NEW SERVICE- FaucetBuilder - All features you need to build, no fees/cost!

[FaucetBuilder]

OP here. The script has been fixed

All faucets that have been created via the script have been notified of the fix via email. Please PM me if you are still having questions.

[Emerge]

If a dev can check again if there's a no more backdoor that would be great.
I like how it has a Filipino language pack though. Good luck!

Hope you don't scam anybody with this service.

[FaucetBuilder]

If a dev can check again if there's a no more backdoor that would be great.
I like how it has a Filipino language pack though. Good luck!

Hope you don't scam anybody with this service.

I can confirm the script has been fixed. As I mentioned in the first post this has been done as a hobby to help guys who want to create faucets for free.
It is true that the remember cookie created a vulnerability but this was stupid mistake by me. I did it initially so that the admin did not have to keep logging in. But this has been brought up and fixed.

I have tried to be as open as possible and fix issues like this ASAP. Anyone with dev background can check the fix and see that the vulnerability have been removed.

I hope you enjoy the script and thanks for trying it out!

[FaucetBuilder]

I double-checked, and in my opinion this backdoor is fully intentional.
He checks if the cookie called "remember" exists, but that cookie is not set anywhere.
This means that the script expects that a human will set that cookie manually, because manually setting it is the only way it can exist.

The intention was not to take advantage of a backdoor. Instead it was a silly mistake meant to give the option for the admin to not have to relogin everytime.
It has already been fixed and can be checked by faucet owner on the script.

As I mentioned in the first post this has been done as a hobby and service is meant to be free. You can now check that it has been fixed.
Thank you for bringing this up. My intention is to make honest business and help new faucet creators.

[szgal]

I double-checked, and in my opinion this backdoor is fully intentional.
...strip...

The intention was not to take advantage of a backdoor. Instead it was a silly mistake meant to give the option for the admin to not have to relogin everytime.
It has already been fixed and can be checked by faucet owner on the script.

As I mentioned in the first post this has been done as a hobby and service is meant to be free. You can now check that it has been fixed.
Thank you for bringing this up. My intention is to make honest business and help new faucet creators.

I can confirm that the "remember" cookie bug is fixed. Thank you for acting so fast. I thought it's intentional because in the initial commit (https://github.com/destinybogan/Faucet-Builder/commit/49e11c91812d020b677fe791faffb06e27da706c), there's no setcookie("remember"). This means you either wanted to write some code that sets the cookie but then forgot about it, or you backdoored the script and put a "remember me" checkbox to make it less suspicious. Sorry for accusing you if the former is the case.

By the way, this script still has a security vulnerability which allows full write access to the database for everyone who can log in as admin.

[bit1]

I double-checked, and in my opinion this backdoor is fully intentional.
...strip...

The intention was not to take advantage of a backdoor. Instead it was a silly mistake meant to give the option for the admin to not have to relogin everytime.
It has already been fixed and can be checked by faucet owner on the script.

As I mentioned in the first post this has been done as a hobby and service is meant to be free. You can now check that it has been fixed.
Thank you for bringing this up. My intention is to make honest business and help new faucet creators.

I can confirm that the "remember" cookie bug is fixed. Thank you for acting so fast. I thought it's intentional because in the initial commit (https://github.com/destinybogan/Faucet-Builder/commit/49e11c91812d020b677fe791faffb06e27da706c), there's no setcookie("remember"). This means you either wanted to write some code that sets the cookie but then forgot about it, or you backdoored the script and put a "remember me" checkbox to make it less suspicious. Sorry for accusing you if the former is the case.

By the way, this script still has a security vulnerability which allows full write access to the database for everyone who can log in as admin.

Excellent, Is really  good see peoples interested on security,I hope that more peoples join soon to this cause....

[dezoel]

I double-checked, and in my opinion this backdoor is fully intentional.
He checks if the cookie called "remember" exists, but that cookie is not set anywhere.
This means that the script expects that a human will set that cookie manually, because manually setting it is the only way it can exist.

The intention was not to take advantage of a backdoor. Instead it was a silly mistake meant to give the option for the admin to not have to relogin everytime.
It has already been fixed and can be checked by faucet owner on the script.

As I mentioned in the first post this has been done as a hobby and service is meant to be free. You can now check that it has been fixed.
Thank you for bringing this up. My intention is to make honest business and help new faucet creators.

Thanks, i've updated my faucet script!
really, you're awesome!

[FaucetBuilder]

I double-checked, and in my opinion this backdoor is fully intentional.
...strip...

