|
bombartier357 (OP)
|
 |
July 09, 2012, 04:38:54 AM
Last edit: July 10, 2012, 12:11:22 AM by bombartier357 |
|
Made a peer to peer bitcoin lending website. I would appreciate some feedback if anyone would like to help me work out the kinks.
Check it out....
lendmecoin.com
**This doesn't work right now.
Use 72.181.135.42:81
|
|
|
|
|
|
|
|
|
|
Even in the event that an attacker gains more than 50% of the network's
computational power, only transactions sent by the attacker could be
reversed or double-spent. The network would not be destroyed.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
bombartier357 (OP)
|
|
July 09, 2012, 04:49:06 AM |
|
Looks like my site is down outside of my network.....
|
|
|
|
|
notme
Legendary
 Offline
Activity: 1904
Merit: 1002
|
|
July 09, 2012, 04:52:07 AM |
|
I'm not getting a DNS response for your domain.
|
|
|
|
unclemantis
Member
Offline
Activity: 98
Merit: 10
(:firstbits => "1mantis")
|
|
July 09, 2012, 04:56:28 AM |
|
|
|
|
|
|
bombartier357 (OP)
|
|
July 09, 2012, 05:08:00 AM |
|
Yeah something is wrong. I think my ISP is blocking 80 that is why I am the only one who can access it. I will fix it tomorrow after work.
|
|
|
|
|
unclemantis
Member
Offline
Activity: 98
Merit: 10
(:firstbits => "1mantis")
|
|
July 09, 2012, 05:14:34 AM |
|
Yeah something is wrong. I think my ISP is blocking 80 that is why I am the only one who can access it. I will fix it tomorrow after work.
I am a web developer / programmer with 25 years of experience looking for work. Do you need assistance with this project? |
|
|
|
|
bombartier357 (OP)
|
|
July 09, 2012, 07:45:18 PM |
|
Yeah something is wrong. I think my ISP is blocking 80 that is why I am the only one who can access it. I will fix it tomorrow after work.
I am a web developer / programmer with 25 years of experience looking for work. Do you need assistance with this project? I would love a helping hand. This is just a side project for me and I couldn't compensate you. At least not until it became profitable... I should really put this on a shared server, but I want to keep it relatively inexpensive until I know people will use it. I will give you a shout when i get this port forward crap figured out. Should be sometime tonight. I did not want to do it last night because I spent 6 hours coding. |
|
|
|
|
|
bombartier357 (OP)
|
|
July 10, 2012, 12:10:54 AM |
|
Alright I forwarded port 81 and it should work now.
72.181.135:81 will take you there. Unfortunately it takes 12 hours to update DNS.
|
|
|
|
|
unclemantis
Member
Offline
Activity: 98
Merit: 10
(:firstbits => "1mantis")
|
|
July 10, 2012, 12:58:37 AM |
|
Alright I forwarded port 81 and it should work now.
72.181.135:81 will take you there. Unfortunately it takes 12 hours to update DNS.
Still not working  |
|
|
|
unclemantis
Member
Offline
Activity: 98
Merit: 10
(:firstbits => "1mantis")
|
|
July 10, 2012, 12:59:46 AM |
|
Alright I forwarded port 81 and it should work now.
72.181.135:81 will take you there. Unfortunately it takes 12 hours to update DNS.
I am not concerned about the money. Toss me a few bitcoins here and there if you want but I am in this thing for the long haul. Drop me a message. Let's build this thing up RIGHT. I have the experience to take your idea from brain, to concept to prototype to beta to launch! |
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
July 10, 2012, 01:06:59 AM |
|
Don't get all emotional about it, it's not like it even has SSL either so meh. Also the login page has a password field, so probably just an oversight.
|
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
July 10, 2012, 01:15:04 AM |
|
Don't get all emotional about it, it's not like it even has SSL either so meh. Also the login page has a password field, so probably just an oversight.
