[ANN] [ARO] | Arionum | CPU+GPU+Masternode | PHP Based |Decentralized Revolution - page 78.

MontyGusto

newbie

Activity: 10

Merit: 0

Quote from: zecon on February 16, 2018, 09:22:14 PM

PHP is a terribly insecure language to code in, Go or Ruby would be much better. But if nothing else, have you all ran the code through a vulnerability scanner yet?

A quick scan using RIPS bug scanner yielded quite a few things to look at. Lots of additional validation and security hardening needed.

https://i.imgur.com/wuieLQu.png

Lots of stuff found in peer.php too:

Code:

Userinput is passed through function parameters.
149: ⇑ _log ("$x['id'] - Invalid signature"); // transaction.inc.php
117: ⇓ function check($x, $height = 0)
requires:
149: if(!$acc->check_signature ($info, $x['signature'], $x['public_key']))

Userinput is passed through function parameters.
82: ⇑ $trx->check ($data) // schema.inc.php
80: $data['id'] = san ($data['id']); // schema.inc.php
31: $data = json_decode(trim($_POST['data']), true); // schema.inc.phpif(!empty($_POST)),
requires:
71: elseif($q == "submitTransaction")

Suggest the devs download the scanner and check on the issues themselves to improve security of the code since these servers are wide open for attack on the Internet per the README file.

RIPS info:
https://sourceforge.net/projects/rips-scanner/

https://superb-sea2.dl.sourceforge.net/project/rips-scanner/rips-0.55.zip

I think this is a great job to help the dev team to correct these situations.

OvErLoDe1

jr. member

Activity: 230

Merit: 5

Quote from: draceus0 on February 17, 2018, 08:38:39 AM

Pool just died Huh

Hi, we are aware and trying to sort it out as soon as we possibly can.

Thanks in advance for your patience

draceus0

newbie

Activity: 33

Merit: 0

Pool just died Huh

OvErLoDe1

jr. member

Activity: 230

Merit: 5

Quote from: Fenrir95 on February 17, 2018, 01:20:39 AM

Hey guys, I am also having trouble understanding what exactly is happening to my shares on the offical mining pool. I started mining 4 days ago and received my first payment rather quick. I am mining with ~10 h/s using Dans Java Miner. Now i havent been getting any payments for 3 days. Every time i check the historic shares the amount displayed goes down. At this point it doesnt even show me the 10 ARO i got paid already, that are sitting in my wallet. Any help/advice would be appreciated.

Quote from: kiddo on February 17, 2018, 05:16:12 AM

Quote from: Fenrir95 on February 17, 2018, 01:20:39 AM

Hey guys, I am also having trouble understanding what exactly is happening to my shares on the offical mining pool. I started mining 4 days ago and received my first payment rather quick. I am mining with ~10 h/s using Dans Java Miner. Now i havent been getting any payments for 3 days. Every time i check the historic shares the amount displayed goes down. At this point it doesnt even show me the 10 ARO i got paid already, that are sitting in my wallet. Any help/advice would be appreciated.

I had the same problem, mined with around 40-50h/s for about 8h and didn't get anything so I've stopped.

Could you both provide your wallets addresses please so that I may look into this further for you.

kiddo

full member

Activity: 546

Merit: 137

Quote from: Fenrir95 on February 17, 2018, 01:20:39 AM

Hey guys, I am also having trouble understanding what exactly is happening to my shares on the offical mining pool. I started mining 4 days ago and received my first payment rather quick. I am mining with ~10 h/s using Dans Java Miner. Now i havent been getting any payments for 3 days. Every time i check the historic shares the amount displayed goes down. At this point it doesnt even show me the 10 ARO i got paid already, that are sitting in my wallet. Any help/advice would be appreciated.

I had the same problem, mined with around 40-50h/s for about 8h and didn't get anything so I've stopped.

