Author

Topic: Proof Of Faucet Concepts And It's Vulnerability (Read 1432 times)

legendary
Activity: 882
Merit: 1024
December 31, 2014, 02:55:01 PM
#6
A friend of mine told me a month ago or so how he was able to drain faucets through this method. For the moment I don't think Proof of Faucet is viable as it's too easy to game. I think it would be better to just have someone doing giveaways where you can identify whether or not the receiver is part of multiple profiles and exclude them on a case to case basis.
newbie
Activity: 3
Merit: 0
I can confirm that even with the -proxy parameter disabled, users can still connect via proxy (at least with Windows). FindCoin has this disabled, but I was able to run 5 separate wallets via HTTPS proxies and received coins for each one. Until this can be addressed and fixed, I have to agree that proof of faucet coins need some type of additional security to prevent abuse.
legendary
Activity: 1540
Merit: 1001
Crypto since 2014
I tried this but my wallets wouldn't connect to peers. Which proxies did you use?
Basically "socks proxies".
Well, I checked the bitcoin's wiki page; https://en.bitcoin.it/wiki/Running_Bitcoin#Command-line_arguments
It was saying that I needed to use Socks proxies.
" -proxy=       Connect through SOCKS proxy"
So I went to the hide my ass, http://proxylist.hidemyass.com/
and filtered the proxies according to the protocol.

Probably you've tried with http(s) proxies that's why it didn't work for you...
I'm sure I tried SOCKS. I just didn't use hidemyass' proxies. Thanks for the info.
legendary
Activity: 1274
Merit: 1000
★ BitClave ICO: 15/09/17 ★
I tried this but my wallets wouldn't connect to peers. Which proxies did you use?
Basically "socks proxies".
Well, I checked the bitcoin's wiki page; https://en.bitcoin.it/wiki/Running_Bitcoin#Command-line_arguments
It was saying that I needed to use Socks proxies.
" -proxy=       Connect through SOCKS proxy"
So I went to the hide my ass, http://proxylist.hidemyass.com/
and filtered the proxies according to the protocol.

Probably you've tried with http(s) proxies that's why it didn't work for you...
legendary
Activity: 1540
Merit: 1001
Crypto since 2014
I tried this but my wallets wouldn't connect to peers. Which proxies did you use?
legendary
Activity: 1274
Merit: 1000
★ BitClave ICO: 15/09/17 ★
Hi We all meet "Proof of Faucet" concept with MiracleCoin as all we know it's worthless now, but it sill has a value.
Then A second POF coin appeared that named "Find You Coin" which is already a trash.

I want to reveal a Vulnerability about this concept.

As you know these faucet distrubitions are just "senseless". Why? Because it can be easily manipulated, Why? Because it's only checking client's ip address.

How to collect more coin with just one pc?
First of all I downloaded and synced FindYouCoin's wallet.
Then I copied blockchain data from %appdata%\FindYouCoin to
D:\FindYouCoin
D:\FindYouCoin2
D:\FindYouCoin3
D:\FindYouCoin4 ... etc.
I deleted wallet.dat file in these folders.

Then, I created a few shortcuts to my original Wallet executable like these;

C:\Users\Username\Desktop\FindYouCoin-qt.exe -datadir=D:\FindYouCoin -proxy=ip2:port2
C:\Users\Username\Desktop\FindYouCoin-qt.exe -datadir=D:\FindYouCoin2 -proxy=ip3:port3
C:\Users\Username\Desktop\FindYouCoin-qt.exe -datadir=D:\FindYouCoin3 -proxy=ip4:port4 ... etc.

Then I started all wallets. All of them got coins from faucet distrubition because all of them were seen as a diffrent users' wallets.
This concept doesn't check for proxys...

And I dumped all of coins from distrubition. I'm not going to answer how much btc I got.

I opened this thread to warn everybody about these type coins.

Developers may disable -proxy parameter of the wallet in case of this kinda abuse.
Jump to: