ptrio
Newbie
 Offline
Activity: 14
Merit: 0
|
 |
July 08, 2015, 08:49:55 PM |
|
I myself wouldn't trust referer headers as they could be fabricated.
While I didn't trust them too for FaucetBOX.com, how could they be fabricated in context of CSRF? If I were to attack you using CSRF I wouldn't be able to force your browser to fake the referrer. You are right. Referer check seems to be good enough to protect against CSRF. However there's ways to get in control of someone's browser and then spoof the headers(is XSS + CSRF possible?). Also what about HTTPS or if someone's browser doesn't send the referer headers (guess 99% do but still)? That would be considered as an attack. BTW Do you guys support p2sh for litecoin yet? If you control someone's browser, why bother with CSRF? You can just attack directly  . HTTPS isn't a problem, referrer will be correct on the site itself and possibly not set/empty when coming from other sites (then one just assumes it's invalid). If someone's browser doesn't send headers, too bad. It's not perfect solution, it's just easiest. You should generate a token, save it in session, add it as hidden input in form and compare it on request. But that require more changes, while referrer check will be sufficient for most. Still no P2SH for Litecoin yet. No ETA either. Touche I tried to come up with something but shot myself in the leg instead. |
|
|
|
|
|
BitHell.io
|
|
July 08, 2015, 10:24:14 PM |
|
Login does not work on FaucetBox at the moment. After inserting the credentials , I get redirected to a blank screen. Hope it gets fixed soon. |
|
|
|
|
MakingMoneyHoney
|
|
July 08, 2015, 10:49:52 PM |
|
Login does not work on FaucetBox at the moment. After inserting the credentials , I get redirected to a blank screen. Hope it gets fixed soon. I just went to the old thread, to post that. I forgot there was a new thread. Hope this gets fixed soon. But I'm glad it wasn't just me, lol. |
|
|
|
|
|
dart vader
|
|
July 09, 2015, 01:48:06 AM |
|
Login does not work on FaucetBox at the moment. After inserting the credentials , I get redirected to a blank screen. Hope it gets fixed soon. same here |
|
|
|
|
|
yvesp110
|
|
July 09, 2015, 01:56:48 AM |
|
LOL funny if it is Raphael script there is a bug but one of faucetbox script don't have a bug yeah right. Kazaldure is too funny anyway glad I am done with him and passed on my faucet using his script to my techs who sees it is not worth it running them |
|
|
|
|
asmoday
Member
Offline
Activity: 129
Merit: 10
International Digital Asset Platform
|
|
July 09, 2015, 02:36:20 AM |
|
Why I can't login in my admin panel on FaucetBox? (manage faucets) When login, I can see a white page..  |
|
|
|
horace0812
Member
Offline
Activity: 70
Merit: 10
★YoBit.Net★ 200+ Coins Exchange & Dice
|
|
July 09, 2015, 02:44:17 AM |
|
I don't know why I did not received my payout for 7/7, even the payout for 8/7 is already received few hours ago. Any 1 have the same issue above too |
|
|
|
|
|
|
|
Kazuldur (OP)
Legendary
Offline
Activity: 971
Merit: 1000
|
|
July 09, 2015, 05:59:20 AM |
|
I believe that's not related, it was happening since the beginning of FaucetBOX.com (only that earlier Blockchain.info simply showed 'Transaction not found' message) and it looks like it's Blockchain.info's not-standard behavior. Other nodes relay our transactions just fine, while Blockchain.info only acknowledges our transactions after they're included in block. |
Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
|
|
|
ranlo
Legendary
Offline
Activity: 1988
Merit: 1007
|
|
July 09, 2015, 06:03:00 AM |
|
I believe that's not related, it was happening since the beginning of FaucetBOX.com (only that earlier Blockchain.info simply showed 'Transaction not found' message) and it looks like it's Blockchain.info's not-standard behavior. Other nodes relay our transactions just fine, while Blockchain.info only acknowledges our transactions after they're included in block. Ahhh, interesting! I did notice that the transaction was already pending to the wallet it's going to, and other explorers (like blockr.io) show it fine, just figured maybe Blockchain's error was a bit more verbose than most of these others. It does lead to the question, though... why are later transactions still coming through? The one from the 7th should have more "weight" as it's older, and should go through before the new ones from FaucetBox, being that they both paid the same (relative amount of) fees. This is definitely an interesting situation. I'm guessing if worst comes to worst, you can just re-broadcast it or revert things back (add the funds back to each address to be sent out again once everyone's new transaction is ready) though. |
|
|
|
Kazuldur (OP)
Legendary
Offline
Activity: 971
Merit: 1000
|
|
July 09, 2015, 06:17:13 AM |
|
It does lead to the question, though... why are later transactions still coming through? The one from the 7th should have more "weight" as it's older, and should go through before the new ones from FaucetBox, being that they both paid the same (relative amount of) fees.
Take this transaction as an example: https://btc.blockr.io/tx/info/03d6e645fba49e07f3a4d8f173dce3ae590a5e0b06f28b367e29d7e64926019dhas 0.00339447 BTC fee for 15164 bytes, and it's almost 6% of what was actually transfered to users (0.05664565 BTC). So the fee is ~0.0002260 BTC/kB Another one is: https://blockchain.info/tx/1d8e35cbcad0c7814fde8c0e775259107e5adc32900263d9cc1358626a0ecb0b0.0052392 BTC fee for 17561 bytes, so it's ~0.00030819 BTC/kB Now example that didn't get through: https://www.biteasy.com/blockchain/transactions/e9ee41881cb7d38308ac80bb204b55da3877d7b64084872b7d78a4fc9aa9747e0.00194831 BTC fee for 17426 bytes, so it's ~0.00011460 BTC/kB. What matters is the fee/kB and you can see that we increased fees ~2-3x. This is definitely an interesting situation. I'm guessing if worst comes to worst, you can just re-broadcast it or revert things back (add the funds back to each address to be sent out again once everyone's new transaction is ready) though.
