Bitcoin Forum
November 07, 2024, 05:40:02 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Lendmecoin.com Released!! Now in Beta testing!  (Read 1807 times)
bombartier357 (OP)
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile WWW
July 09, 2012, 04:37:37 AM
Last edit: July 10, 2012, 12:12:58 AM by bombartier357
 #1

Hey guys,

Made a post a while back regarding a peer to peer bitcoin lending website.  Well I finally got most of the code done.  There is still a lot of work to do, but if you want to help me work out the bugs I would really appreciate it.  There is a short video on the first page that should answer most of your questions.

Check it out....
lendmecoin.com  *** this is not working at the moment.

use this...
72.181.135.42:81
John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1288
Merit: 1227


Away on an extended break


View Profile
July 09, 2012, 04:41:32 AM
 #2

Site down: http://www.downforeveryoneorjustme.com/lendmecoin.com
bombartier357 (OP)
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile WWW
July 09, 2012, 04:48:07 AM
Last edit: July 09, 2012, 05:07:06 AM by bombartier357
 #3

Well I guess I am off to a bad start.

Looks like my ISP is blocking 80.  I will deal with this in the morning.
bombartier357 (OP)
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile WWW
July 09, 2012, 12:21:34 PM
 #4

just get a shared hosting package they are cheap and good for testing, don't try and host it on your own servers in your house it more headaches.

*Sigh* I know, but I have this computer here and why not use it?  It is already set up, just need to get this port forwarding business cleared up...
bombartier357 (OP)
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile WWW
July 10, 2012, 12:12:28 AM
 #5

just get a shared hosting package they are cheap and good for testing, don't try and host it on your own servers in your house it more headaches.

*Sigh* I know, but I have this computer here and why not use it?  It is already set up, just need to get this port forwarding business cleared up...

Good luck with that, ISP will probably ask you to upgrade, IE pay more money so might as well get a shared hosting package it would be around the same amount of money

Nah I made a workaround.  Just had to forward port 81 and make some changes on my WAMP.

If you want to check out the site you can visit it here.

72.181.135.42:81
The domain should work after 24 hours.
Clipse
Hero Member
*****
Offline Offline

Activity: 504
Merit: 502


View Profile
July 10, 2012, 12:39:27 AM
 #6

I also couldnt help chuckle a bit after going to that page. Cry

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
bombartier357 (OP)
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile WWW
July 10, 2012, 01:44:46 AM
 #7

You don't have to use it if you do not want to.  I am not a super experienced programmer, but I had a lot of feedback suggesting that I just release the website and that users would help me out.

Normally I would take more time and consideration before releasing, but people wanted me to release it.  As far as Facebook verification system is concerned... I had the option not to use this method, but it would require last 4 digits of your social.  So that being said I felt users would be more comfortable with this method.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
July 10, 2012, 01:47:51 AM
 #8

I will fix it now, but I am using sha1 encryption for password storage.

SHA1 is horrible easy to brute force.

One example:
http://nsa.unaligned.org/

This guy built at home a SHA1 brute force engine which can brute for every possible 8 digit password in less than a day.  Yes all 6,095,689,385,410,820 in less than a day.

Security is a mindset not something you bolt on at the end.  Passwords should be hashed with a strong hashing algorithm use per account random salt (min 64 bit) to prevent parallel and pre-computational attacks.  The optimal method would be some proven algorithm which slows down brute force attacks through the use of key strengthening like bcrypt, scrypt, or PBKDF2.
bombartier357 (OP)
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile WWW
July 10, 2012, 01:52:24 AM
 #9

THIS IS WHY I WILL NOT BE REGISTERING ON YOUR SITE, I HOPE YOU CAN EXPLAIN WHY IT IS NOT IN A PASSWORD FIELD, AND ARE STORING THESE PASSWORDS IN PLAIN TEXT!!!!!! ALSO WATCHING YOUR VIDEO YOUR VERIFICATION SYSTEM IS JUST A FACEBOOK FORM COME ONNNNNNNNNN back to the drawing board.


Changed the password deal, so this is fixed.
John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1288
Merit: 1227


Away on an extended break


View Profile
July 10, 2012, 02:23:57 AM
 #10

First thing before releasing a website is proofreading for errors.
For example, change all instances of 'garentee' into guarantee.
Your site has the potential, but you'll still need to work on it to iron out stuff and improve the general usability.
bombartier357 (OP)
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile WWW
July 10, 2012, 02:33:52 AM
 #11

First thing before releasing a website is proofreading for errors.
For example, change all instances of 'garentee' into guarantee.
Your site has the potential, but you'll still need to work on it to iron out stuff and improve the general usability.

Thank you for pointing that out.  I really wasn't planning on having people use it right away.  Just give me shit for what I have wrong.  Best way to improve it in my opinion.
Tril
Full Member
***
Offline Offline

Activity: 213
Merit: 100


View Profile
July 10, 2012, 04:57:14 AM
 #12

Hi thanks for making a site.

1. I suggest displaying interest as weekly, I think this is already the standard. Daily will require dealing with fractions more often.

