-snip-
That "small issue" which you deemed unworthy for a fork was most likely the reason you had to stop the faucet. I'm sorry but you guys are clueless, you were working hard to get this going, I'm sure about that, but you were clearly improvising as issues came along without much thought and in the end you dropped the ball and now you have a bunch of annoyed brats calling you scammers. My advise is to drop the whole thing, start from scratch, do a beta test, then relaunch with a solid platform in a month or so, if you need any help I'm always online.
If it works it's don't fix it doesn't cut it with crypto where prying eyes are looking for easy pray. You need to think about how your platform can fail rather than what it would take to work
That "small issue" which you deemed unworthy for a fork was most likely the reason you had to stop the faucet. I'm sorry but you guys are clueless, you were working hard to get this going, I'm sure about that, but you were clearly improvising as issues came along without much thought and in the end you dropped the ball and now you have a bunch of annoyed brats calling you scammers. My advise is to drop the whole thing, start from scratch, do a beta test, then relaunch with a solid platform in a month or so, if you need any help I'm always online.
If it works it's don't fix it doesn't cut it with crypto where prying eyes are looking for easy pray. You need to think about how your platform can fail rather than what it would take to work
I do agree with you on the point that the issue could have lead to the faucet's end, but you have to consider what it actually was. The people who actually have enough power and know-how to execute an attack on the faucet could have easily monitored outgoing connections and found that URL. What we had to do was implement something that verifies the wallet is indeed a wallet (maybe a key hard coded into it that an attacker couldn't take), but the problem there is that there are still ways to easily exploit it such as getting a VPS. For now, what's done is done and until the 2,000 wallets came on in an hour, our faucet was distributing on par with the expectations we had from the download count. Therefore, our most logical solution (I believe) would be to drop the Proof of Faucet idea and move on, it's clear that the old implementation of FindYouCoin didn't survive and since our distribution is fair at the moment simply burning the coins should suffice. If there's a reason to relaunch here, I don't see it as Proof of Faucet cannot be fixed to stop a VPS.
Sure you can stop VPS, just don't credit requests made from non residential ISP ranges, there are ready lists available, or like I said earlier you can just use the maxmind api which is meant for order fraud prevention https://www.maxmind.com/en/geoip2-anonymous-ip-database. And if SSL is implemented correctly it will be quite a task to figure out what requests i.e. secret handshake is made between the wallet and faucet server, at least not without some really in-depth wallet debugging.
I'll bet you 10BTC nobody bothered to run 2000 instances of the wallet, the requests came directly to the faucet url from a botnet.
I wouldn't take that bet
. I looked over the maxmind API and I think its just what we needed, but my biggest point was that we distributed fairly up until now and the most elegant solution would be to burn the funds. Do you agree with this?