Fenrir95

newbie

Activity: 13

Merit: 0

Hey guys, I am also having trouble understanding what exactly is happening to my shares on the offical mining pool. I started mining 4 days ago and received my first payment rather quick. I am mining with ~10 h/s using Dans Java Miner. Now i havent been getting any payments for 3 days. Every time i check the historic shares the amount displayed goes down. At this point it doesnt even show me the 10 ARO i got paid already, that are sitting in my wallet. Any help/advice would be appreciated.

fonship

full member

Activity: 893

Merit: 135

Bitcoin is not a currency or asset. Its a MOVEMENT

Quote from: zecon on February 16, 2018, 09:22:14 PM

PHP is a terribly insecure language to code in, Go or Ruby would be much better. But if nothing else, have you all ran the code through a vulnerability scanner yet?

A quick scan using RIPS bug scanner yielded quite a few things to look at. Lots of additional validation and security hardening needed.

Lots of stuff found in peer.php too:

Code:

Userinput is passed through function parameters.
149: ⇑ _log ("$x['id'] - Invalid signature"); // transaction.inc.php
117: ⇓ function check($x, $height = 0)
requires:
149: if(!$acc->check_signature ($info, $x['signature'], $x['public_key']))

Userinput is passed through function parameters.
82: ⇑ $trx->check ($data) // schema.inc.php
80: $data['id'] = san ($data['id']); // schema.inc.php
31: $data = json_decode(trim($_POST['data']), true); // schema.inc.phpif(!empty($_POST)),
requires:
71: elseif($q == "submitTransaction")

Suggest the devs download the scanner and check on the issues themselves to improve security of the code since these servers are wide open for attack on the Internet per the README file.

RIPS info:
https://sourceforge.net/projects/rips-scanner/

https://superb-sea2.dl.sourceforge.net/project/rips-scanner/rips-0.55.zip

Thank you for doing this, I would definitely Dev to look at it and try himself because as shown in the screenshot, there could be some false negatives.
But yeah, great contribution!
More and more people should do something to strengthen project

zecon

full member

Activity: 364

Merit: 100

spattered throughout the golden ethers

PHP is a terribly insecure language to code in, Go or Ruby would be much better. But if nothing else, have you all ran the code through a vulnerability scanner yet?

A quick scan using RIPS bug scanner yielded quite a few things to look at. Lots of additional validation and security hardening needed.

Lots of stuff found in peer.php too:

Code:

Userinput is passed through function parameters.
149: ⇑ _log ("$x['id'] - Invalid signature"); // transaction.inc.php
117: ⇓ function check($x, $height = 0)
requires:
149: if(!$acc->check_signature ($info, $x['signature'], $x['public_key']))

Userinput is passed through function parameters.
82: ⇑ $trx->check ($data) // schema.inc.php
80: $data['id'] = san ($data['id']); // schema.inc.php
31: $data = json_decode(trim($_POST['data']), true); // schema.inc.phpif(!empty($_POST)),
requires:
71: elseif($q == "submitTransaction")

Suggest the devs download the scanner and check on the issues themselves to improve security of the code since these servers are wide open for attack on the Internet per the README file.

RIPS info:
https://sourceforge.net/projects/rips-scanner/

https://superb-sea2.dl.sourceforge.net/project/rips-scanner/rips-0.55.zip

OvErLoDe1

jr. member

Activity: 230

Merit: 5

Quote from: MontyGusto on February 16, 2018, 05:52:41 PM

Quote from: OvErLoDe1 on February 16, 2018, 02:02:57 PM

Quote from: MontyGusto on February 16, 2018, 01:26:42 PM

Quote from: OvErLoDe1 on February 16, 2018, 12:49:19 PM

]

Ok, every time you install the wallet GUI, a new wallet.aro file will be produced, overwriting your original. What you need to do is copy the wallet.aro file that has your ARO on, and move that out of the install directory for the GUI wallet. If you need to reinstall the wallet, after installation, copy the ARO wallet.aro file back into the GUI install directory.

I hope this makes sense

Thanks for advice.

I will back up both wallet.aro files and reinstall the wallet GUI.

But is it also valid to use the start wallet for transactions right?

Eh, sorry there as "dummys" issues.

