Pages:
Author

Topic: [ANN] [ARO] | Arionum | CPU+GPU+Masternode | PHP Based |Decentralized Revolution - page 78. (Read 71588 times)

newbie
Activity: 10
Merit: 0
PHP is a terribly insecure language to code in, Go or Ruby would be much better. But if nothing else, have you all ran the code through a vulnerability scanner yet?

A quick scan using RIPS bug scanner yielded quite a few things to look at. Lots of additional validation and security hardening needed.

https://i.imgur.com/wuieLQu.png

Lots of stuff found in peer.php too:


Code:
Userinput is passed through function parameters.
149: ⇑ _log ("$x['id'] - Invalid signature");  // transaction.inc.php
117: ⇓ function check($x, $height = 0)
requires:
149: if(!$acc->check_signature ($info, $x['signature'], $x['public_key']))

Userinput is passed through function parameters.
82: ⇑ $trx->check ($data) // schema.inc.php
80: $data['id'] = san ($data['id']);  // schema.inc.php
31: $data = json_decode(trim($_POST['data']), true);  // schema.inc.phpif(!empty($_POST)),
requires:
71: elseif($q == "submitTransaction")

Suggest the devs download the scanner and check on the issues themselves to improve security of the code since these servers are wide open for attack on the Internet per the README file.

RIPS info:
https://sourceforge.net/projects/rips-scanner/

https://superb-sea2.dl.sourceforge.net/project/rips-scanner/rips-0.55.zip



I think this is a great job to help the dev team to correct these situations.
jr. member
Activity: 230
Merit: 5
Pool just died  Huh

Hi, we are aware and trying to sort it out as soon as we possibly can.

Thanks in advance for your patience
newbie
Activity: 33
Merit: 0
jr. member
Activity: 230
Merit: 5
Hey guys, I am also having trouble understanding what exactly is happening to my shares on the offical mining pool. I started mining 4 days ago and received my first payment rather quick. I am mining with ~10 h/s using Dans Java Miner. Now i havent been getting any payments for 3 days. Every time i check the historic shares the amount displayed goes down. At this point it doesnt even show me the 10 ARO i got paid already, that are sitting in my wallet. Any help/advice would be appreciated.

Hey guys, I am also having trouble understanding what exactly is happening to my shares on the offical mining pool. I started mining 4 days ago and received my first payment rather quick. I am mining with ~10 h/s using Dans Java Miner. Now i havent been getting any payments for 3 days. Every time i check the historic shares the amount displayed goes down. At this point it doesnt even show me the 10 ARO i got paid already, that are sitting in my wallet. Any help/advice would be appreciated.

I had the same problem, mined with around 40-50h/s for about 8h and didn't get anything so I've stopped.

Could you both provide your wallets addresses please so that I may look into this further for you.
full member
Activity: 546
Merit: 137
Hey guys, I am also having trouble understanding what exactly is happening to my shares on the offical mining pool. I started mining 4 days ago and received my first payment rather quick. I am mining with ~10 h/s using Dans Java Miner. Now i havent been getting any payments for 3 days. Every time i check the historic shares the amount displayed goes down. At this point it doesnt even show me the 10 ARO i got paid already, that are sitting in my wallet. Any help/advice would be appreciated.

I had the same problem, mined with around 40-50h/s for about 8h and didn't get anything so I've stopped.
newbie
Activity: 13
Merit: 0
Hey guys, I am also having trouble understanding what exactly is happening to my shares on the offical mining pool. I started mining 4 days ago and received my first payment rather quick. I am mining with ~10 h/s using Dans Java Miner. Now i havent been getting any payments for 3 days. Every time i check the historic shares the amount displayed goes down. At this point it doesnt even show me the 10 ARO i got paid already, that are sitting in my wallet. Any help/advice would be appreciated.
full member
Activity: 893
Merit: 135
Bitcoin is not a currency or asset. Its a MOVEMENT
PHP is a terribly insecure language to code in, Go or Ruby would be much better. But if nothing else, have you all ran the code through a vulnerability scanner yet?

A quick scan using RIPS bug scanner yielded quite a few things to look at. Lots of additional validation and security hardening needed.



Lots of stuff found in peer.php too:


Code:
Userinput is passed through function parameters.
149: ⇑ _log ("$x['id'] - Invalid signature");  // transaction.inc.php
117: ⇓ function check($x, $height = 0)
requires:
149: if(!$acc->check_signature ($info, $x['signature'], $x['public_key']))

Userinput is passed through function parameters.
82: ⇑ $trx->check ($data) // schema.inc.php
80: $data['id'] = san ($data['id']);  // schema.inc.php
31: $data = json_decode(trim($_POST['data']), true);  // schema.inc.phpif(!empty($_POST)),
requires:
71: elseif($q == "submitTransaction")

Suggest the devs download the scanner and check on the issues themselves to improve security of the code since these servers are wide open for attack on the Internet per the README file.

