Bitcoin Forum
December 04, 2016, 08:34:37 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 [6]  All
  Print  
Author Topic: [Pre Alpha] PHPCoin  (Read 9825 times)
NothinG
Hero Member
*****
Offline Offline

Activity: 560



View Profile
August 15, 2011, 12:58:22 PM
 #101

BTW, those "hacker forums" are normally like those guys who finish high school virgins; they make the hardest and most long shot attack look like the easiest thing around, yet they never actually did any, just like those boys who never actually got anyone but will jump on claim to had half of the school girls.
I love how you bring up the "hacker forums" talking about them being high school virgins.


I used to be one of the main PHP coder for our group on hack forums. Grin
Hack Forums is not a hacking Forum, is a Social Network for Wannabe Hackers...
Gotta Love them though, and respect them for trying to help.

The Typical Hacker:
-) Had an above average grade in school (didn't do so well in history, excelled in math).
-) Over exaggerated number of girlfriends in high-school (probably 2-3 would be the truth, but they end up saying they had 10-20 girls).

The Hacker that Manipulates People:
-) Did well in Math (Thinks in Logic), had a decent grade in History (still hates it), loves English.
-) Exaggerates number of girlfriends by a little-bit but just enough to make you believe them (roughly 5-7).

...there are more, but that's about the only two categories I've been in.

According to NIST and ECRYPT II, the cryptographic algorithms used in Bitcoin are expected to be strong until at least 2030. (After that, it will not be too difficult to transition to different algorithms.)
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
August 15, 2011, 01:19:35 PM
 #102

"Hacking" is actually do the things in an unorthodox way.

But my point was on "claim vs reality", not on how many gf a hacker has or not. I know those forums, it mostly goes around like:
- Let's strike xpto.com?
- Yeah! Yeah!
- They've a XSS/CSRF exploit
- Whow!!!! Easy picking! We will screw it!
...after 1.000.000 fails you got the two "hacker kinds":
Liar:
- I'm in!
- Sweet! Help us out.
- Oh shit! Just logged out. I'll teach you guys later, need to check the logs. (and wait this to be forgotten)
Honest:
- You guys up to DDoS it?

 Grin
Jine
Sr. Member
****
Offline Offline

Activity: 405


View Profile
August 15, 2011, 02:38:09 PM
 #103

I've never actually been a member of a "hacking forum".

I never said any of those was hard to fix, i just told it should be done.
Insert a maximum length of 255 chars or something as password as well - and you don't ever have to.

BCEmporium:
1) IIRC from reading the source, NothinG don't sanitize any inputs at all - except for avoiding SQL injections.
I rest my case. You're stupid if you don't see that as a issue Smiley

Ps. I do work as a security consultant, but that is none of you business Smiley


EDIT:
Seriously tho, wtf is up with this forum? Each time i point out a security flaw in a system, i get tons of shit thrown at me.
Lets change strategies then, lets PROVE that everything i said is valid and can be exploitable.

Forget everything i said, and I'll public a few POC when I feel like it's time to do so Smiley

Previous founder of Bit LC Inc. | I've always loved the idea of bitcoin.
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
August 15, 2011, 04:12:06 PM
 #104

For fuck sake, cannot SOMEONE learn to develop correctly structured PHP?

THIS...

I would ask otherwise, can't someone develop something wasting TIME and for FREE, without having some full of shit "security troll" to show around as an unwanted sort of "consultant"?

So next time, if you don't want shit thrown at you, don't throw at others.
Xephan
Jr. Member
*
Offline Offline

Activity: 42


View Profile
August 15, 2011, 04:17:22 PM
 #105

EDIT:
Seriously tho, wtf is up with this forum? Each time i point out a security flaw in a system, i get tons of shit thrown at me.

I think it's probably a pride thing. Most of us like to think we're good at what we're doing and to admit otherwise, can be difficult when it comes to certain things. I'm paranoid and fortunately don't think I'm a l33t programmer so anytime somebody points out a potential security flaw in my code, I'm definitely going to look at it first. I'd rather add a few more lines of code to plug a potential flaw than to write a few paragraphs to defend my pride and still leave a hole to potentially get screwed later. Admittedly, there are other things where I will find it a lot harder to accept criticism! Cheesy


186q9YUW3x8TVHC5aYBEqgZZYMxft8Cw9f
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
August 15, 2011, 04:23:50 PM
 #106

Another thing, before your cast of "security wannabes", shouldn't you read the aim of the project first?

This project is initially designed to be used as frontend for Debian VM's - NOT as a webservice. Webservice will have a few differences in account features, such as captchas to prevent brutte forcing and other pwd security.

@Xephan;

I accept criticism, I DO NOT ACCEPT, is someone scratching his balls and just showing his face to say things like "for fuck sake you can't code". This ain't about being "infallible" or "too good", it's a matter of RESPECT others' work.
Xephan
Jr. Member
*
Offline Offline

Activity: 42


View Profile
August 15, 2011, 04:38:31 PM
 #107

@Xephan;

I accept criticism, I DO NOT ACCEPT, is someone scratching his balls and just showing his face to say things like "for fuck sake you can't code". This ain't about being "infallible" or "too good", it's a matter of RESPECT others' work.

