[ANN] Robot Coin Game- New Faucet Game - Earn more as you level up!

[deluxepython]

Nice cool faucet website. Just wondering if there is some issue ongoing right now because the website is not loading up properly.

Yah sorry, I was editing some stuff, and my damn ftp was half loading sites and I was saving them like that (total nightmare) So I had to rush and fix everything back to normal... Does anyone know of a more reliable ftp client than cyberduck??

filezilla is pretty good just google it...

[m3ndi3]

Help!!!! Someone found an exploit and was about to claim 10 million satoshi in one claim! I have no idea how he did it, but I was able to stop him before he cashed out -_- Can someone please help! I don't know what to do!

[m3ndi3]

Ok I found out he hacked the level system and made himself level 318. Thank goodness I didn't have enough funds for him to withdraw his 10 million satoshis...  His address is 16N6Mz48nkeW2werq4ejYLQeh2hd1q5zbu... Does anyone have any ideas on how he could have changed the level from front end?

[Dorky]

Wasn't shown in the leaderboard of such an amount, but lucky for all of us or else many of us would not receive any payment for lack of funds.

[rifqi]

site has been hacked  
oh come on man, play for fun

still wait to claim again  

[m3ndi3]

Wasn't shown in the leaderboard of such an amount, but lucky for all of us or else many of us would not receive any payment for lack of funds.

It was 10 minutes ago and I caught him just as he was doing it!! So lucky... but any ideas?? I don't have any way to set levels from the front end and I don't even call it in the front end. The only way levels change is if current balance > number til next level

The way he did it was he was claiming normally, then his claim went from 288, to 25,250 to 100,100, to 10,000,100

[CjMapope]

well then... wish i could help somehow but im not technical like that.
if it helps i am a real person and am rank one to identify THAT addresss anywayz
 

[Dorky]

This forum restricts my reply to just once per 360 seconds.
Jeez...

Edit:
Okay, now I can post again...

Some suggestions...
1. Restrict max limit leveling and payout to level 15 and never more, up to level 15 will be forced payout.
2. Make a manual checkup (may need some algorithm to do auto checkup) of each payout request before approval to make sure the leveling is authentic and not abnormal before approving.

[Sous]

Help!!!! Someone found an exploit and was about to claim 10 million satoshi in one claim! I have no idea how he did it, but I was able to stop him before he cashed out -_- Can someone please help! I don't know what to do!

oh man, i'm so sorry. I hope you resolve this problem, i've been playing in your site, what is going to happend with all my money there?.  ???anyway, good luck ! 

[In]

Дoшлa дo 7 ypoвня. Дaльшe игpa нe пoшлa, вepнyли нa 1 ypoвeнь??

[Dorky]

oh man, i'm so sorry. I hope you resolve this problem, i've been playing in your site, what is going to happend with all my money there?.  ???anyway, good luck ! 

If you can help the man out, then you will get your money, or else that 10-million-satoshis thief will be having it.

[m3ndi3]

OK I think I found the vulnerability!! There was another share bonus exploit -_-.... He used another address and I was able to stop him before he claimed... He had a 7,000 bonus on it, which when he claimed would have multiplied that with 100, thus giving him the crazy claim...


For any techy people: I used ajax to send over the info from the front end.... how do I make this secure or encrypted so they dont' hack it?

[master-P]

You should enforce manual processing for withdrawals until you're sure that the vulnerability has been fixed, otherwise these guys will just keep trying to rob you. Surely they're keeping an eye on this thread too.

[m3ndi3]

You should enforce manual processing for withdrawals until you're sure that the vulnerability has been fixed, otherwise these guys will just keep trying to rob you. Surely they're keeping an eye on this thread too.

It was my fault having a number transfer over from the front end... I'm retarded I know how to fix this hahah

[Dorky]

Just a suggestion:
1. Every auto processing to trace back the accumulation pattern of the account, thus each increment must never be more than 11,500 * 1.30 (max, from share bonus, and changes as the share bonus reward changes) if the account is at Level 15, less if at lower level.
2. Every increment must never be less than 10 minutes interval (of course will change to 20 minutes once the promotion is over).

These may make sure each account is authentically accumulating satoshis in a fair manner without fraud.

[m3ndi3]

Site is back up! Resume playing! No one's balances or levels or anything was affected... the vulnerability was that this guy was making an obscene share bonus number and applying it to his claim. I've got a solution for this... hopefully!

[Sous]

Site is back up! Resume playing! No one's balances or levels or anything was affected... the vulnerability was that this guy was making an obscene share bonus number and applying it to his claim. I've got a solution for this... hopefully!

congratulations!!!! 

[CjMapope]

good job man! very quick considering you werent sure what to do! lets us know if we can do anything else the community gots you!

[m3ndi3]

good job man! very quick considering you werent sure what to do! lets us know if we can do anything else the community gots you!

^_^ It was all sherlock holmes deduction... I was tracing his ip and his claims, and I noticed he had a new address... so I tracked that address and found the 7,000 share bonus on his account. I seriously would not have guessed it so fast if he hadn't been greedy and tried to cashout again

[Dorky]

Problem now is I can't get any share bonus for tweeting.