Pages:
Author

Topic: 🎄 FaucetSystem.com / CryptoBara.com 🎄 - page 16. (Read 38067 times)

sr. member
Activity: 361
Merit: 250
November 17, 2016, 09:23:31 AM
#31
Just now send a deposit to start faucet business with you .  Cheesy
I really like your faucet .  Cheesy
member
Activity: 127
Merit: 10
November 17, 2016, 07:10:14 AM
#30
AntibotInside
We save your money


Download: FS_faucet_v2 script with AntibotInside integration

Demo #1: http://faucet.faucetsystem.com/
Demo #2: http://biciklo.xyz/

Requirements: PHP (5.6+ with standart extension: pdo, curl and etc), Apache with mod_rewrite, MySQL.
Licence: Free

Features:
Installation guide:
1) Download the faucet script and unzip downloaded archive.
2) Create a MySQL database.
3) Import a SQL dump (dump.sql in archive) file to mysql (you can use phpMyAdmin to import a SQL dump file into your MySQL database).
4) Edit config.php (you can open and edit it using a plain text editor program like Notepad).
5) Upload all files from the directory to your server's public directory.
6) To grant the Apache web server write permissions for the "tmp" directory.
7) Open your website and go to Admin Zone (defaul login: admin, default password: admin).
hero member
Activity: 798
Merit: 500
November 17, 2016, 03:09:35 AM
#29
only 1 faucet on the list.......
member
Activity: 127
Merit: 10
November 17, 2016, 02:30:18 AM
#28
1. "http://faucetsystem.com/check/" instead of "https://faucetsystem.com/check" is used as a base for balance check for users
2. in "update_faucetinabox_r66_plus" you set 'verify_peer' => false in services.php. That breaks all security, you can just as well use plain http. What's more, setting it like that in services.php means that it applies to all services, not just your FaucetSystem.com!
Solved.
Thanks for your advice and suggestions, Kazuldur.

Will I be able to withdraw my earnings without having to create an account?
Yes

This sound really useful, refund payments may create lots of confusion as well as may add lots of manual work for administration team.
Bot owners will be really confused.
legendary
Activity: 994
Merit: 1000
November 17, 2016, 12:46:53 AM
#27
Looks like faucet script is running without any issue claimed at http://biciklo.xyz/
Quote
Add bad ip blocking with refund payments
This sound really useful, refund payments may create lots of confusion as well as may add lots of manual work for administration team.
hero member
Activity: 882
Merit: 976
November 17, 2016, 12:16:08 AM
#26
Will I be able to withdraw my earnings without having to create an account?
legendary
Activity: 971
Merit: 1000
November 16, 2016, 02:34:38 PM
#25
1. it defaults to HTTP on the website
I will totally remove HTTP
Good to hear that Smiley

Quote
2. it does support HTTPS, but it's a free certificate from CloudFlare, so I bet they're using the "Flexible SSL" setting. That means that connection is only encrypted between you and CloudFlare, but then it's unencrypted plaintext between CloudFlare and FaucetSystem.com servers.
FULL, but self-signed
That's only a little bit better. Please use a valid certificate and "strict" option on CloudFlare. You can get free, really nice certificate from LetsEncrypt.

Quote
3. they use HTTP endpoints in their libs for migrating Faucet in a BOX script
solved
There are still some problems here.

1. "http://faucetsystem.com/check/" instead of "https://faucetsystem.com/check" is used as a base for balance check for users
2. in "update_faucetinabox_r66_plus" you set 'verify_peer' => false in services.php. That breaks all security, you can just as well use plain http. What's more, setting it like that in services.php means that it applies to all services, not just your FaucetSystem.com!

