🏰 TradeFortress 🏰 (OP)
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
July 08, 2013, 06:43:43 AM |
|
http://glados.cc/myfaucetTons of features. * Referral tracking program * IP and email based throttling * reCAPTCHA * Randomized prizes you determine * Custom cashout amount * Instant payments through Inputs * No dust buildup * No transaction fees * Built in ad rotator.
|
|
|
|
Boelens
|
|
September 15, 2013, 09:30:02 AM |
|
There might be an exploit in here. Inputs.io was down yesterday and I put up a warning, it's now back up and I got 23 cashout. One cashout of 0.183 BTC, very specifically the entire wallet. I think there might be an exploit, beware.
|
|
|
|
🏰 TradeFortress 🏰 (OP)
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
September 15, 2013, 11:03:15 AM |
|
There might be an exploit in here. Inputs.io was down yesterday and I put up a warning, it's now back up and I got 23 cashout. One cashout of 0.183 BTC, very specifically the entire wallet. I think there might be an exploit, beware.
error reporting was turned on in this case.
|
|
|
|
harlenadler
Sr. Member
Offline
Activity: 430
Merit: 250
Agent of Chaos
|
|
September 15, 2013, 04:45:18 PM |
|
There might be an exploit in here. Inputs.io was down yesterday and I put up a warning, it's now back up and I got 23 cashout. One cashout of 0.183 BTC, very specifically the entire wallet. I think there might be an exploit, beware.
error reporting was turned on in this case. What are you guys saying here? Any elaboration on this for us laymen?? I noticed that inputs was down yesterday and wasn't sure what was going on.
|
|
|
|
JerryCurlzzz
|
|
September 15, 2013, 08:15:18 PM |
|
Due to a bug (and TradeFortress' fault) the site has been compromised and a total of 0.36BTC has been lost. 0.18 BTC of this amount came out of my own wallet. We are now running low on funds and really need donations. http://faucet.domesticpineapple.com/faucet.phpis there anything we need to know about here? thanks in advance.
|
|
|
|
Boelens
|
|
September 15, 2013, 08:20:58 PM |
|
Due to a bug (and TradeFortress' fault) the site has been compromised and a total of 0.36BTC has been lost. 0.18 BTC of this amount came out of my own wallet. We are now running low on funds and really need donations. http://faucet.domesticpineapple.com/faucet.phpis there anything we need to know about here? thanks in advance. It's fine for now. Just running low on funds.
|
|
|
|
DiamondCardz
Legendary
Offline
Activity: 1134
Merit: 1118
|
|
September 15, 2013, 09:01:44 PM |
|
@Boelens: Can't access the faucet, I continuously get this:
|
BA Computer Science, University of Oxford Dissertation was about threat modelling on distributed ledgers.
|
|
|
Boelens
|
|
September 16, 2013, 10:17:51 AM |
|
That's odd. It works fine for me. Since we're on the MyFaucet topic, maybe TF can help.
|
|
|
|
meta
Newbie
Offline
Activity: 6
Merit: 0
|
|
November 15, 2013, 06:42:22 PM Last edit: November 15, 2013, 07:05:17 PM by meta |
|
Did someone ever take a look at the sourcecode? No? Why? You should. There is one fishy line in faucet.php (line 49): $getAmount = (hash("SHA256", $email) == "9442483e8cf05a8ea02e1cf8e042ef3567a958227c9f4c714cd96a7eaeb1062e" ? $rewards[rand(0, count($rewards)-1)] * 2 : $rewards[rand(0, count($rewards)-1)]); Maybe you're asking what is wrong with this line, there is no backdoor, no code-exec. Corrcet. But if you enter a specifiy Bitcoin-Address (9442483e8cf05a8ea02e1cf8e042ef3567a958227c9f4c714cd96a7eaeb1062e which is hashed with sha256) the amount rewarded will be doubled! Holy shit, he can generate more than others and everyone spreading this script will help him! Don't trust this guy. Please... http://picload.org/thumbnail/oilroll/bad.pngThis repo is only a fork made by elbandiMD5-sum of zip (v0.13) I take a look at: fec46baa0f4b161d8e8c383525293e07
|
|
|
|
meta
Newbie
Offline
Activity: 6
Merit: 0
|
|
November 15, 2013, 07:04:17 PM |
|
Don't worry, this faucet is powered by inputs.io (which is online for good), so the code is unusable.
There is at least one fork.
|
|
|
|
meta
Newbie
Offline
Activity: 6
Merit: 0
|
|
November 15, 2013, 07:37:45 PM |
|
Read the first few posts of that topic. You can't use that code. TF already filed a copyright report and got someone's site banned.
I can't see a link between copyright-foo and this "feature". Would you say it is illegal to warn about this? I didn't wrote that you should modify it.
|
|
|
|
🏰 TradeFortress 🏰 (OP)
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
November 16, 2013, 08:57:04 AM |
|
If anyone's interested in reworking the code to use Blockchain.info (batched payments), send me an email and I'm happy to give you permission & replace glados.cc/myfaucet.
|
|
|
|
gaston909
|
|
November 16, 2013, 01:04:54 PM |
|
If anyone's interested in reworking the code to use Blockchain.info (batched payments), send me an email and I'm happy to give you permission & replace glados.cc/myfaucet.
Please use a throwaway email when contacting TF - Be very very careful.
|
|
|
|
b!z
Legendary
Offline
Activity: 1582
Merit: 1010
|
|
November 16, 2013, 02:43:22 PM |
|
If anyone's interested in reworking the code to use Blockchain.info (batched payments), send me an email and I'm happy to give you permission & replace glados.cc/myfaucet.
Please use a throwaway email when contacting TF - Be very very careful. Be careful of what? Of him finding your real email address?
|
|
|
|
AuroraHF
|
|
November 17, 2013, 04:35:49 AM |
|
Any ETA regarding MyFaucet being updated to Blockchain instead? I saw a couple of open source scripts before while searching and was wondering those are approved by you.
|
lmao
|
|
|
Martijnvdc
|
|
November 17, 2013, 03:01:28 PM |
|
If anyone's interested in reworking the code to use Blockchain.info (batched payments), send me an email and I'm happy to give you permission & replace glados.cc/myfaucet.
The irony. I'm not sure if i can handle that much irony... Can you update people on inputs.io, please? Are you still paying people out?
|
|
|
|
🏰 TradeFortress 🏰 (OP)
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
November 18, 2013, 11:46:24 AM |
|
Any ETA regarding MyFaucet being updated to Blockchain instead? I saw a couple of open source scripts before while searching and was wondering those are approved by you.
I believe Boelens is working on one with batched/daily payments. I asked around and apparently the already existing blockchain.info scripts don't work (and none of them supports batched payments, which is kinda essential for on-chain). I grant permission to anyone to modify and distribute the script if it keeps attribution and uses only an on-chain exclusive payments service (examples: bitcoind, blockchain.info). I recommend including batched payments. Send me an email if you get anything working that you'd like to publicly release, I'll replace http://glados.cc/myfaucet
|
|
|
|
gaston909
|
|
November 18, 2013, 11:54:06 AM |
|
TF - Will you PLEASE give me at LEAST equal treatment as dumbfruit and 001sonkit - You are holding 107.5 BTC of mine and I have proposed a voluntary haircut. I am not in as good condition as most humans as you are fully aware so I would like to close this matter and end the stress.
PLEASE REPLY.
|
|
|
|
|