RIPS info:
https://sourceforge.net/projects/rips-scanner/

https://superb-sea2.dl.sourceforge.net/project/rips-scanner/rips-0.55.zip



Thank you for doing this, I would definitely Dev to look at it and try himself because as shown in the screenshot, there could be some false negatives.
But yeah, great contribution!
More and more people should do something to strengthen project
full member
Activity: 364
Merit: 100
spattered throughout the golden ethers
PHP is a terribly insecure language to code in, Go or Ruby would be much better. But if nothing else, have you all ran the code through a vulnerability scanner yet?

A quick scan using RIPS bug scanner yielded quite a few things to look at. Lots of additional validation and security hardening needed.



Lots of stuff found in peer.php too:


Code:
Userinput is passed through function parameters.
149: ⇑ _log ("$x['id'] - Invalid signature");  // transaction.inc.php
117: ⇓ function check($x, $height = 0)
requires:
149: if(!$acc->check_signature ($info, $x['signature'], $x['public_key']))

Userinput is passed through function parameters.
82: ⇑ $trx->check ($data) // schema.inc.php
80: $data['id'] = san ($data['id']);  // schema.inc.php
31: $data = json_decode(trim($_POST['data']), true);  // schema.inc.phpif(!empty($_POST)),
requires:
71: elseif($q == "submitTransaction")

Suggest the devs download the scanner and check on the issues themselves to improve security of the code since these servers are wide open for attack on the Internet per the README file.

RIPS info:
https://sourceforge.net/projects/rips-scanner/

https://superb-sea2.dl.sourceforge.net/project/rips-scanner/rips-0.55.zip

jr. member
Activity: 230
Merit: 5
]

Ok, every time you install the wallet GUI, a new wallet.aro file will be produced, overwriting your original. What you need to do is copy the wallet.aro file that has your ARO on, and move that out of the install directory for the GUI wallet. If you need to reinstall the wallet, after installation, copy the ARO wallet.aro file back into the GUI install directory.

I hope this makes sense

Thanks for advice.


I will back up both wallet.aro files and reinstall the wallet GUI.

But is it also valid to use the start wallet for transactions right?

Eh, sorry there as "dummys" issues.


I know that there is still no concept of "exchange", but it is even to learn later to move the currencies of the current portfolio to an exchange that works with the ARO coin.

Thanks.

Yes, the GUI wallet is perfectly fine to use to send or receive ARO, even though there is currently no exchange, however, you can join our Discord channel and there is a dedicated trading channel that you can access from there - https://arionum.info/discord/

Thank you very much for the advice.

Just rename the first wallet that I don't have the keys and put the good wallet in the same diretory location Smiley

At this moment I open the wallet with no problem.

Ok, I'm already in https://arionum.info/discord/

Thank for all...

MM


Brilliant! Glad you got it sorted Smiley
newbie
Activity: 10
Merit: 0
]

Ok, every time you install the wallet GUI, a new wallet.aro file will be produced, overwriting your original. What you need to do is copy the wallet.aro file that has your ARO on, and move that out of the install directory for the GUI wallet. If you need to reinstall the wallet, after installation, copy the ARO wallet.aro file back into the GUI install directory.

I hope this makes sense

Thanks for advice.


I will back up both wallet.aro files and reinstall the wallet GUI.

But is it also valid to use the start wallet for transactions right?

Eh, sorry there as "dummys" issues.


I know that there is still no concept of "exchange", but it is even to learn later to move the currencies of the current portfolio to an exchange that works with the ARO coin.

Thanks.

Yes, the GUI wallet is perfectly fine to use to send or receive ARO, even though there is currently no exchange, however, you can join our Discord channel and there is a dedicated trading channel that you can access from there - https://arionum.info/discord/

Thank you very much for the advice.

Just rename the first wallet that I don't have the keys and put the good wallet in the same diretory location Smiley

At this moment I open the wallet with no problem.

Ok, I'm already in https://arionum.info/discord/

Thank for all...

MM
jr. member
Activity: 230
Merit: 5
]

Ok, every time you install the wallet GUI, a new wallet.aro file will be produced, overwriting your original. What you need to do is copy the wallet.aro file that has your ARO on, and move that out of the install directory for the GUI wallet. If you need to reinstall the wallet, after installation, copy the ARO wallet.aro file back into the GUI install directory.