I know that there is still no concept of "exchange", but it is even to learn later to move the currencies of the current portfolio to an exchange that works with the ARO coin.

Thanks.

Yes, the GUI wallet is perfectly fine to use to send or receive ARO, even though there is currently no exchange, however, you can join our Discord channel and there is a dedicated trading channel that you can access from there - https://arionum.info/discord/

Thank you very much for the advice.

Just rename the first wallet that I don't have the keys and put the good wallet in the same diretory location

At this moment I open the wallet with no problem.

Ok, I'm already in https://arionum.info/discord/

Thank for all...

MM

Brilliant! Glad you got it sorted

MontyGusto

newbie

Activity: 10

Merit: 0

Quote from: OvErLoDe1 on February 16, 2018, 02:02:57 PM

Quote from: MontyGusto on February 16, 2018, 01:26:42 PM

Quote from: OvErLoDe1 on February 16, 2018, 12:49:19 PM

]

Ok, every time you install the wallet GUI, a new wallet.aro file will be produced, overwriting your original. What you need to do is copy the wallet.aro file that has your ARO on, and move that out of the install directory for the GUI wallet. If you need to reinstall the wallet, after installation, copy the ARO wallet.aro file back into the GUI install directory.

I hope this makes sense

Thanks for advice.

I will back up both wallet.aro files and reinstall the wallet GUI.

But is it also valid to use the start wallet for transactions right?

Eh, sorry there as "dummys" issues.

I know that there is still no concept of "exchange", but it is even to learn later to move the currencies of the current portfolio to an exchange that works with the ARO coin.

Thanks.

Yes, the GUI wallet is perfectly fine to use to send or receive ARO, even though there is currently no exchange, however, you can join our Discord channel and there is a dedicated trading channel that you can access from there - https://arionum.info/discord/

Thank you very much for the advice.

Just rename the first wallet that I don't have the keys and put the good wallet in the same diretory location

At this moment I open the wallet with no problem.

Ok, I'm already in https://arionum.info/discord/

Thank for all...

MM

OvErLoDe1

jr. member

Activity: 230

Merit: 5

Quote from: MontyGusto on February 16, 2018, 01:26:42 PM

Quote from: OvErLoDe1 on February 16, 2018, 12:49:19 PM

]

Ok, every time you install the wallet GUI, a new wallet.aro file will be produced, overwriting your original. What you need to do is copy the wallet.aro file that has your ARO on, and move that out of the install directory for the GUI wallet. If you need to reinstall the wallet, after installation, copy the ARO wallet.aro file back into the GUI install directory.

I hope this makes sense

Thanks for advice.

I will back up both wallet.aro files and reinstall the wallet GUI.

But is it also valid to use the start wallet for transactions right?

Eh, sorry there as "dummys" issues.

I know that there is still no concept of "exchange", but it is even to learn later to move the currencies of the current portfolio to an exchange that works with the ARO coin.

Thanks.

Yes, the GUI wallet is perfectly fine to use to send or receive ARO, even though there is currently no exchange, however, you can join our Discord channel and there is a dedicated trading channel that you can access from there - https://arionum.info/discord/

MontyGusto

newbie

Activity: 10

Merit: 0

Quote from: OvErLoDe1 on February 16, 2018, 12:49:19 PM

]

Ok, every time you install the wallet GUI, a new wallet.aro file will be produced, overwriting your original. What you need to do is copy the wallet.aro file that has your ARO on, and move that out of the install directory for the GUI wallet. If you need to reinstall the wallet, after installation, copy the ARO wallet.aro file back into the GUI install directory.

I hope this makes sense

Thanks for advice.

I will back up both wallet.aro files and reinstall the wallet GUI.

But is it also valid to use the start wallet for transactions right?

Eh, sorry there as "dummys" issues.

I know that there is still no concept of "exchange", but it is even to learn later to move the currencies of the current portfolio to an exchange that works with the ARO coin.

Thanks.

