cakir (OP)
Legendary
Offline
Activity: 1274
Merit: 1000
★ BitClave ICO: 15/09/17 ★
|
|
December 10, 2014, 10:12:32 PM |
|
Hi We all meet "Proof of Faucet" concept with MiracleCoin as all we know it's worthless now, but it sill has a value. Then A second POF coin appeared that named "Find You Coin" which is already a trash.
I want to reveal a Vulnerability about this concept.
As you know these faucet distrubitions are just "senseless". Why? Because it can be easily manipulated, Why? Because it's only checking client's ip address.
How to collect more coin with just one pc? First of all I downloaded and synced FindYouCoin's wallet. Then I copied blockchain data from %appdata%\FindYouCoin to D:\FindYouCoin D:\FindYouCoin2 D:\FindYouCoin3 D:\FindYouCoin4 ... etc. I deleted wallet.dat file in these folders.
Then, I created a few shortcuts to my original Wallet executable like these;
C:\Users\Username\Desktop\FindYouCoin-qt.exe -datadir=D:\FindYouCoin -proxy=ip2:port2 C:\Users\Username\Desktop\FindYouCoin-qt.exe -datadir=D:\FindYouCoin2 -proxy=ip3:port3 C:\Users\Username\Desktop\FindYouCoin-qt.exe -datadir=D:\FindYouCoin3 -proxy=ip4:port4 ... etc.
Then I started all wallets. All of them got coins from faucet distrubition because all of them were seen as a diffrent users' wallets. This concept doesn't check for proxys...
And I dumped all of coins from distrubition. I'm not going to answer how much btc I got.
I opened this thread to warn everybody about these type coins.
Developers may disable -proxy parameter of the wallet in case of this kinda abuse.
|
|
|
|
| ,'#██+: ,█████████████' +██████████████████ ;██████████████████████ ███████: .███████` ██████ ;█████' `█████ #████# ████+ `████+ ████: ████, ████: .# █ ████ ;███+ ██ ███ ████ ████ ███' ███. '███, +███ #████ ,████ ████ ████ █████ .+██████: █████+ `███. ,███ ███████████████████████ ████ ████ ███████████████████████' :███ ███: +████████████████████████ ███` ███ █████████████████████████` ███+ ,███ ██████████████████████████ #███ '███ '██████████████████████████ ;███ #███ ███████████████████████████ ,███ ████ ███████████████████████████. .███ ████ ███████████████████████████' .███ +███ ███████████████████████████+ :███ :███ ███████████████████████████' +███ ███ ███████████████████████████. ███# ███. #██████████████████████████ ███, ████ █████████████████████████+ `███ '███ '████████████████████████ ████ ███; ███████████████████████ ███; ████ #████████████████████ ████ ███# .██████████████████ `███+ ████` ;██████████████ ████ ████ '███████#. ████. .████ █████ '████ █████ #████' █████ +█████` ██████ ,██████: `███████ ████████#;,..:+████████. ,███████████████████+ .███████████████; `+███████#,
| |
|
|
|
|
|
|
|
|
Every time a block is mined, a certain amount of BTC (called the
subsidy) is created out of thin air and given to the miner. The
subsidy halves every four years and will reach 0 in about 130 years.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
e1ghtSpace
Legendary
Offline
Activity: 1526
Merit: 1001
Crypto since 2014
|
|
December 15, 2014, 04:30:36 AM |
|
I tried this but my wallets wouldn't connect to peers. Which proxies did you use?
|
|
|
|
cakir (OP)
Legendary
Offline
Activity: 1274
Merit: 1000
★ BitClave ICO: 15/09/17 ★
|
|
December 15, 2014, 05:04:17 AM |
|
I tried this but my wallets wouldn't connect to peers. Which proxies did you use?
Basically "socks proxies". Well, I checked the bitcoin's wiki page; https://en.bitcoin.it/wiki/Running_Bitcoin#Command-line_argumentsIt was saying that I needed to use Socks proxies. " -proxy=<ip:port> Connect through SOCKS proxy" So I went to the hide my ass, http://proxylist.hidemyass.com/and filtered the proxies according to the protocol. Probably you've tried with http(s) proxies that's why it didn't work for you...
|
|
|
|
| ,'#██+: ,█████████████' +██████████████████ ;██████████████████████ ███████: .███████` ██████ ;█████' `█████ #████# ████+ `████+ ████: ████, ████: .# █ ████ ;███+ ██ ███ ████ ████ ███' ███. '███, +███ #████ ,████ ████ ████ █████ .+██████: █████+ `███. ,███ ███████████████████████ ████ ████ ███████████████████████' :███ ███: +████████████████████████ ███` ███ █████████████████████████` ███+ ,███ ██████████████████████████ #███ '███ '██████████████████████████ ;███ #███ ███████████████████████████ ,███ ████ ███████████████████████████. .███ ████ ███████████████████████████' .███ +███ ███████████████████████████+ :███ :███ ███████████████████████████' +███ ███ ███████████████████████████. ███# ███. #██████████████████████████ ███, ████ █████████████████████████+ `███ '███ '████████████████████████ ████ ███; ███████████████████████ ███; ████ #████████████████████ ████ ███# .██████████████████ `███+ ████` ;██████████████ ████ ████ '███████#. ████. .████ █████ '████ █████ #████' █████ +█████` ██████ ,██████: `███████ ████████#;,..:+████████. ,███████████████████+ .███████████████; `+███████#,
| |
|
|
|
e1ghtSpace
Legendary
Offline
Activity: 1526
Merit: 1001
Crypto since 2014
|
|
December 15, 2014, 05:28:34 AM |
|
I tried this but my wallets wouldn't connect to peers. Which proxies did you use?
Basically "socks proxies". Well, I checked the bitcoin's wiki page; https://en.bitcoin.it/wiki/Running_Bitcoin#Command-line_argumentsIt was saying that I needed to use Socks proxies. " -proxy=<ip:port> Connect through SOCKS proxy" So I went to the hide my ass, http://proxylist.hidemyass.com/and filtered the proxies according to the protocol. Probably you've tried with http(s) proxies that's why it didn't work for you... I'm sure I tried SOCKS. I just didn't use hidemyass' proxies. Thanks for the info.
|
|
|
|
afall
Newbie
Offline
Activity: 3
Merit: 0
|
|
December 31, 2014, 05:06:24 PM |
|
I can confirm that even with the -proxy parameter disabled, users can still connect via proxy (at least with Windows). FindCoin has this disabled, but I was able to run 5 separate wallets via HTTPS proxies and received coins for each one. Until this can be addressed and fixed, I have to agree that proof of faucet coins need some type of additional security to prevent abuse.
|
|
|
|
Crestington
Legendary
Offline
Activity: 882
Merit: 1024
|
|
December 31, 2014, 07:55:01 PM |
|
A friend of mine told me a month ago or so how he was able to drain faucets through this method. For the moment I don't think Proof of Faucet is viable as it's too easy to game. I think it would be better to just have someone doing giveaways where you can identify whether or not the receiver is part of multiple profiles and exclude them on a case to case basis.
|
|
|
|
|