FaucetBuilder (OP)
Newbie
Offline
Activity: 40
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
June 30, 2015, 11:58:46 AM |
|
OP here. The script has been fixed
All faucets that have been created via the script have been notified of the fix via email. Please PM me if you are still having questions.
|
|
|
|
Emerge
Legendary
Offline
Activity: 854
Merit: 1000
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
June 30, 2015, 12:02:19 PM |
|
If a dev can check again if there's a no more backdoor that would be great. I like how it has a Filipino language pack though. Good luck!
Hope you don't scam anybody with this service.
|
|
|
|
FaucetBuilder (OP)
Newbie
Offline
Activity: 40
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
June 30, 2015, 07:24:49 PM |
|
If a dev can check again if there's a no more backdoor that would be great. I like how it has a Filipino language pack though. Good luck!
Hope you don't scam anybody with this service.
I can confirm the script has been fixed. As I mentioned in the first post this has been done as a hobby to help guys who want to create faucets for free. It is true that the remember cookie created a vulnerability but this was stupid mistake by me. I did it initially so that the admin did not have to keep logging in. But this has been brought up and fixed. I have tried to be as open as possible and fix issues like this ASAP. Anyone with dev background can check the fix and see that the vulnerability have been removed. I hope you enjoy the script and thanks for trying it out!
|
|
|
|
FaucetBuilder (OP)
Newbie
Offline
Activity: 40
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
June 30, 2015, 07:31:34 PM |
|
I double-checked, and in my opinion this backdoor is fully intentional. He checks if the cookie called "remember" exists, but that cookie is not set anywhere. This means that the script expects that a human will set that cookie manually, because manually setting it is the only way it can exist.
The intention was not to take advantage of a backdoor. Instead it was a silly mistake meant to give the option for the admin to not have to relogin everytime. It has already been fixed and can be checked by faucet owner on the script.As I mentioned in the first post this has been done as a hobby and service is meant to be free. You can now check that it has been fixed. Thank you for bringing this up. My intention is to make honest business and help new faucet creators.
|
|
|
|
szgal
Newbie
Offline
Activity: 26
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
June 30, 2015, 08:30:45 PM |
|
I double-checked, and in my opinion this backdoor is fully intentional. ...strip...
The intention was not to take advantage of a backdoor. Instead it was a silly mistake meant to give the option for the admin to not have to relogin everytime. It has already been fixed and can be checked by faucet owner on the script.As I mentioned in the first post this has been done as a hobby and service is meant to be free. You can now check that it has been fixed. Thank you for bringing this up. My intention is to make honest business and help new faucet creators. I can confirm that the "remember" cookie bug is fixed. Thank you for acting so fast. I thought it's intentional because in the initial commit ( https://github.com/destinybogan/Faucet-Builder/commit/49e11c91812d020b677fe791faffb06e27da706c), there's no setcookie("remember"). This means you either wanted to write some code that sets the cookie but then forgot about it, or you backdoored the script and put a "remember me" checkbox to make it less suspicious. Sorry for accusing you if the former is the case. By the way, this script still has a security vulnerability which allows full write access to the database for everyone who can log in as admin.
|
|
|
|
bit1
Legendary
Offline
Activity: 938
Merit: 1000
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
June 30, 2015, 11:32:39 PM |
|
I double-checked, and in my opinion this backdoor is fully intentional. ...strip...
The intention was not to take advantage of a backdoor. Instead it was a silly mistake meant to give the option for the admin to not have to relogin everytime. It has already been fixed and can be checked by faucet owner on the script.As I mentioned in the first post this has been done as a hobby and service is meant to be free. You can now check that it has been fixed. Thank you for bringing this up. My intention is to make honest business and help new faucet creators. I can confirm that the "remember" cookie bug is fixed. Thank you for acting so fast. I thought it's intentional because in the initial commit ( https://github.com/destinybogan/Faucet-Builder/commit/49e11c91812d020b677fe791faffb06e27da706c), there's no setcookie("remember"). This means you either wanted to write some code that sets the cookie but then forgot about it, or you backdoored the script and put a "remember me" checkbox to make it less suspicious. Sorry for accusing you if the former is the case. By the way, this script still has a security vulnerability which allows full write access to the database for everyone who can log in as admin. Excellent, Is really good see peoples interested on security,I hope that more peoples join soon to this cause....
