Need assistance with my faucet - possible security hack

[ofirbeigel]

I'm running a Bitcoin faucet and lately I've been getting complaints from several users that the BTC address that is auto populated in the address bar is not their own.

I auto populate a user's BTC address through the use of cookies but it seems that someone is perhaps manipulating this. I couldn't create the issue on my own machine but several users claimed it happened from different machines they were using the faucet from.

This is the link to the faucet and the whole story is basically described in the comments. Is there any chance someone can be "hijacking" the cookie is someway and inserting his own BTC address instead of the user's?

[Chris!]

I'm sorry to hear about this Ofir. I hope you find someone that's willing/able to help!

I just got your email about how it was profitable too. To have this resolved quickly I would suggest you offer a small bounty. It will definitely spark some interest and there is a lot of talent on this forum.

[robelneo]

Hello I am running a bitcoin faucet rotator would like to add your faucets to our rotator,send it to us after you fix the issue so we cam promote it to all our users,we are looking for more faucets for our rotator the only qualification is that it must always had a fund and of course part of faucets or had a good paying reputatio..

[ofirbeigel]

Hello I am running a bitcoin faucet rotator would like to add your faucets to our rotator,send it to us after you fix the issue so we cam promote it to all our users,we are looking for more faucets for our rotator the only qualification is that it must always had a fund and of course part of faucets or had a good paying reputatio..

Thanks. We've just fixed the faucet. Feel free to add it.
Ofir

[Patatas]

Yes session cookies can be easily modified by a third party code,as the cookie only loads in the browser through the server,they can be modified but not quite in your case.I would know more if your faucet was actually working,not sure if you're editing it but this is what I get when I tried to access it

Fatal error: Cannot redeclare getRandomWeightedElement() (previously declared in /home1/ab44276/public_html/mili_staging/wp-content/plugins/exec-php/includes/runtime.php(42) :
eval()'d code:5) in /home1/ab44276/public_html/mili_staging/wp-content/plugins/exec-php/includes/runtime.php(42) : eval()'d code on line 14

[krunox123]

Hello I am running a bitcoin faucet rotator would like to add your faucets to our rotator,send it to us after you fix the issue so we cam promote it to all our users,we are looking for more faucets for our rotator the only qualification is that it must always had a fund and of course part of faucets or had a good paying reputatio..

Thanks. We've just fixed the faucet. Feel free to add it.
Ofir

Are you sure it has been fixed? Because I got an error when I visit your website.

Code:

Fatal error: Cannot redeclare getRandomWeightedElement() (previously declared in /home1/ab44276/public_html/mili_staging/wp-content/plugins/exec-php/includes/runtime.php(42) : eval()'d code:5) in /home1/ab44276/public_html/mili_staging/wp-content/plugins/exec-php/includes/runtime.php(42) : eval()'d code on line 14

OT:
You might be interested to read this.

[ofirbeigel]

Hello I am running a bitcoin faucet rotator would like to add your faucets to our rotator,send it to us after you fix the issue so we cam promote it to all our users,we are looking for more faucets for our rotator the only qualification is that it must always had a fund and of course part of faucets or had a good paying reputatio..

Thanks. We've just fixed the faucet. Feel free to add it.
Ofir

Are you sure it has been fixed? Because I got an error when I visit your website.

Code:

Fatal error: Cannot redeclare getRandomWeightedElement() (previously declared in /home1/ab44276/public_html/mili_staging/wp-content/plugins/exec-php/includes/runtime.php(42) : eval()'d code:5) in /home1/ab44276/public_html/mili_staging/wp-content/plugins/exec-php/includes/runtime.php(42) : eval()'d code on line 14

OT:
You might be interested to read this.

Thanks guys I've just fixed that issue as well (it was a plugin that messed up the site). Thanks a lot for your feedback I now understand that I need to add an SSL to my site.