come on dude, oversight? it just leads me to question how these passwords are being stored? Are they salted? Using bcrypt? Right now if I did a sql injection would it work? He probably uses mysql_* functions, not even mysqli_* and I eat my hat if he used PDO. This also leads me to be like well now he has all these security issues, how can this site be taken serious as a lending central point. I want to lend, but there are too many scammers and I was hoping a cool site would fix that I guess my wait continues. I guess I take it for granted that everyone uses a different random password on every site (thanks, LastPass!), and never trusts one without SSL. The all caps warning just struck me as emotional, although I can see how this site would effectively gather in the newbies so perhaps it was warranted. |
|
|
|
gweedo
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
July 10, 2012, 01:27:54 AM |
|
Don't get all emotional about it, it's not like it even has SSL either so meh. Also the login page has a password field, so probably just an oversight.
come on dude, oversight? it just leads me to question how these passwords are being stored? Are they salted? Using bcrypt? Right now if I did a sql injection would it work? He probably uses mysql_* functions, not even mysqli_* and I eat my hat if he used PDO. This also leads me to be like well now he has all these security issues, how can this site be taken serious as a lending central point. I want to lend, but there are too many scammers and I was hoping a cool site would fix that I guess my wait continues. I guess I take it for granted that everyone uses a different random password on every site (thanks, LastPass!), and never trusts one without SSL. The all caps warning just struck me as emotional, although I can see how this site would effectively gather in the newbies so perhaps it was warranted. exactly I just wanted to warn the newbies. |
|
|
|
|
|
bombartier357 (OP)
|
|
July 10, 2012, 01:41:32 AM |
|
Just an oversight. I will fix it now, but I am using sha1 encryption for password storage.
|
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
July 10, 2012, 01:49:24 AM |
|
Just an oversight. I will fix it now, but I am using sha1 encryption for password storage.
I pointed out in the other thread SHA1 is pathetically weak for protecting passwords. |
|
|
|
|
|
bombartier357 (OP)
|
|
July 10, 2012, 02:21:46 AM |
|
Just an oversight. I will fix it now, but I am using sha1 encryption for password storage.
use bcrypt it is the only hashing function I would use (it is impossible to have enough computer power to crack if used correctly), also you need at least a password salt something random. Get rid of the facebook stuff, there is so many other ways to do it person verification. What do you recommend for person verification? |
|
|
|
|
|
bombartier357 (OP)
|
|
July 10, 2012, 02:28:59 AM |
|
Just an oversight. I will fix it now, but I am using sha1 encryption for password storage.
use bcrypt it is the only hashing function I would use (it is impossible to have enough computer power to crack if used correctly), also you need at least a password salt something random. Get rid of the facebook stuff, there is so many other ways to do it person verification. What do you recommend for person verification? you can always do text verification, like send a text with a random string, and have that be able to be entered on the site. you can do something where they have to spend a certain amount of time on the site before making a transaction. Have people enter in their bitcoin username and you send them a pm and have them pm you back. I mean just think there are a lot of ways That is certainly an idea. The facebook thing actually has nothing to do with facebook. If you are logged into facebook it automatically fills in the data for you. That is the only relation between the two. Is that a problem? |
|
|
|
|
|
bombartier357 (OP)
|
|
July 10, 2012, 02:40:15 AM |
|
your going to sit there and be like the only relation is that it autofills in your facebook info, IT IS FACEBOOK they want users like me who will never get a facebook js you know facebook sees the data.
Well yeah Facebook sees it. I wanted something user friendly and familiar to people. If it is such a huge problem I can change it to a different verification system... Does anyone else feel the same way? Or is this an isolated incident? I really do appreciate the feedback Gweedo, this is exactly what I need. |
|
|
|
|
|
Bitcoin Oz
|
|
July 10, 2012, 02:47:32 AM |
|
I dont sign in to my bank using facebook connect  |
|
|
|
|
bombartier357 (OP)
|
|
July 10, 2012, 03:04:47 AM |
|
I dont sign in to my bank using facebook connect Alright, I will switch it off facebook this weekend. I work a lot so I should have it done by the end of the week. |
|
|
|
|
|