OvErLoDe1

jr. member

Activity: 230

Merit: 5

]

Ok, every time you install the wallet GUI, a new wallet.aro file will be produced, overwriting your original. What you need to do is copy the wallet.aro file that has your ARO on, and move that out of the install directory for the GUI wallet. If you need to reinstall the wallet, after installation, copy the ARO wallet.aro file back into the GUI install directory.

I hope this makes sense

MontyGusto

newbie

Activity: 10

Merit: 0

Quote from: sido on February 16, 2018, 05:04:40 AM

Quote from: Smutsen on February 16, 2018, 04:49:55 AM

Hi,

can someone guide me how to load a wallet on GUI light wallet? Got wallet.aro, public and private key. Thanks

well, this should be pretty easy, open your GUI wallet, hit "Import" button, search for wallet.aro in your system and that's it

I have two wallet.aro.

Unfortunately I installed the wallet GUI first and I do not see the encripted key.

So I created a new wallet and that's when I get the coins and I have all the keys to access.

My question is that when I uninstall and re-install the wallet GUI, it seems to be taking over the old wallet. Is there no way to choose the wallet to open in the GUI?

Or do I have to choose to install the GUI wallet on another computer and restore the correct wallet.aro?

For example, when the currency ARO is in an exchange, how can I send the transaction from my wallet via the command line?

Thanks.

sido

full member

Activity: 148

Merit: 100

Quote from: HerrVorragendCoin on February 16, 2018, 10:38:12 AM

Might be a noob question, but i still want to ask Wink

I am using ProgrammerDan's java miner on 2 PCs. I mine on aropool.com. Can i just mine using the same wallet address? I am using nearly the same config on both PCs, I just altered the worker name on PC No. 2.
Is it better to add a second receiving address to my wallet and use this address on PC2?

Thanks folks

Herr Vorragend

you can use same config, in fact is better if you do so, you will have no problem to see your address in historic shares (so no issue as other guys here with small h/s)

HerrVorragendCoin

newbie

Activity: 1

Merit: 0

Might be a noob question, but i still want to ask Wink

I am using ProgrammerDan's java miner on 2 PCs. I mine on aropool.com. Can i just mine using the same wallet address? I am using nearly the same config on both PCs, I just altered the worker name on PC No. 2.
Is it better to add a second receiving address to my wallet and use this address on PC2?

Thanks folks

Herr Vorragend

steve321

hero member

Activity: 627

Merit: 500

Quote from: sido on February 16, 2018, 06:56:07 AM

Quote from: crimealone on February 16, 2018, 05:12:05 AM

Quote from: Smutsen on February 16, 2018, 04:49:55 AM

Hi,

can someone guide me how to load a wallet on GUI light wallet? Got wallet.aro, public and private key. Thanks

"restore" wallet.aro

linux version is better.

agree

but with GUI wallet it sounds like guy is using windows, not sure if he'll be happy with cli

Both Windows and Linux versions should be good, but personal habits are different.

sido

full member

Activity: 148

Merit: 100

Quote from: crimealone on February 16, 2018, 05:12:05 AM

Quote from: Smutsen on February 16, 2018, 04:49:55 AM

Hi,

can someone guide me how to load a wallet on GUI light wallet? Got wallet.aro, public and private key. Thanks

"restore" wallet.aro

linux version is better.

agree

but with GUI wallet it sounds like guy is using windows, not sure if he'll be happy with cli

crimealone

sr. member

Activity: 644

Merit: 251

Quote from: Smutsen on February 16, 2018, 04:49:55 AM

Hi,

can someone guide me how to load a wallet on GUI light wallet? Got wallet.aro, public and private key. Thanks

"restore" wallet.aro

linux version is better.

sido

full member

Activity: 148

Merit: 100

Quote from: Smutsen on February 16, 2018, 04:49:55 AM

Hi,

can someone guide me how to load a wallet on GUI light wallet? Got wallet.aro, public and private key. Thanks

well, this should be pretty easy, open your GUI wallet, hit "Import" button, search for wallet.aro in your system and that's it

Topic: [ANN] [ARO] | Arionum | CPU+GPU+Masternode | PHP Based |Decentralized Revolution - page 78. (Read 71563 times)