We continuously rebroadcast it. We would rather avoid reverting it though, as it could get messy. What's more plausible is that we'll just send double-spends with increased fees. Does anyone know a tool that'll make that easier? I don't want to mess around with raw transactions by hand |
Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
|
|
|
ranlo
Legendary
Offline
Activity: 1988
Merit: 1007
|
|
July 09, 2015, 06:27:02 AM |
|
It does lead to the question, though... why are later transactions still coming through? The one from the 7th should have more "weight" as it's older, and should go through before the new ones from FaucetBox, being that they both paid the same (relative amount of) fees.
Take this transaction as an example: https://btc.blockr.io/tx/info/03d6e645fba49e07f3a4d8f173dce3ae590a5e0b06f28b367e29d7e64926019dhas 0.00339447 BTC fee for 15164 bytes, and it's almost 6% of what was actually transfered to users (0.05664565 BTC). So the fee is ~0.0002260 BTC/kB Another one is: https://blockchain.info/tx/1d8e35cbcad0c7814fde8c0e775259107e5adc32900263d9cc1358626a0ecb0b0.0052392 BTC fee for 17561 bytes, so it's ~0.00030819 BTC/kB Now example that didn't get through: https://www.biteasy.com/blockchain/transactions/e9ee41881cb7d38308ac80bb204b55da3877d7b64084872b7d78a4fc9aa9747e0.00194831 BTC fee for 17426 bytes, so it's ~0.00011460 BTC/kB. What matters is the fee/kB and you can see that we increased fees ~2-3x. This is definitely an interesting situation. I'm guessing if worst comes to worst, you can just re-broadcast it or revert things back (add the funds back to each address to be sent out again once everyone's new transaction is ready) though.
We continuously rebroadcast it. We would rather avoid reverting it though, as it could get messy. What's more plausible is that we'll just send double-spends with increased fees. Does anyone know a tool that'll make that easier? I don't want to mess around with raw transactions by hand Increased fees definitely make a difference -- I wasn't aware that you changed them, . So essentially, right now the weight is still growing, and "should" be a priority soon. Hopefully. |
|
|
|
Salmen
Legendary
Offline
Activity: 1059
Merit: 1020
|
|
July 09, 2015, 11:56:51 AM |
|
Hello,
Some faucet getting problems with the script of RaphaelM.
Here are some security features, that I use:
- CSRF protection
- htmlspecialchars, htmlentites protect
- Valide Bitcoin Address before checking database
- mysql_real_escape_string
- Anti Adblock
Tip: Use Captcha in the Login Form
If you use these protection, your faucet is protected against SQL Injection and Bots
Cheers
Salmen
|
Young Developer amidst Europe. Specialized in Web Programming and Creating Telegram Bots. Looking for a developer? Feel free to drop a mail to me. Running JaguarBitcoin - Your Place For Scripts |
|
|
|
cjrosero
|
|
July 09, 2015, 03:48:26 PM |
|
Can anyone here have tips on how to get accepted on Google adsense ads?
|
|
|
|
|
Racey
Legendary
Offline
Activity: 1134
Merit: 1000
Soon, I have to go away.
|
|
July 09, 2015, 03:55:37 PM |
|
Please Disable Ad-Block To View This Website. By D3xt3r Well that is the wrong message, I do not have any form of Adblocking. |
And its gone.
|
|
|
Kazuldur (OP)
Legendary
Offline
Activity: 971
Merit: 1000
|
|
July 09, 2015, 04:14:00 PM |
|
Can anyone here have tips on how to get accepted on Google adsense ads?
It's easiest to use another site to get your account accepted and then simply embed ads on your faucet too. You only need to get one site approved and then you can use AdSense on all of them (if they don't break the ToS of course); |
Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
|
|
|
Kazuldur (OP)
Legendary
Offline
Activity: 971
Merit: 1000
|
|
July 09, 2015, 04:44:33 PM |
|
So essentially, right now the weight is still growing, and "should" be a priority soon. Hopefully.
They got confirmed. Finally . |
Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
|
|
|
|
cjrosero
|
|
July 09, 2015, 05:13:09 PM |
|
Can anyone here have tips on how to get accepted on Google adsense ads?
It's easiest to use another site to get your account accepted and then simply embed ads on your faucet too. You only need to get one site approved and then you can use AdSense on all of them (if they don't break the ToS of course); doing that might get the account disable i believe. anyway please guide me i have tried every thing when adding ads on the Template section and pressing the save below i got : " ForbiddenYou don't have permission to access / on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request." i tried doing the process from the start what seems to be the problem!? |
|
|
|
|
Kazuldur (OP)
Legendary
Offline
Activity: 971
Merit: 1000
|
|
July 09, 2015, 05:35:58 PM |
|
i have tried every thing when adding ads on the Template section and pressing the save below i got :
"Forbidden
You don't have permission to access / on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request."
i tried doing the process from the start what seems to be the problem!?
It's a XSS protection of your hosting. It probably blocks all POST requests with <script> and <iframe> tags. Contact your hosting about that. |
Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
|
|
|
|
