|
You got proof of funds? Give us the address and a signed message from that.
You willing to use Escrow?
|
|
|
|
|
Improved formatting of the guide as it was slightly difficult to read.
Added Steadyturtle.com to Hosting.
Added Mellowads.com to Advertising.
Created new section - Traffic.
Added FaucetBox.com/ScanTheBox.com to Traffic.
Added Ifaucet.net to Traffic.
Removed CleverPuffin.com from Hosting.
Removed Microwallet.org from Processors.
Removed BitClix.com from Advertising.
|
|
|
|
Those things are so irritating, I've been debating releasing a public list people can subscribe to that does nothing but block these stupid adblock-blockers to nullify them.
While I do use AdBlock, it isn't very irritating to click on an icon and turn it off for the page. Usually two clicks. For sites like faucets that need this advertising revenue, I would say that two clicks isn't too awful to get around the blockers. |
|
|
|
|
He's back! Thanks a ton Bob!
1PNmymEXA8mGZfdsWAWmicJPTXEf5KAzTG
|
|
|
|
Ok thanks for letting us know. Not sure why this is causing a problem - I'm testing it using the Chrome Ad Block Plus extension and Mellow Ads works without any problems. Can you tell me which ad block app you are using and which browser then I can check it out  I'm currently using the AdGuard extension for Mozilla Firefox 39.0. I am also using the Disconnect extension, though I receive the same results when disabling it. Once disabling both the error no longer appears and the bottom panel displays as expected. |
|
|
|
Its working fine at my end, what browser/os versions are you using?
Apologies, it turns out that it was AdBlock causing the problem. Perhaps adding a warning about AdBlock breaking the site slightly could help. |
|
|
|
It appears that viewing any ad space or the ad listing brings up an 'Unexpected system error', along with the bottom panel on an ad space perpetually stuck on 'Loading...'. |
|
|
|
|
I have the domain cost.pw if you're interested. Send me a PM with an offer if so.
|
|
|
|
That 50% off coupon has expired. Can you add another?
There has been a large amount of negative stigma around this individual/website. What makes you want to buy? I've paid for a script but never got a valid download link. Will you ever solve it?
This user appears to be a scammer. I'd recommend avoiding any deals with this user and his website COIGG.COM
I purchased the Bitcoin Online Shop Script on May 14, 2015 and to this date I can't download the file due to an invalid link. My sale order is #2605 I contacted support as described in an earlier post but to this date I have not received any replies yet. Avoid buying scripts from this site. At least do not pay with bitcoin if you buy stuff from these guys.
https://bitcointalk.org/index.php?topic=1010918.0 |
|
|
|
Man you made 13 pages about 1 domain name!
And he will make a lot more, until he gets bored; this domain will never sell at the price he wants. |
|
|
|
If it's an auction you need to post a start bid, minimum increment and end date for the domain. If you're not going to provide any of these things, try the Digital Goods section. |
|
|
|
I've been using Bittorrent for illegal means for years now and I have never been caught. Does that mean that I am complying with copyright law? No. Just because you haven't had a take-down doesn't mean that it complies with copyright. Using all of other peoples content with no additions of your own financial gain is NOT fair use ( http://www.avvo.com/legal-answers/is-a-compilation-video--fail-video--laughing-babie-1720125.html ). As said, the chances of a take down are next to none, but that doesn't mean it complies with copyright law or fair use. I suggest you learn about what you're preaching before calling others ignorant. Good luck with your sale. |
|
|
|
I'm gonna argue with an ignorant. Sale is still on!
What he is saying makes perfect sense, even if it is unlikely to happen. Don't just disregard claims because you don't like them. |
|
|
|
TC, what do you think of developing a simple browser plug in that would alert users if the site they are visiting could be a scam? We could allow legendary members to contribute to the database.
Of course this would only work if we could promote it in the B&H section...
I wouldn't even know where to begin  Reading this thread, I actually quite like this idea. I'm not 100% sure on how it would work completely, but a GreaseMonkey extension could probably be made with this idea and could add a header to the top of the page for example. Just throwing ideas around. |
|
|
|
It should take less than 5 minutes from start to finish. I'd classify that as easy.
That is for people with experience and knowledge coding with PHP and MySQL. For someone with no knowledge in either of those fields that may sound like a lot of work. |
|
|
|
|
The advertising on CoinURL (interstitial at least) is good if you want low quality traffic for a somewhat cheap price (though it has gone more expensive recently). If you want anything else, you should look elsewhere.
I wouldn't recommend using them for their service simply because how high the fees are. You can get much better rates at websites that pay in USD and then convert that to Bitcoin.
|
|
|
|
Even with your code changes (such as escaping strings), there are many vulnerabilities still open. I'm actually somewhat surprised something as important as dealing with people's finances (in the sense that the script has access to the wallet's funds) is even using SQLi, much less in a very unsecure method. real_escape_string only prevents a small portion of injections from being possible, and if you really want to use that route, you should fix all of them.
As I said, the best way to do it without completely changing the DB software would be to use prepared statements, though that would still leave the script open to some forms of injection. What would you suggest to fix it? |
|
|
|
The best way to go about it would probably be to use prepared statements, though that would take more complicated code to execute properly. |
|
|
|
It doesn't look at all like a SQL Injection vulnerability, I really don't think that's what causing it. Why do you thinks it's a SQL Injection? I'd say it's rather some subtle error in code that calculates the reward or handles the timer or both. Either way it's probably not trivial and would require a lot of time and effort to fully analyze. You can't expect that I'll fix every random script out there, that's just impossible. I have FaucetBOX.com, Faucet in a Box script and ScanTheBOX.com to maintain, that's engaging enough.
If you don't mind me asking, what makes it not look like a SQL Injection vulnerability? From what I can see in the code, there is nothing to escape any of the strings before running them. For example, on core.php at line 169 (In the default script from gitlabs, looking at another faucet owner's script from this vulnerability it seems to be line 300), this function is used to run any SQL querys throughout the script: function sql_query($sql)
{
global $mysqli;
return $mysqli->query($sql);
}
It literally gets the connection from config.php and runs the query. If this is as simple as it looks and there are no escape strings, this is a huge error in the script. Perhaps using something similar to this: function sql_query($sql)
{
global $mysqli;
$sql = $mysqli->real_escape_string($sql);
return $mysqli->query($sql);
}
Will solve the problem, as it escapes the string before continuing with the query. Hearing thefaucetrunner talk about SQL injection made me think about this again and had me search through all of the files to try and find this function. Apologies for not finding it earlier. |
|
|
|
I appreciate that you are seperating yourself from the issue, but it'd be great if you guys were more involved in helping people out.
There are a LOT of faucets affected by this. It's an SQL injection problem, this is something you could assist with I'm sure. You just don't/won't look at the script to help us out!
And he has no reason to help you; it is not his script. Have you tried contacting Elbandi (the creator of MiniFaucet) and seeing if he can help? He likely knows his way around the script better than anyone else due to him creating it ( https://bitcointalk.org/index.php?topic=333748.0). |
|
|
|
|
Show Posts
