Hi, I noticed that clicking on banner ads inside ScanTheBox.com doesn't open the ad. Do you know how to fix or work around that  I found the reason... it's because the iframe is sandboxed and therefore link cannot open new tabs/windows. To fix it, ScanTheBox needs to be changed from <iframe sandbox="allow-same-origin allow-scripts allow-forms" src="" id="iframe"></iframe> to <iframe sandbox="allow-same-origin allow-scripts allow-forms allow-popups" src="" id="iframe"></iframe> That's a known issue and we did block the popups and redirection deliberately. It prevents faucets from opening annoying popups and redirecting out from the rotator. We even give a warning to faucet users about that when they're adding their faucets to the rotator. What we plan to do is adding a button for user like "Open this faucet in new window". Such window wouldn't be sandboxed then. |
|
|
|
After how long possibly broken disappears after satoshis enter your account?
6-8 hours after first successful payout. |
|
|
|
It doesn't look at all like a SQL Injection vulnerability, I really don't think that's what causing it. Why do you thinks it's a SQL Injection? I'd say it's rather some subtle error in code that calculates the reward or handles the timer or both. Either way it's probably not trivial and would require a lot of time and effort to fully analyze. You can't expect that I'll fix every random script out there, that's just impossible. I have FaucetBOX.com, Faucet in a Box script and ScanTheBOX.com to maintain, that's engaging enough.
If you don't mind me asking, what makes it not look like a SQL Injection vulnerability? From what I can see in the code, there is nothing to escape any of the strings before running them. This hack usually results in many small-to-moderate payouts to many addresses in time smaller than the timer. I guess it could be a result of SQL Injection, but why bother with something like that then? SQL Injection probably allows to just steal the API key from the database and I think that would be much easier. |
|
|
|
Well, the coins are coming out through Faucetbox with no probs, and myself and other faucet owners are still paying 3% fees for the service.
3% fee is for the network fees (and we're constantly lowering it as we manage to cut the network fees down). We get nothing from it, we live on ads. I haven't sent you the script as I figured it was out of your role, I would be happy to if you want.
If you are allowed to redistribute it, send me a link to it on PM. But as I said, no guarantees and I won't find time for it in next couple days, so keep looking for someone who maybe will be able to fix that sooner. And once again: why do you think it's a SQL Injection vulnerability? If you're correct than finding and fixing it should be fairly easy. |
|
|
|
I appreciate that you are seperating yourself from the issue, but it'd be great if you guys were more involved in helping people out.
There are a LOT of faucets affected by this. It's an SQL injection problem, this is something you could assist with I'm sure. You just don't/won't look at the script to help us out!
It doesn't look at all like a SQL Injection vulnerability, I really don't think that's what causing it. Why do you thinks it's a SQL Injection? I'd say it's rather some subtle error in code that calculates the reward or handles the timer or both. Either way it's probably not trivial and would require a lot of time and effort to fully analyze. You can't expect that I'll fix every random script out there, that's just impossible. I have FaucetBOX.com, Faucet in a Box script and ScanTheBOX.com to maintain, that's engaging enough. You should all just get in touch with each other and either force RaphaelM to fix that (he is the one that should do it after all if you paid him for the script) or hire someone to fix that and split the cost. Or you can always use the script that's officially supported by us. Or even Microfaucet, as it's already proven to be safe. With all of that said... Something like that hurts everyone. I'll probably look into that (but no guarantees and I think that I won't be able to look into that before 10th July) if you send me the script source. But no one sent me the code yet, so how can I possibly help? However, just like minifrij said, I think Elbandi would be a better person to ask if it's actually based on the Minifaucet. |
|
|
|
Problem is that Im not able to fix it my self. Im not programer. Looking trust member for this work.
Maybe you able to delete this address from your database?
I can't. Also that wouldn't help. The person that does it could just use another one. |
|
|
|
Statistics pages still show UTC time. Waiting for a fix  Still working on it. It's not really high priority...  |
|
|
|
Today i download latest faucet script version 50 and if i click on button "Add Page" in admin panel it is does not work can you fix it please ? Should be fixed in r51. Can you confirm that? |
|
|
|
Hello Today i download latest faucet script version 50 and if i click on button "Add Page" in admin panel it is does not work can you fix it please ? Already working on it, sorry. |
|
|
|
I see you have added timezones. This is great! But on the Statistics pages still shows UTC time. If you could fix that it would be great. Keep up the great work!
We've completely forgot about these, thanks. Will fix that soon. @Kazuldur
Hello, if i choose my timezone so the menu disappears and does not hide in.
same here, i've chosen my timezone and clicked save. It just didn't dissapear Clicked "X" too, but nothing happened Your browsers have cached old stylesheets. Clearing cache would fix that sooner |
|
|
|
site down for 10 minutes, i keep getting the same response even after over 1/2 an hour!
so is the site back up or not?
waiting to check back the statistics....lets see how long maintanence takes
It's the downgraded performance I've mentioned in previous post. It should work most of the time, and in about 50 minutes problems should disappear. Any plans of selling some shares in market exchange?
