crypto777 (OP)
|
|
October 13, 2014, 12:01:48 PM Last edit: October 13, 2014, 02:19:25 PM by crypto777 |
|
|
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
October 13, 2014, 12:19:51 PM |
|
1. Wrong section. 2. Nobody cares about altcoins. 3. No clue with server security. Starting Nmap 5.21 ( http://nmap.org ) at 2014-10-13 Nmap scan report for gourl.io (178.32.138.12) Host is up (0.41s latency). Not shown: 989 filtered ports PORT STATE SERVICE 53/tcp open domain 80/tcp open http 106/tcp open pop3pw 143/tcp open imap 443/tcp open https 993/tcp open imaps 8333/tcp open unknown 8443/tcp open https-alt 9080/tcp closed unknown 9998/tcp open unknown 9999/tcp open abyss
3.5 Your cryptocurrency daemon is open to the internet, and hosted on the same server as your web server. ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port9998-TCP:V=5.21%I=7%D=10/13%Time=543BC116%P=x86_64-unknown-linux-gnu%r(NULL,B2,"HTTP/1\.1\x20403\x20Forbidden\r\nDate:\x20Mon,\x2013\x20Oct\x2 SF:02014\x2012:09:58\x20\+0000\r\nConnection:\x20close\r\nContent-Length:\ SF:x200\r\nContent-Type:\x20application/json\r\nServer:\x20darkcoin-json-r SF:pc/v0\.9\.12\.31-beta\r\n\r\n")%r(RPCCheck,B2,"HTTP/1\.1\x20403\x20Forb SF:idden\r\nDate:\x20Mon,\x2013\x20Oct\x202014\x2012:10:04\x20\+0000\r\nCo SF:nnection:\x20close\r\nContent-Length:\x200\r\nContent-Type:\x20applicat SF:ion/json\r\nServer:\x20darkcoin-json-rpc/v0\.9\.12\.31-beta\r\n\r\n")%r SF:(LANDesk-RC,B2,"HTTP/1\.1\x20403\x20Forbidden\r\nDate:\x20Mon,\x2013\x2 SF:0Oct\x202014\x2012:10:17\x20\+0000\r\nConnection:\x20close\r\nContent-L SF:ength:\x200\r\nContent-Type:\x20application/json\r\nServer:\x20darkcoin SF:-json-rpc/v0\.9\.12\.31-beta\r\n\r\n"); ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port9999-TCP:V=5.21%I=7%D=10/13%Time=543BC14D%P=x86_64-unknown-linux-gnu%r(X11Probe,8C,"\xbf\x0ck\xbddseep\0\0\0\0\0\0\0t\0\0\0\xa1\xd9\xd1\xd2s\x SF:d4{\xa8\x86\xd4\xf1T\x8d\xf5\xeb\xff\x99\x0e_/\+\xa3\x11\xbf\x84Tf\xea\ SF:xbf~\x9aH-\n\.\xcc\x13\0\0\0\0\xff\xff\xff\xffA\x1cw\xb0\xd1\x19uN\xc9/ SF:\xd5\xe1#\xe35\x90\xee\xa2V\x19\xd1\xfc\x11\x88\xd1\x96\x84\+\x13\x05\x SF:aa8\xeb\xe1\x1a\xa0\x14\xb0A84i\x0fep\x1d\x89t\xe9\x87\xfb\x18\x1e\xf8\ SF:xe3\xc2\xc0\xabs\x8f\xb7V\xa61\xca\xb5\xc3\xf6!\xcaL\x05\x05\0\0");
3.5.1 You're running the BETA version of a cryptocurrency daemon (probably downloaded straight from master) instead of a release version, on a production site. 4. Random off the shelf template, you didn't even bother editing it completely. <div class="widget3"> <div> <h4> <i class="fa fa-newspaper-o"></i> PHP Examples: </h4> <ul> <li><a href="#">NY Is Getting More Poluted Every Day</a></li> <li><a href="#">5 Tips For Your Morning Dite</a></li> <li><a href="#">Better Ways To Feed Four Pets</a></li> <li><a href="#">How To lost Weight in 10days</a></li> <li><a href="#">How To Gain Weight in 3days</a></li> </ul> </div> </div> 5. No clue how to use version control. 6. Abysmal code quality (taken from https://github.com/cryptoapi/Payment-Gateway/blob/master/cryptobox.js) function cryptobox_show(boxID, coinName, public_key, amount, amountUSD, period, language, iframeID, userID, userFormat, orderID, cookieName, hash) { var id = public_key.substr(0, public_key.indexOf("AA")); if (id == '' || boxID != id || public_key.indexOf("PUB") == -1) alert('Invalid cryptobox public_key'); else if ((amount <= 0 && amountUSD <= 0) || (amount > 0 && amountUSD > 0)) alert('You can use in cryptobox options one of variable only: amount or amountUSD. You cannot place values in that two variables together'); else if (amount != 0 && ((amount - 0) != amount || amount < 0.001)) alert('Invalid cryptobox amount'); else if (amountUSD != 0 && ((amountUSD - 0) != amountUSD || amountUSD < 0.01)) alert('Invalid cryptobox amountUSD'); else if (userFormat != 'COOKIE' && userFormat != 'SESSION' && userFormat != 'IPADDRESS' && userFormat != 'MANUAL') alert('Invalid cryptobox userFormat value'); else if (userFormat == 'COOKIE' && cookieName == '') alert('Invalid cryptobox cookie name'); else if (userFormat == 'COOKIE' && cryptobox_cookie(cookieName) != userID) alert('Please enable Cookies in your browser !'); else if (orderID == '') alert('Invalid orderID'); else if (period == '') alert('Invalid period'); else if (hash == '') alert('Invalid cryptobox hash'); else =================== Mini-competence-audit: FAILYou have no business running a 'payment gateway'.