2. I suggest getting out of the middle altogether and have borrowers pay the lenders directly.  It will make life a lot less stressful for you since you won't need to worry about being responsible for others' bitcoins. You can send borrowers the BTC address of their lenders directly, and then monitor the blockchain to see when a payment has been made.  Sorry if you were planning to make money by taking a cut, but consider a different way to receive bitcoins without handling other people's money.  For example, I believe you can create a "bitcoin:" URI that does multipay.  Or you could ask to be paid up front, or bill people later, or any number of other ways.

3. You have a script set to monitor payments to a hot wallet and send them somewhere?  See #2 for why you don't need a hot wallet.  If you need one, though (and you may already do this), at least make sure it's on a computer completely unconnected to your website: Use the blockchain and monitor the payment from somewhere else. If your website has no bitcoins controlled from it, you can't lose any even if someone breaks into it.

4. Please consider including an option to link the account on your site to a bitcoin-otc rating and GPG identity. I suspect all you'd need initially is allow users to provide a GPG public key (which you can match to the one they use on OTC).  Then at minimum, publish the key ID with a link to the OTC ratings when displaying information about other users  on your site.
bombartier357 (OP)
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile WWW
July 10, 2012, 05:27:06 PM
 #13

Hi thanks for making a site.

1. I suggest displaying interest as weekly, I think this is already the standard. Daily will require dealing with fractions more often.

2. I suggest getting out of the middle altogether and have borrowers pay the lenders directly.  It will make life a lot less stressful for you since you won't need to worry about being responsible for others' bitcoins. You can send borrowers the BTC address of their lenders directly, and then monitor the blockchain to see when a payment has been made.  Sorry if you were planning to make money by taking a cut, but consider a different way to receive bitcoins without handling other people's money.  For example, I believe you can create a "bitcoin:" URI that does multipay.  Or you could ask to be paid up front, or bill people later, or any number of other ways.

3. You have a script set to monitor payments to a hot wallet and send them somewhere?  See #2 for why you don't need a hot wallet.  If you need one, though (and you may already do this), at least make sure it's on a computer completely unconnected to your website: Use the blockchain and monitor the payment from somewhere else. If your website has no bitcoins controlled from it, you can't lose any even if someone breaks into it.

4. Please consider including an option to link the account on your site to a bitcoin-otc rating and GPG identity. I suspect all you'd need initially is allow users to provide a GPG public key (which you can match to the one they use on OTC).  Then at minimum, publish the key ID with a link to the OTC ratings when displaying information about other users  on your site.


Yes this is actually the next thing on my to do list.  I want to give users the option for both using hot wallet and their own as well.  I was thinking about using bitcoinabe to download the blockchain into a database where I can process transactions without a wallet.  It will be more difficult for users because they would need to enter in their payment information everytime a loan is repaid or paid out.  I do appreciate the idea.
hongus
Full Member
***
Offline Offline

Activity: 736
Merit: 100


Adoption Blockchain e-Commerce to World


View Profile
July 12, 2012, 06:21:56 AM
 #14

Great idea, I like the plain-ness of the site but this is TOO plain, fonts seems a little too big also. Try to get the URL working and I hope it'll get popular. Seems like a great way to loan coins and build rep.

bombartier357 (OP)
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile WWW
July 12, 2012, 08:07:01 PM
 #15

Great idea, I like the plain-ness of the site but this is TOO plain, fonts seems a little too big also. Try to get the URL working and I hope it'll get popular. Seems like a great way to loan coins and build rep.

I am hiring a programmer to rebuild the website from scratch.  The next release should be more impressive.
grue
Legendary
*
Offline Offline

Activity: 2058
Merit: 1452



View Profile
July 12, 2012, 09:01:41 PM
 #16

broke it!

It is pitch black. You are likely to be eaten by a grue.

Adblock for annoying signature ads | Enhanced Merit UI
grue
Legendary
*
Offline Offline

Activity: 2058
Merit: 1452



View Profile
July 12, 2012, 09:03:21 PM
 #17

THIS IS WHY I WILL NOT BE REGISTERING ON YOUR SITE, I HOPE YOU CAN EXPLAIN WHY IT IS NOT IN A PASSWORD FIELD, AND ARE STORING THESE PASSWORDS IN PLAIN TEXT!!!!!! ALSO WATCHING YOUR VIDEO YOUR VERIFICATION SYSTEM IS JUST A FACEBOOK FORM COME ONNNNNNNNNN back to the drawing board.
are you high? how does setting a textbox to a "password box" indicate whether the passwords are hashed or not?

It is pitch black. You are likely to be eaten by a grue.

Adblock for annoying signature ads | Enhanced Merit UI
gweedo
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000


View Profile
July 12, 2012, 09:23:58 PM
 #18

THIS IS WHY I WILL NOT BE REGISTERING ON YOUR SITE, I HOPE YOU CAN EXPLAIN WHY IT IS NOT IN A PASSWORD FIELD, AND ARE STORING THESE PASSWORDS IN PLAIN TEXT!!!!!! ALSO WATCHING YOUR VIDEO YOUR VERIFICATION SYSTEM IS JUST A FACEBOOK FORM COME ONNNNNNNNNN back to the drawing board.
are you high? how does setting a textbox to a "password box" indicate whether the passwords are hashed or not?

It doesn't  but if your careless with little things like that then how careless are you with the backend? And as that predicted he uses sha1 no salt it is careless.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!