bitcoinbounties.org - collect bounties!

[Retired]

With all due respect (since any contribution is always a huge investment of time), I must say you have a way to go in terms of security. mysql_real_escape_string() is not the function you must use to sanitize all inputs (although you can use it to help your cleanup), but each variable must be sanitized by its own limits (alphanumeric ones using, for example, a regex; the email using a different one; and values which are always integers using string-to-integer functions like intval(), doubleval() or floatval(), or directly using number_format() to take care of it...)

I've not seen all the code, only a good part of it, and I must say you have tried hard to make it safe.

As I said, I hope this project (and so the time you've spent on it) gets the recognition it deserves, since it's a great initiative.
And I know you already said the security on the script was not yet production-ready; just wanted to give my 2 cents.

[DeathAndTaxes]

I will be more interested when it is on main net. 

You should include the ability for others to fund an existing bounty without registration simply sending funds to an address.

For example I make a bounty for xyz offering 5 BTC.  Someone else says hey that is a great idea.  Only 5 BTC?  I will add to that.  He clicks the "add to this bounty" link/button and gets and address. He sends 3 BTC to that address and after confirmation your website updates to reflect 8 BTC bounty on "xyz".

[d33tah]

It's already implemented, see the "donate" button.

[d33tah]

With all due respect (since any contribution is always a huge investment of time), I must say you have a way to go in terms of security. mysql_real_escape_string() is not the function you must use to sanitize all inputs (although you can use it to help your cleanup), but each variable must be sanitized by its own limits (alphanumeric ones using, for example, a regex; the email using a different one; and values which are always integers using string-to-integer functions like intval(), doubleval() or floatval(), or directly using number_format() to take care of it...)

I've not seen all the code, only a good part of it, and I must say you have tried hard to make it safe.

As I said, I hope this project (and so the time you've spent on it) gets the recognition it deserves, since it's a great initiative.
And I know you already said the security on the script was not yet production-ready; just wanted to give my 2 cents.

I understand you mean the script is insecure at the moment, right? Mind pointing me out some attack scenario I could reproduce? You might have a point that validation is incomplete somewhere.

[ZodiacDragon84]

I logged in as demo, and did a test bounty submission. I pulled the following error message:

Warning: move_uploaded_file(/var/www/uploads/test by ZodiacDragon84.txt): failed to open stream: Permission denied in /var/www/models/newsolution.php on line 29 Warning: move_uploaded_file(): Unable to move '/tmp/phpzcSAWc' to '/var/www/uploads/test by ZodiacDragon84.txt' in /var/www/models/newsolution.php on line 29

I would hazard a guess that the uploader didnt work, or I didnt have user permission under the demo account to upload a solution?

[ZodiacDragon84]

Also. The homepage is not very user friendly. I know sort of what is going on because I read the posts you put up previously. However, a newcomer who is reading deficient might not know whats going on when they get to your site. Maybe have a description on the homepage that lets newcomers know what you are about. and perhaps set up the bounties by category? Software bounties, hardware design bounties, mining bounties, startup bitcoin website bounties, etc. I would like to see where this goes otherwise!

[ZodiacDragon84]

Also just noticed. I tried to set up a user account to see if my use of the demo account was what threw my previous error message, only to get this message:

The login you have entered is too long (it has to be between 4 and 30 characters). Please choose a different one.

The login name I entered Was my forum tag, ZodiacDragon84, which is well within the parameters stated in the character length in the error message.

Is there anything specific on the user end that you would like to test for? Let me know what you are looking for, and I will beta test the crap out of this!

[marked]

This site is down, or at least I am only getting what looks like a default hosting page in chinese.


marked

[girlsgonebitcoin]

This site is down, or at least I am only getting what looks like a default hosting page in chinese.


marked

site has been down for awhile.

[highlevelminer]

I'm sorry to hear this.

Bitcoin bounties are all the rage in the underground network to which I belong.

You can make a heft sum, especially when done with a core mining base of course

[Raoul Duke]

I'm sorry to hear this.

Bitcoin bounties are all the rage in the underground network to which I belong.

You can make a heft sum, especially when done with a core mining base of course

Watcha saying? The site was only an example site. Working on testnet.
The VPS where it was hosted ended its yearly subscription. If I get an extra empty VPS I can donate again to put it live I will. At the moment I have none. Not even sure if d33tah is still developing it actively.

[highlevelminer]

Well for one I would directly like to be involved in the promotion of the bitcoin in general... youtube videos, links to mining pools etc.

I have a few partners who are interested in promoting the bitcoin as a lifestyle choice.

If you want to start up another website with a similar program we will definitely promote for you!

Already have a few youtube videos up with the tag pristine miner under the name Shao Ling - one of the developers of pristine miner (which is NOT available for download currently due to discretion of moderators)

[Raoul Duke]

Take your trojans/wallet stealers elsewhere n00b.

We are way more blackhat than you around here, remember that