I would agree that saying somebody can't code is a bit disrespectful. I hope I've not made any comment to that effect but only to highlight what I feel are potential pitfalls. As I said earlier in this thread, it's your project you can code it anyway you like regardless of what others like me may suggest. But if I did say anything to the effect of "you can't code", I would apologize for it.

On another issue, while your objective now is for it to be a private VM frontend, I was all along under the impression from your first post that it was intended to be used for public facing services as well. While you've made the point about certain additional changes to the code for those purposes, I would suggest that it would be more efficient and easier to maintain a single secured code base than two. You can always use options to turn off unneeded security such as captchas for use in an internal environment. This way, you wouldn't have to worry that a flaw in one may be exploited to get to the other.

186q9YUW3x8TVHC5aYBEqgZZYMxft8Cw9f
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
August 15, 2011, 04:44:57 PM
 #108

That won't be a branch, will be the same development, but because I don't have limitless free time, I'll start by cutting some issues in the private frontend and later input the remaining ideas for this project. The final project must be a single branch, with ability to enable/disable webservice's features, such as SHA1 pwd crypt (bad idea if your VM has just 128 Mb of RAM or less), captchas (senseless to connect to 192.168.x.x), and so on.
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
September 05, 2011, 07:15:41 AM
 #109

Question.  I have this installed and running on a test server.  I sent myself 5 bitcents.  It has 57 confirmations now, but when I log in, I see this:

Balance 0.00000000 BTC 0.05000000 BTC 

with the 0.05 show in small italics.  I can't do anything with the coins, because my account balance is 0.

What does the little italics mean, and how do those coins make it into the account?
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
September 05, 2011, 08:59:13 AM
 #110

The italic means "I already can see it, but still hasn't the required confirmations".

Change it from unconfirmed to confirmed (normal will be 0.05 and italic will back to 0.00) it's a job of the cron file. Don't forget to config the abspath on the cron.
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
September 05, 2011, 06:55:59 PM
 #111

The italic means "I already can see it, but still hasn't the required confirmations".

Change it from unconfirmed to confirmed (normal will be 0.05 and italic will back to 0.00) it's a job of the cron file. Don't forget to config the abspath on the cron.
I... didn't know there was a cron to run.  That's probably why.  Tongue
hamburger
Full Member
***
Offline Offline

Activity: 131



View Profile
September 05, 2011, 07:05:35 PM
 #112


Quote
I... didn't know there was a cron to run. That's probably why.  Tongue

Great question - I also did not know this and was waiting for the change for a week now. Roll Eyes

Q: Should we uncomment this line (as it is now) in the cron file to use the database specified confirmation;

Quote
//Checking for new deposits
  $accounts = $b->listaccounts((int)$config['confirmations']['value']);
  //$accounts = $b->listaccounts(1); //Test only

and do we need to set our Default account for sending to PC_MAIN or could we use any other address available.

Q: Any news on the admin section?

Thank you,

Hamburger
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
September 05, 2011, 07:30:04 PM
 #113

Lol, I don't even have the cron folder.  I should probably update to the latest version...  Tongue
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
September 05, 2011, 07:41:12 PM
 #114

You can get the latest source from https://github.com/BCEmporium/PHPCoin

The cron folder is phpcoin-cron, you should copy it somewhere outside the webroot and config the abspath to the installation.

The main account can be changed on the database still.
hamburger
Full Member
***
Offline Offline

Activity: 131



View Profile
September 07, 2011, 05:26:38 PM
 #115

Hi,

Do any of you perhaps know why I would get a Internal Server Error when I create a new account or when I log out?

Thank you,

Hamburger
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
September 07, 2011, 07:01:41 PM
 #116

Hi,

Do any of you perhaps know why I would get a Internal Server Error when I create a new account or when I log out?

Thank you,

Hamburger

Look in the error.log of your server. The answer must be there. Maybe a misconfiguration, that error is common within miss .htaccess configs
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
October 20, 2013, 12:35:41 AM
 #117

I thought this project to be dead due to lack of interest, but two weeks ago an user emailed me a mysqli patch to it, meanwhile I forgot my GitHUB pass to put it up there and now someone else connects this project to some deepweb market with its admin saying that I helped him. Checked my contacts made through here and still can't figure where or how.
What a mess!  Huh
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
October 20, 2013, 11:33:36 AM
 #118

I thought this project to be dead due to lack of interest, but two weeks ago an user emailed me a mysqli patch to it, meanwhile I forgot my GitHUB pass to put it up there and now someone else connects this project to some deepweb market with its admin saying that I helped him. Checked my contacts made through here and still can't figure where or how.
What a mess!  Huh

lolwut? lol
I think we need more details. Especialy if you want us to help you find out where or how(what?)...

BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
October 20, 2013, 02:16:14 PM
 #119

Nvm, there is some people saying I helped on creating a deepweb market or even own or made it, because it's code leaked and the structure is similar to my project here. What would be funny taken I started to make a market for the regular web, bcommerce, but never actually finished it. I also don't remember to help anybody about this project outside this thread but I usually answer to common questions about PHP, could be that.
And about the index/switch structure it's also part of some commercial frameworks, like webassist.
I guess I should look on the bright side and get happy that apparently my code styling is strong enough for the deepweb, but sucks to see my name attached to people I wouldn't touch with a 10 feet pole!
Pages: « 1 2 3 4 5 [6]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!