to peers. Which proxies did you use? Basically "socks proxies". Well, I checked the bitcoin's wiki page; https://en.bitcoin.it/wiki/Running_Bitcoin#Command-line_arguments It was saying that I needed to use Socks proxies. " -proxy=<ip:port> Connect through SOCKS proxy" So I went to the hide my ass, http://proxylist.hidemyass.com/ and filtered the proxies according to the protocol. Probably you've tried with http(s) proxies that's why it didn't work for you... Title: Re: Proof Of Faucet Concepts And It's Vulnerability Post by: e1ghtSpace on December 15, 2014, 05:28:34 AM I tried this but my wallets wouldn't connect to peers. Which proxies did you use? Basically "socks proxies". Well, I checked the bitcoin's wiki page; https://en.bitcoin.it/wiki/Running_Bitcoin#Command-line_arguments It was saying that I needed to use Socks proxies. " -proxy=<ip:port> Connect through SOCKS proxy" So I went to the hide my ass, http://proxylist.hidemyass.com/ and filtered the proxies according to the protocol. Probably you've tried with http(s) proxies that's why it didn't work for you... Title: Re: Proof Of Faucet Concepts And It's Vulnerability Post by: afall on December 31, 2014, 05:06:24 PM I can confirm that even with the -proxy parameter disabled, users can still connect via proxy (at least with Windows). FindCoin has this disabled, but I was able to run 5 separate wallets via HTTPS proxies and received coins for each one. Until this can be addressed and fixed, I have to agree that proof of faucet coins need some type of additional security to prevent abuse.
Title: Re: Proof Of Faucet Concepts And It's Vulnerability Post by: Crestington on December 31, 2014, 07:55:01 PM A friend of mine told me a month ago or so how he was able to drain faucets through this method. For the moment I don't think Proof of Faucet is viable as it's too easy to game. I think it would be better to just have someone doing giveaways where you can identify whether or not the receiver is part of multiple profiles and exclude them on a case to case basis.
|