I hope this makes sense

Thanks for advice.


I will back up both wallet.aro files and reinstall the wallet GUI.

But is it also valid to use the start wallet for transactions right?

Eh, sorry there as "dummys" issues.


I know that there is still no concept of "exchange", but it is even to learn later to move the currencies of the current portfolio to an exchange that works with the ARO coin.

Thanks.

Yes, the GUI wallet is perfectly fine to use to send or receive ARO, even though there is currently no exchange, however, you can join our Discord channel and there is a dedicated trading channel that you can access from there - https://arionum.info/discord/
newbie
Activity: 10
Merit: 0
]

Ok, every time you install the wallet GUI, a new wallet.aro file will be produced, overwriting your original. What you need to do is copy the wallet.aro file that has your ARO on, and move that out of the install directory for the GUI wallet. If you need to reinstall the wallet, after installation, copy the ARO wallet.aro file back into the GUI install directory.

I hope this makes sense

Thanks for advice.


I will back up both wallet.aro files and reinstall the wallet GUI.

But is it also valid to use the start wallet for transactions right?

Eh, sorry there as "dummys" issues.


I know that there is still no concept of "exchange", but it is even to learn later to move the currencies of the current portfolio to an exchange that works with the ARO coin.

Thanks.
jr. member
Activity: 230
Merit: 5
]

Ok, every time you install the wallet GUI, a new wallet.aro file will be produced, overwriting your original. What you need to do is copy the wallet.aro file that has your ARO on, and move that out of the install directory for the GUI wallet. If you need to reinstall the wallet, after installation, copy the ARO wallet.aro file back into the GUI install directory.

I hope this makes sense
newbie
Activity: 10
Merit: 0
Hi,

can someone guide me how to load a wallet on GUI light wallet? Got wallet.aro, public and private key. Thanks

well, this should be pretty easy, open your GUI wallet, hit "Import" button, search for wallet.aro in your system and that's it

I have two wallet.aro.


Unfortunately I installed the wallet GUI first and I do not see the encripted key.


So I created a new wallet and that's when I get the coins and I have all the keys to access.

My question is that when I uninstall and re-install the wallet GUI, it seems to be taking over the old wallet. Is there no way to choose the wallet to open in the GUI?

Or do I have to choose to install the GUI wallet on another computer and restore the correct wallet.aro?

For example, when the currency ARO is in an exchange, how can I send the transaction from my wallet via the command line?

Thanks.
full member
Activity: 148
Merit: 100
Might be a noob question, but i still want to ask Wink

I am using ProgrammerDan's java miner on 2 PCs. I mine on aropool.com. Can i just mine using the same wallet address? I am using nearly the same config on both PCs, I just altered the worker name on PC No. 2.
Is it better to add a second receiving address to my wallet and use this address on PC2?

Thanks folks

Herr Vorragend

you can use same config, in fact is better if you do so, you will have no problem to see your address in historic shares (so no issue as other guys here with small h/s)
newbie
Activity: 1
Merit: 0
Might be a noob question, but i still want to ask Wink

I am using ProgrammerDan's java miner on 2 PCs. I mine on aropool.com. Can i just mine using the same wallet address? I am using nearly the same config on both PCs, I just altered the worker name on PC No. 2.
Is it better to add a second receiving address to my wallet and use this address on PC2?

Thanks folks

Herr Vorragend
hero member
Activity: 627
Merit: 500
Hi,

can someone guide me how to load a wallet on GUI light wallet? Got wallet.aro, public and private key. Thanks

"restore" wallet.aro

linux version is better.

agree Smiley but with GUI wallet it sounds like guy is using windows, not sure if he'll be happy with cli
Both Windows and Linux versions should be good, but personal habits are different.
full member
Activity: 148
Merit: 100
Hi,

can someone guide me how to load a wallet on GUI light wallet? Got wallet.aro, public and private key. Thanks

"restore" wallet.aro

linux version is better.

agree Smiley but with GUI wallet it sounds like guy is using windows, not sure if he'll be happy with cli
sr. member
Activity: 644
Merit: 251
Hi,

can someone guide me how to load a wallet on GUI light wallet? Got wallet.aro, public and private key. Thanks

"restore" wallet.aro

linux version is better.
full member
Activity: 148
Merit: 100
Hi,

can someone guide me how to load a wallet on GUI light wallet? Got wallet.aro, public and private key. Thanks

well, this should be pretty easy, open your GUI wallet, hit "Import" button, search for wallet.aro in your system and that's it
Pages:
Jump to: