Would there be an interest for a Bitcoin Gambling Source? | Become the House

[Mooshire]

I myself was interested in running and managing a bitcoin gambling site, but I reside in the US.

Why not to operate website anonymously via VPN or make it accessible via TOR like Silkroad!?

Can't tell if troll.

I'd love to have the source, i'm not that great at programming, but I could use this to make something.

It'd be for a hefty price of course, just due to the return you'd make off of it.

It's not for children, only for serious entrepreneurs (not saying you aren't one).  But if you don't have the money to put down for it, including the money to back the site's payroll, don't bother looking into it.

Lost all respect.

[Loker]

Failing to understand that.  Reuploaded: https://vimeo.com/71077590

[Loker]

Posted a sales thread for anyone interested: https://bitcointalk.org/index.php?topic=263046.0

[Hfleer]

You could propably post a demo that uses play money, and would be easier to get a feel for your software then the video.

[Loker]

You could propably post a demo that uses play money, and would be easier to get a feel for your software then the video.

Added a demo-site.  Balance is auto-added to users that register so you can toy around with it.

[vlees]

I do not suggest anyone to buy this. The site is insanely insecure and I currently own more fake gambling coins that there will ever be bitcoins (on his demo site).

[Loker]

I do not suggest anyone to buy this. The site is insanely insecure and I currently own more fake gambling coins that there will ever be bitcoins (on his demo site).

Lol.  1. It's not complete and hasn't been bug-tested, 2. I have written up a file that will be a cron-job constantly checking for malicious bettors and 3. It's a sample and I never said in anyw way, shape, or form that it's 100% secure.  If it was EVER to go live it would be, however.

Not to mention, you or anyone that maliciously gained balance would never be able to cash them out.  Aside from little bugs like that that are fixable, it's actually really secure.

It makes use of prepared statements disallowing any type of database injection or manipulation.

[vlees]

Aside from little bugs like that that are fixable, it's actually really secure.

Sorry, I don't trust a developer anymore that tries to sell a gambling site that in its current form allows anyone to cheat the house and then claim "yeah it's fixable". I bet you would've done nothing about it if I didn't point it out in this thread to you and you would just let the first sucker buying this PoS walk away without the notice that it's seriously fubar.

[Loker]

Aside from little bugs like that that are fixable, it's actually really secure.

Sorry, I don't trust a developer anymore that tries to sell a gambling site that in its current form allows anyone to cheat the house and then claim "yeah it's fixable". I bet you would've done nothing about it if I didn't point it out in this thread to you and you would just let the first sucker buying this PoS walk away without the notice that it's seriously fubar.

Wrong.  Reread my response..

[Loker]

Fixed.  Forgot to parameterize my prepared statement that handled the updating of balance.

[Loker]

Anyone that may be interested, feel free to shoot me a Pm.

[🏰 TradeFortress 🏰]

I'm sorry but your site is horribly insecure. If I know a user's Bitcoin address, I can change their cashout address to mine. Silently.

Proof of concept: http://ca3.cc/poc.php

lrn2security. Anyone who buys broken scripts is an idiot and will get hacked, because there's quite a few other vulnerabilities too.

[Loker]

I'm sorry but your site is horribly insecure. If I know a user's Bitcoin address, I can change their cashout address to mine. Silently.

Proof of concept: http://ca3.cc/poc.php

lrn2security. Anyone who buys broken scripts is an idiot and will get hacked, because there's quite a few other vulnerabilities too.

Lol.  This does the same exact thing as what my script that changes people's address' does.

Their address can't be changed unless they enter theirs...

And no, you can't do that unless you have their log-in.  In which case they'd simply be 'hacked'

I usually don't express myself as such, but frankly: you're a fucking moron.

Not even going to bother verifying where the HTTP request is coming from because your script is 100% useless and most users here won't be able to realize that.

Regardless, feel free to point out any vulns.  I'd LOVE to see 'em.

[vlees]

I'm sorry but your site is horribly insecure. If I know a user's Bitcoin address, I can change their cashout address to mine. Silently.

Proof of concept: http://ca3.cc/poc.php

lrn2security. Anyone who buys broken scripts is an idiot and will get hacked, because there's quite a few other vulnerabilities too.

Just ignore Loker...

[Loker]

I'm sorry but your site is horribly insecure. If I know a user's Bitcoin address, I can change their cashout address to mine. Silently.

Proof of concept: http://ca3.cc/poc.php

lrn2security. Anyone who buys broken scripts is an idiot and will get hacked, because there's quite a few other vulnerabilities too.

Just ignore Loker...

Just ignore me?  My source has no vulns.  Lol.

[🏰 TradeFortress 🏰]

And no, you can't do that unless you have their log-in.  In which case they'd simply be 'hacked'

Are you not aware of CSRF? I don't need someone's login. I just need to know someone's bitcoin address and I can silently update it.

[vlees]

And no, you can't do that unless you have their log-in.  In which case they'd simply be 'hacked'

Are you not aware of CSRF? I don't need someone's login. I just need to know someone's bitcoin address and I can silently update it.

Just let him be. This kid is not worth anyone's time.

[Loker]

And no, you can't do that unless you have their log-in.  In which case they'd simply be 'hacked'

Are you not aware of CSRF? I don't need someone's login. I just need to know someone's bitcoin address and I can silently update it.

You're both idiots.

First of all, I could easily check where the requests are coming from, second of all, the user sees their cashout address prior to clicking cashout.

They could easily change it back to their address.

Lol.  Please point out these 'other vulnerabilites.'

[flagel8]

Can vouch for this user, really knows his stuff.

You have even less reputation than OP!

lol this thread is just funny.

Thanks you guys. I LOL'd too.

[coinedabit]

how much knowledge do i need to know in order to keep it running? can it be tweaked and changed if needed? now i am a novice at websites and any sort of programming so could you explain how the code works in a summarised way?

cheers