|
|
|
|
dezoel
Legendary
Offline
Activity: 2072
Merit: 1078
Leading Crypto Sports Betting & Casino Platform
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
July 01, 2015, 10:16:38 AM |
|
I double-checked, and in my opinion this backdoor is fully intentional. He checks if the cookie called "remember" exists, but that cookie is not set anywhere. This means that the script expects that a human will set that cookie manually, because manually setting it is the only way it can exist.
The intention was not to take advantage of a backdoor. Instead it was a silly mistake meant to give the option for the admin to not have to relogin everytime. It has already been fixed and can be checked by faucet owner on the script.As I mentioned in the first post this has been done as a hobby and service is meant to be free. You can now check that it has been fixed. Thank you for bringing this up. My intention is to make honest business and help new faucet creators. Thanks, i've updated my faucet script! really, you're awesome! ![Grin](https://bitcointalk.org/Smileys/default/grin.gif)
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
FaucetBuilder (OP)
Newbie
Offline
Activity: 40
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
July 01, 2015, 12:24:28 PM |
|
I double-checked, and in my opinion this backdoor is fully intentional. ...strip...
The intention was not to take advantage of a backdoor. Instead it was a silly mistake meant to give the option for the admin to not have to relogin everytime. It has already been fixed and can be checked by faucet owner on the script.As I mentioned in the first post this has been done as a hobby and service is meant to be free. You can now check that it has been fixed. Thank you for bringing this up. My intention is to make honest business and help new faucet creators. I can confirm that the "remember" cookie bug is fixed. Thank you for acting so fast. I thought it's intentional because in the initial commit ( https://github.com/destinybogan/Faucet-Builder/commit/49e11c91812d020b677fe791faffb06e27da706c), there's no setcookie("remember"). This means you either wanted to write some code that sets the cookie but then forgot about it, or you backdoored the script and put a "remember me" checkbox to make it less suspicious. Sorry for accusing you if the former is the case. By the way, this script still has a security vulnerability which allows full write access to the database for everyone who can log in as admin. I appreciate the feedback and making note of these things. As I said I am doing my best (with the resources I have) to make a good and honest business. I will continue to update these things as fast as I can and am on to the extra database issue you mentioned. Cheers dezoel!
|
|
|
|
dHe_zHiq
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 112
Merit: 10
I'm Just Try
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
July 01, 2015, 01:25:51 PM |
|
Wow, nice script ![Grin](https://bitcointalk.org/Smileys/default/grin.gif) i like the feature, and %0 fee ![Shocked](https://bitcointalk.org/Smileys/default/shocked.gif) thank you for spending your time
|
|
|
|
FaucetBuilder (OP)
Newbie
Offline
Activity: 40
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
July 01, 2015, 06:51:11 PM |
|
Wow, nice script ![Grin](https://bitcointalk.org/Smileys/default/grin.gif) i like the feature, and %0 fee ![Shocked](https://bitcointalk.org/Smileys/default/shocked.gif) thank you for spending your time My pleasure! Glad you liked it! Let me know if you have suggestions on what you'd like added ![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif)
|
|
|
|
FaucetBuilder (OP)
Newbie
Offline
Activity: 40
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
July 09, 2015, 02:56:59 AM |
|
Hello friends,
Faucetbuilder has received some updates:
-More sanitizing on SQL queries. -Improvement on table creation script to be able to execute it with the new created users. -Security tips improved
The guys who have downloaded the script will have received an email with these updates. Let me know what you think!
|
|
|
|
meadefreling
Full Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif) ![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 210
Merit: 100
★YoBit.Net★ 350+ Coins Exchange & Dice
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
July 14, 2015, 09:23:57 AM |
|
This is no doubt one of the best faucet script out there after the fixing of the bug however I am not interested in using xapo for my faucet account is there any way to integrate any other payment gateway.
|
|
|
|
FaucetBuilder (OP)
Newbie
Offline
Activity: 40
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
July 15, 2015, 06:02:02 PM |
|
This is no doubt one of the best faucet script out there after the fixing of the bug however I am not interested in using xapo for my faucet account is there any way to integrate any other payment gateway.