No. |
|
|
|
I hope you fix it fast, i earn huge faucet streams from faucetbox, my favorite microwallet.
I`m curious about the new features, what are they?
Oh, it's fixed already There're no new features with this one however. We just had to update the database to keep up with the ever-increasing number of payouts and to clean up some legacy stuff. |
|
|
|
FaucetBOX.com is back up now, however you may experience degraded performance for a few more hours. Please report any issues.
Sorry for this long downtime once again. I hope that the next one won't happen until September.
Some inconsistencies were found after the update. We're back to maintenance, sorry. EDIT: issue located, should be resolved in ~10 minutes. |
|
|
|
|
FaucetBOX.com is back up now, however you may experience degraded performance for a few more hours. Please report any issues.
Sorry for this long downtime once again. I hope that the next one won't happen until September.
|
|
|
|
FaucetBOX.com will be down for maintenance on Saturday/Sunday night (UTC). Database schema update is required, so it can take a long time.
The maintenance has started. It can take even a few hours, sorry for inconvenience.. any Updates? About 56% of last stage is done, rough ETA: 1h 15min. EDIT: 87% complete. EDIT2: any minute now. |
|
|
|
FaucetBOX.com will be down for maintenance on Saturday/Sunday night (UTC). Database schema update is required, so it can take a long time.
The maintenance has started. It can take even a few hours, sorry for inconvenience.. |
|
|
|
Thanks. I already did it with col-xs-8 col-md-8 col-md-push-2 Oh, looks like I've looked at that after you've changed it I have one more important question: Why is my faucet not working? I tried multiple addresses and it always says "Invalid 'to' address".. Just try it: http://winbits.usYou've added: <input type="text" style="text-align:center;" name="address" class="form-control" value="http://winbits.us/?r=Your_Address">
after the "Share this link with your friends". So it always sends the address as " http://winbits.us/?r=Your_Address" instead of what user puts in the input. Remove the 'name="address"' from this line and it should work fine. EDIT: I probably found a bug/mistake in support page:
Thanks, I've added it to our bugtracker |
|
|
|
And sorry to say but even on Doge u cannot compet with direct deposit. yes ur pay structure is good and all but like I said keep thouwing faucet owner who pays u fees under the Bus ur in for a short haul. Even on BTC. U seem like a good guy Kaz but get ur priorities straight. Hackers and scammers wow u support them read the email goood I had sent u before u had posted what u did. Wow u even accuse Xapo doing fundraising where next. Wake up listen to ur fucet owners smell the coffee if u keep accusing faucet owners legit ones ur going down is all
I hate coffee . I don't know how fundraising is an accusation, it's a good thing o.O. Here's a random article about that: http://www.coindesk.com/xapo-sets-40-million-fundraising-record-bitcoin-industry/ . And I really don't want to have an argument with you, but don't expect I'll be nice to you after what you did in previous thread. I'm 100% sure you weren't hacked. There was no sudden spike of payouts, no big payouts to single addresses, no weird logins to your FaucetBOX.com dashboard, no payouts to one-time, throw-away addresses, really NOTHING out of ordinary. Yet you claim that there's a wide-known vulnerability in the script (but of course you won't disclose it) and that nano-btc used that to steal coins from you. We do what we can to prevent hacks. We implemented email notifications on login, simple MFA using email (more options coming), log of IP addresses that used the API key, and a config.php option to disable admin panel of the faucet script. And we keep implementing more and more security features. We listen to our users, as can be confirmed by multiple reports on how good our support is and that we try to implement requested features (not all of them obviously, but those that are possible and most demanded). Changethe div class from: col-xs-12 col-md-8 col-md-push-2 bg-black text-white to col-xs-12 col-md-10 col-md-push-1 bg-black text-white or even col-xs-12 col-md-12 bg-black text-white I see.If the performance reasons are the problem, then make it only so that faucet owners, or faucet list owners can access it, for example , users with an account can either be faucet owners or faucet promotors (with ref links). And you can restrict that to faucet promotors since faucet users dont really care that much, since they actively do faucets, but i got for example like 500 referrals and i cannot check the data every 10 minutes, perhaps 1-2 times /day.
Worst case, you can make it paid-to-use, for example for 0.01 BTC/month premium membership with enhanced features.
I've already started a discussion with other devs about possible solutions. We'd like to avoid any premium memberships. How about data aggregation? Instead of showing only latest 15-50 payouts, we'd also show how much coins did you earn from each faucet the day before. So you could check the data only once a day and already have it processed, allowing you to see not only which faucets are legit, but also which one pays the most. |
|
|
|
|
Show Posts