Quote
4. their login form is vulnerable to brute-force attacks
5. no password reset?
6. "I agree to terms and conditions" checkbox, but there's no link to terms anywhere
7. fees for users (not just owners deposits), that doesn't seem to be mentioned anywhere on the site, only here on forum
Several days and im fixing it
Quote
8. there are CSRF vulnerabilities on all forms! That's critical! It means that if someone can compell you to click anything on a random site while you're logged to FaucetSystem.com, they can do pretty much any action on your account. Imagine that someone asks you to check his faucet, you click "Claim" on their faucet and suddenly API keys of all your own faucets are disabled! I think that only password changing is protected (as it requires providing old password).
solved
Thanks, Kazuldur.
Nice! Smiley. With CSRF fixed we'll probably add FaucetSystem.com support officially in next Faucet in a BOX version Smiley

EDIT:
Seems like ePay.info is going to be free: https://bitcointalk.org/index.php?topic=1149545.new;topicseen#new . Are you going to compete with that in any way?
legendary
Activity: 971
Merit: 1000
November 16, 2016, 02:07:14 PM
#24


EDIT:
my faucet is selfmade can you give me some startup how to send a payment with your api ?


$pay = new FaucetSystem($api_key, $currency);
$pay ->send($to, $user['balance']);

Replace 'faucetbox.com' by 'faucetsystem.com' in your scripts and enjoy.

where to edit faucetsystem.com Huh?


iam using this for faucetbox payments


$pay = new FaucetBox($api_key, $currency);
$pay ->send($to, $user['balance']);



and they provided a php class for this ....

can i use the same class ?=?


can you explan a bit more i dont understand how to implement your system.



kind regards

Open the faucetbox.php file that you got from FaucetBOX.com and replace all "faucetbox.com" text in that file with "faucetsystem.com".
legendary
Activity: 1582
Merit: 1031
November 16, 2016, 01:52:28 PM
#23


EDIT:
my faucet is selfmade can you give me some startup how to send a payment with your api ?


$pay = new FaucetSystem($api_key, $currency);
$pay ->send($to, $user['balance']);

Replace 'faucetbox.com' by 'faucetsystem.com' in your scripts and enjoy.

where to edit faucetsystem.com Huh?


iam using this for faucetbox payments


$pay = new FaucetBox($api_key, $currency);
$pay ->send($to, $user['balance']);



and they provided a php class for this ....

can i use the same class ?=?


can you explan a bit more i dont understand how to implement your system.



kind regards
sr. member
Activity: 364
Merit: 250
November 16, 2016, 02:36:17 AM
#22
Good to see that faucethub will have an "rival", I saw people here talking about problems and well, maybe you should make it all perfect before launching to avoid this kind of comments however seems like you are working in all questions that people asked here, so good luck with your project!
legendary
Activity: 1524
Merit: 1001
NOBT - WNOBT your saving bank◕◡◕
November 16, 2016, 02:12:51 AM
#21
  This is good news for the launch of this service, The existence of this service before the other closure useful step
   
  for faucet owners and users.

I wish you all the best for the new project.
legendary
Activity: 3262
Merit: 1376
Slava Ukraini!
November 15, 2016, 07:02:30 PM
#20
As I understand, to receive payments, users have to sign a message. Why?
No, signature need if you want to change a threshold or personal fee.
Quote
And this is only micropayments service which charge fees for users withdraws
Code:
Lets calculate:
100 users have 15000 satoshi.
100 * 15 000 = 1 500 000
I have 2 inputs and 100 outs.
150 * 2 + 35 * 100 = 3800
Get recommended fee: https://bitcoinfees.21.co/api/v1/fees/recommended now=50
We are not in a hurry, get - 30
Transaction fee in satoshi: 30 * 3 800 = 114 000

114 000/1 500 000 *100% = 7.6%
I can optimization it through user fee.

I understand that tranactions cost much and you have to cover it from somewhere. Minimal fees on your service isn't high, so, it's not a problem. I wish you luck with your service, I will use it when it will be some faucets.
By the way, as I understand you are owner of biciklo.xyz faucet. I tried it and I received satoshi only after 3 attempts. First two times after solving recaptcha I wasn't redirected to anti bot page, site only reloaded. I think you have to fix something.
member
Activity: 127
Merit: 10
November 15, 2016, 06:48:45 PM
#19
As I understand, to receive payments, users have to sign a message. Why?
No, signature need if you want to change a threshold or personal fee.
Quote
And this is only micropayments service which charge fees for users withdraws
Code:
Lets calculate:
100 users have 15000 satoshi.
100 * 15 000 = 1 500 000
I have 2 inputs and 100 outs.
150 * 2 + 35 * 100 = 3800
Get recommended fee: https://bitcoinfees.21.co/api/v1/fees/recommended now=50
We are not in a hurry, get - 30
Transaction fee in satoshi: 30 * 3 800 = 114 000