The intention was not to take advantage of a backdoor. Instead it was a silly mistake meant to give the option for the admin to not have to relogin everytime.
It has already been fixed and can be checked by faucet owner on the script.

As I mentioned in the first post this has been done as a hobby and service is meant to be free. You can now check that it has been fixed.
Thank you for bringing this up. My intention is to make honest business and help new faucet creators.

I can confirm that the "remember" cookie bug is fixed. Thank you for acting so fast. I thought it's intentional because in the initial commit (https://github.com/destinybogan/Faucet-Builder/commit/49e11c91812d020b677fe791faffb06e27da706c), there's no setcookie("remember"). This means you either wanted to write some code that sets the cookie but then forgot about it, or you backdoored the script and put a "remember me" checkbox to make it less suspicious. Sorry for accusing you if the former is the case.

By the way, this script still has a security vulnerability which allows full write access to the database for everyone who can log in as admin.

I appreciate the feedback and making note of these things. As I said I am doing my best (with the resources I have) to make a good and honest business. I will continue to update these things as fast as I can and am on to the extra database issue you mentioned.

Cheers dezoel!

[dHe_zHiq]

Wow, nice script i like the feature, and %0 fee  thank you for spending your time

[FaucetBuilder]

Wow, nice script i like the feature, and %0 fee  thank you for spending your time

My pleasure! Glad you liked it!
Let me know if you have suggestions on what you'd like added

[FaucetBuilder]

Hello friends,

Faucetbuilder has received some updates:

-More sanitizing on SQL queries.
-Improvement on table creation script to be able to execute it with the
new created users.
-Security tips improved

The guys who have downloaded the script will have received an email with these updates. Let me know what you think!

[meadefreling]

This is no doubt one of the best faucet script out there after the fixing of the bug however I am not interested in using xapo for my faucet account is there any way to integrate any other payment gateway.

[FaucetBuilder]

This is no doubt one of the best faucet script out there after the fixing of the bug however I am not interested in using xapo for my faucet account is there any way to integrate any other payment gateway.

Thanks for the nice words. I'm working hard on this (when i have time)

If you dont want to use Xapo what other option would you like to see? The reason I chose Xapo is because they are very well known in the faucet world especially non-English places. They seem to have the APIs we'd need to do this, allow to pay to email or btc address, and they cover all your miner fees so you dont need to pay for that. Am i missing something?

If you have a better option I can look but so far most of the guys using my script are happy with them.

[Bandot]

Nice looking service. Might use it in the future. Keep up the good work OP!

[FaucetBuilder]

Thanks! Appreciate the feedback!

[FaucetBuilder]

Thanks! Appreciate the feedback!

We have made new updates to our script to improve security. If you have a second please check it out and let us know your thoughts!

[kori]

Is this better that faucetbox.com
Plz tell i want to make a faucet
On my dimain Abitcoin.net
And i am out of funds too.
Plz tell if this script is better than faucet box or not
Regards

[FaucetBuilder]

Is this better that faucetbox.com
Plz tell i want to make a faucet
On my dimain Abitcoin.net
And i am out of funds too.
Plz tell if this script is better than faucet box or not
Regards

Yes it's like faucetbox but better. You can pay to email or btc address and if users use Xapo (which I've seen many of the bigger faucets using) they are paid automatically even if it's 1 satoshi. The best part is that we are free. We dont charge anything for you to use this service, I believe Faucetbox charges 3% of all your funds.

[Specialist]

Wow what a nice Intention from FaucetBuilder. I am still at work so I coudn`t test your skript till now but I can`t wait to do so when I am back home. I´ve been looking for something like this the last weeks. Things like your free skript really help the new guys round here. And another big thx to szgal for pointing out the potential backdoor in the skript and sharing it with the community instead of collecting all the satoshis with this little dirty trick  . Guys like you make me feel really comfortable in this Forum.

[FaucetBuilder]

Wow what a nice Intention from FaucetBuilder. I am still at work so I coudn`t test your skript till now but I can`t wait to do so when I am back home. I´ve been looking for something like this the last weeks. Things like your free skript really help the new guys round here. And another big thx to szgal for pointing out the potential backdoor in the skript and sharing it with the community instead of collecting all the satoshis with this little dirty trick  . Guys like you make me feel really comfortable in this Forum.

First of all definitely agree on our good guy /u/szgal. You da real MVP!

Second, if you test it and like please help us by sharing it! So far I have only really promoted it on bitcointalk and to a few friends building faucets.