|
|
|
|
angeloanggam
Sr. Member
Offline
Activity: 252
Merit: 250
Ace of ♠♠♠♠
|
|
October 13, 2014, 12:21:42 PM |
|
Is this an app? What is this called?
|
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
October 13, 2014, 12:26:58 PM |
|
Do you run myip.ms?
|
|
|
|
crypto777 (OP)
|
|
October 13, 2014, 12:38:00 PM |
|
Do you run myip.ms?
yes, and other 10+ websites
|
|
|
|
|
crypto777 (OP)
|
|
October 13, 2014, 01:03:12 PM |
|
You have no business running a 'payment gateway'.
We already using our GoUrl Payment Gateway on own websites and it working fine
|
|
|
|
crypto777 (OP)
|
|
October 13, 2014, 03:38:49 PM Last edit: October 14, 2014, 11:26:27 AM by crypto777 |
|
3.5 Your cryptocurrency daemon is open to the internet
- We ran daemon as Full Bitcoin Node before, at any case, we closed that ports now. For security proposes, we not keep user crypto wallets on that server, also our system forwards all received payments to owners external wallets automatically every 30 minutes. It is correct javascript compatible with old computer OS (WinXP, etc). Our main code is written in PHP and we use all time md5/sh1 check control sum/hash for security proposes. Nobody cannot change user data which send/receive from our server. Also we use SSL secure connection to server. 3.5.1 You're running the BETA version of a cryptocurrency daemon - DARKCOIN
It is Darkcoin, not Bitcoin. It is different crypto currencies and Darkoin have no stable release version on this moment. Read messages from Darkcoin developers here - https://github.com/darkcoin/darkcoin/tree/master.
|
|
|
|
|
|
coinableS
Legendary
Offline
Activity: 1442
Merit: 1186
|
|
December 06, 2014, 10:31:00 PM |
|
The conversion is way off. I installed this and configured this with my server and it seems to be working okay however if you put in cost at $0.01 the payment box will say please send 0.0011 BTC to this address. That's 30 cents! Way off from the 1 penny I configured it for, there's something wrong with the conversion. Also using the pay-per-download script after sending payment, it doesn't allow the user to download the file. It recognizes and confirms that the payment was received, but the user still receives the "you have send bitcoins" error when trying to download.
|
|
|
|
superresistant
Legendary
Offline
Activity: 2156
Merit: 1131
|
|
December 28, 2014, 11:58:06 AM |
|
I am interested in a Bitcoin payment API (and maybe altcoin). What are your competitors and why should I choose you ?
|
|
|
|
KingOfSports
|
|
December 29, 2014, 07:00:18 AM |
|
I am interested in a Bitcoin payment API (and maybe altcoin). What are your competitors and why should I choose you ?
This. Interested in hearing a response from this as I'm interested in this product. What is the cost of you adding this to a website?
|
.
.
|
|
|
bitbets
|
|
March 10, 2015, 02:57:05 PM |
|
Do you want more coins to be included?
Smartcoin SMC
wants a payment processor
|
,╓▄▄▄▄▄▄▄▄▄╓ ╓▄█████████████████▄╖ ╓▄█████▀▀'▒,,,,,╠'▀▀█████▄, ,▓███▀╜,▄▄███████████▄▄,╙▀████╖ ▄███▀ ▄█████▀▀"``╙"▀▀█████▄ ▀███▄ ▓███╜╓████▀ ,▄▄█████▄▄, ▀████,╙███▌ ▓███`╔███▀ ╓▓███▀▀▀▀▀████╖ ▀███@"███▌ ]███▌┌███▌ ▐███ ███▄ ▐███ ▐███, ▐███ ▐███ .███ ███ ███▌ ███▌ ▐███ ▐███ '███ ███ ███▌ ███▌ ]███@╙███@ ▀██▌ ,▄██▌ ▐███ ▐███` ▓███ ▐███▄ ╙██▀╩ 9███╜ ╔███▀,███▌ ████,╙███▌ ▓███╜,████ ▀███▄ ▀╜ ▀▀ ▄███▌ ╙████▄, ╓▄████╜ ╙█████▄▄╓, ,╓▄▄█████▀ ▀▀█████████████████▀▀ '▀▀▀▀▀▀▀▀▀▀▀'
| CloakCoin | Trustless Anonymous Cryptocurrency | PoSA3 Forum | Bitcointalk | Twitter | Facebook | VK | Reddit | CloakTV | Instagram | IRC-Chat | Faucet
|
|
|
|
|