Thanks for the nice words. I'm working hard on this (when i have time) ![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif) If you dont want to use Xapo what other option would you like to see? The reason I chose Xapo is because they are very well known in the faucet world especially non-English places. They seem to have the APIs we'd need to do this, allow to pay to email or btc address, and they cover all your miner fees so you dont need to pay for that. Am i missing something? If you have a better option I can look but so far most of the guys using my script are happy with them.
|
|
|
|
Bandot
Sr. Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif) ![*](https://bitcointalk.org/Themes/custom1/images/star.gif) ![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 394
Merit: 250
For the watch
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
July 25, 2015, 07:47:30 PM |
|
Nice looking service. Might use it in the future. Keep up the good work OP!
|
|
|
|
FaucetBuilder (OP)
Newbie
Offline
Activity: 40
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
July 27, 2015, 03:53:34 PM |
|
Thanks! Appreciate the feedback!
|
|
|
|
FaucetBuilder (OP)
Newbie
Offline
Activity: 40
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
August 12, 2015, 03:59:42 PM |
|
Thanks! Appreciate the feedback!
We have made new updates to our script to improve security. If you have a second please check it out and let us know your thoughts!
|
|
|
|
kori
Full Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif) ![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 168
Merit: 100
★777Coin.com★ Fun BTC Casino!
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
August 12, 2015, 05:58:37 PM |
|
Is this better that faucetbox.com Plz tell i want to make a faucet On my dimain Abitcoin.net And i am out of funds too. Plz tell if this script is better than faucet box or not Regards
|
|
|
|
FaucetBuilder (OP)
Newbie
Offline
Activity: 40
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
August 13, 2015, 04:27:51 AM |
|
Is this better that faucetbox.com Plz tell i want to make a faucet On my dimain Abitcoin.net And i am out of funds too. Plz tell if this script is better than faucet box or not Regards
Yes it's like faucetbox but better. You can pay to email or btc address and if users use Xapo (which I've seen many of the bigger faucets using) they are paid automatically even if it's 1 satoshi. The best part is that we are free. We dont charge anything for you to use this service, I believe Faucetbox charges 3% of all your funds.
|
|
|
|
Specialist
Newbie
Offline
Activity: 9
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
August 13, 2015, 08:50:50 AM |
|
Wow what a nice Intention from FaucetBuilder. I am still at work so I coudn`t test your skript till now but I can`t wait to do so when I am back home. I´ve been looking for something like this the last weeks. Things like your free skript really help the new guys round here. And another big thx to szgal for pointing out the potential backdoor in the skript and sharing it with the community instead of collecting all the satoshis with this little dirty trick ![Wink](https://bitcointalk.org/Smileys/default/wink.gif) . Guys like you make me feel really comfortable in this Forum.
|
|
|
|
FaucetBuilder (OP)
Newbie
Offline
Activity: 40
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
August 13, 2015, 03:13:29 PM |
|
Wow what a nice Intention from FaucetBuilder. I am still at work so I coudn`t test your skript till now but I can`t wait to do so when I am back home. I´ve been looking for something like this the last weeks. Things like your free skript really help the new guys round here. And another big thx to szgal for pointing out the potential backdoor in the skript and sharing it with the community instead of collecting all the satoshis with this little dirty trick ![Wink](https://bitcointalk.org/Smileys/default/wink.gif) . Guys like you make me feel really comfortable in this Forum. First of all definitely agree on our good guy /u/szgal. You da real MVP! Second, if you test it and like please help us by sharing it! So far I have only really promoted it on bitcointalk and to a few friends building faucets.
|
|
|
|
|