114 000/1 500 000 *100% = 7.6%
I can optimization it through user fee.
legendary
Activity: 3262
Merit: 1376
Slava Ukraini!
November 15, 2016, 06:04:53 PM
#18
I visited faucetsystem.com and first look isn't very good. I only found some basic information about website. There are no any F.A.Q., any information how to contact for support questions. Website looks like didn't finished yet.
As I understand, to receive payments, users have to sign a message. Why? And this is only micropayments service which charge fees for users withdraws.
Do your service have something unique, what others service don't have? Why it's better than others?
member
Activity: 127
Merit: 10
November 15, 2016, 06:01:01 PM
#17
I went to the deposit screen and got this.
When I refreshed the page, the errors went away.
Thanks.
Dont panic, everything goes as planned.
sr. member
Activity: 272
Merit: 250
November 15, 2016, 05:53:18 PM
#16


I went to the deposit screen and got this.
When I refreshed the page, the errors went away.

member
Activity: 127
Merit: 10
November 15, 2016, 05:48:51 PM
#15
1. it defaults to HTTP on the website
I will totally remove HTTP
EDIT:
my faucet is selfmade can you give me some startup how to send a payment with your api ?


$pay = new FaucetSystem($api_key, $currency);
$pay ->send($to, $user['balance']);

Replace 'faucetbox.com' by 'faucetsystem.com' in your scripts and enjoy.
legendary
Activity: 1582
Merit: 1031
November 15, 2016, 03:25:28 PM
#14
gread to see a new micropayment system but your fee 2% is dobble than epay.....

but anyway i registered and lees so what my faucet users says Tongue

EDIT:
my faucet is selfmade can you give me some startup how to send a payment with your api ?


$pay = new FaucetSystem($api_key, $currency);
$pay ->send($to, $user['balance']);




Huh



kind regards
legendary
Activity: 971
Merit: 1000
November 15, 2016, 03:08:32 PM
#13
Here are my problems with FaucetSystem.com in it's current form:

1. it defaults to HTTP on the website
2. it does support HTTPS, but it's a free certificate from CloudFlare, so I bet they're using the "Flexible SSL" setting. That means that connection is only encrypted between you and CloudFlare, but then it's unencrypted plaintext between CloudFlare and FaucetSystem.com servers.
3. they use HTTP endpoints in their libs for migrating Faucet in a BOX script
4. their login form is vulnerable to brute-force attacks
5. no password reset?
6. "I agree to terms and conditions" checkbox, but there's no link to terms anywhere
7. fees for users (not just owners deposits), that doesn't seem to be mentioned anywhere on the site, only here on forum
8. there are CSRF vulnerabilities on all forms! That's critical! It means that if someone can compell you to click anything on a random site while you're logged to FaucetSystem.com, they can do pretty much any action on your account. Imagine that someone asks you to check his faucet, you click "Claim" on their faucet and suddenly API keys of all your own faucets are disabled! I think that only password changing is protected (as it requires providing old password).

I wouldn't use that if I were creating a faucet.
hero member
Activity: 909
Merit: 506
November 15, 2016, 07:24:29 AM
#12
Dude - there is no SSL - you want that owners create an account (transmitt the credentials in PLAINTEXT) and deposit their Bitcoins but you do not provide a encrypted connection ? - sorry without me

My plain login: [email protected]
My plain password: 6118127346908032

After login typing in omnibox http://faucetsystem.com/u/admin/, select bitcoindsendAllTo or notice me ([email protected]) and Im increasing amount in 10 times.
this is cool, but not everyone can or is able to sign a message, e.g. XAPO addresses.
Pages:
Jump to: