|
Title: PSA: Bots have figured out funcaptcha Post by: coinableS on December 19, 2015, 05:29:07 PM My faucet was emptied in about an hour from a bot. Funcaptcha has been great against bots, but doesn't look like anymore.
The culprit referrer: 35iPaDcjQqViRkXXHnagGYoKGxvCpEmcZk https://i.imgur.com/9TKfwqS.png?1 Title: Re: PSA: Bots have figured out funcaptcha Post by: Lucius on December 19, 2015, 05:48:14 PM Bad news for faucet owners.From what I saw FunCaptcha constantly doing some changes and it seemed to be the safest of all.Have you contacted FunCaptcha owners, what they say about it?
Title: Re: PSA: Bots have figured out funcaptcha Post by: The Sceptical Chymist on December 19, 2015, 05:59:30 PM Oh, so the bots have figured out how to drag a basketball over to the black guy's upraised arms? How incredibly racist is that.
Thanks for the PSA and I'm sorry your faucet got shanked. Title: Re: PSA: Bots have figured out funcaptcha Post by: btc4 on December 19, 2015, 06:21:34 PM do you can share your faucet link? maybe this user use surfing sites to collecting referrals! the amount stolen is not high.
Title: Re: PSA: Bots have figured out funcaptcha Post by: coinableS on December 19, 2015, 06:33:08 PM do you can share your faucet link? maybe this user use surfing sites to collecting referrals! the amount stolen is not high. I'm afraid it would have been much higher if I had a larger balance in my faucet. It was definitely a bot attack. Title: Re: PSA: Bots have figured out funcaptcha Post by: Racey on December 19, 2015, 06:34:59 PM My faucet was emptied in about an hour from a bot. Funcaptcha has been great against bots, but doesn't look like anymore. The culprit referrer: 35iPaDcjQqViRkXXHnagGYoKGxvCpEmcZk https://i.imgur.com/9TKfwqS.png?1 The referrer has a you tube account https://www.youtube.com/user/ARAMIC2007 Got his addy from here 35iPaDcjQqViRkXXHnagGYoKGxvCpEmcZk (https://www.youtube.com/watch?v=q91__Of_jZk) Title: Re: PSA: Bots have figured out funcaptcha Post by: coinableS on December 19, 2015, 06:38:16 PM My faucet was emptied in about an hour from a bot. Funcaptcha has been great against bots, but doesn't look like anymore. The culprit referrer: 35iPaDcjQqViRkXXHnagGYoKGxvCpEmcZk https://i.imgur.com/9TKfwqS.png?1 The referrer has a you tube account https://www.youtube.com/user/ARAMIC2007 Got his addy from here 35iPaDcjQqViRkXXHnagGYoKGxvCpEmcZk (https://www.youtube.com/watch?v=q91__Of_jZk) Yea I saw that too... What is interesting is that every single account this person "referred" is also a multisig address. Typically I only see a few multisig addresses here and there, then all of a sudden every single person is "referred" by this guy and every single one also has a multisig address. No coincidence. Title: Re: PSA: Bots have figured out funcaptcha Post by: Racey on December 19, 2015, 06:42:08 PM My faucet was emptied in about an hour from a bot. Funcaptcha has been great against bots, but doesn't look like anymore. The culprit referrer: 35iPaDcjQqViRkXXHnagGYoKGxvCpEmcZk https://i.imgur.com/9TKfwqS.png?1 The referrer has a you tube account https://www.youtube.com/user/ARAMIC2007 Got his addy from here 35iPaDcjQqViRkXXHnagGYoKGxvCpEmcZk (https://www.youtube.com/watch?v=q91__Of_jZk) Yea I saw that too... What is interesting is that every single account this person "referred" is also a multisig address. Typically I only see a few multisig addresses here and there, then all of a sudden every single person is "referred" by this guy and every single one also has a multisig address. No coincidence. So he is using multiple addresses it seems, are the ips the same, if not he is very clever on changing it. I could be wrong in my assumption though. Title: Re: PSA: Bots have figured out funcaptcha Post by: coinableS on December 19, 2015, 06:46:32 PM My faucet was emptied in about an hour from a bot. Funcaptcha has been great against bots, but doesn't look like anymore. The culprit referrer: 35iPaDcjQqViRkXXHnagGYoKGxvCpEmcZk https://i.imgur.com/9TKfwqS.png?1 The referrer has a you tube account https://www.youtube.com/user/ARAMIC2007 Got his addy from here 35iPaDcjQqViRkXXHnagGYoKGxvCpEmcZk (https://www.youtube.com/watch?v=q91__Of_jZk) Yea I saw that too... What is interesting is that every single account this person "referred" is also a multisig address. Typically I only see a few multisig addresses here and there, then all of a sudden every single person is "referred" by this guy and every single one also has a multisig address. No coincidence. So he is using multiple addresses it seems, are the ips the same, if not he is very clever on changing it. I could be wrong in my assumption though. Nope, the script I wrote only allows unique IP's, so it has to be a bot that changes it's IP and address for each claim thus racking up his balance in referral earnings from his fake bot referrals. Title: Re: PSA: Bots have figured out funcaptcha Post by: Racey on December 19, 2015, 06:49:34 PM I also noted that ARAMAIC 2007 https://www.youtube.com/user/ARAMIC2007 has a bitcoin related website.
http://blog.yosyfovych.te.ua/ Title: Re: PSA: Bots have figured out funcaptcha Post by: Gifted on December 19, 2015, 07:01:32 PM I also noted that ARAMAIC 2007 https://www.youtube.com/user/ARAMIC2007 has a bitcoin related website. maybe we should do some sql injection on his site LOLhttp://blog.yosyfovych.te.ua/ Title: Re: PSA: Bots have figured out funcaptcha Post by: ixus on December 19, 2015, 07:42:53 PM I also noted that ARAMAIC 2007 https://www.youtube.com/user/ARAMIC2007 has a bitcoin related website. That guy writes about his big real humans referral network :) for the faucets, while he's not hesitates to use bots and proxys for some services. Really sad and educational reading. http://blog.yosyfovych.te.ua/ Title: Re: PSA: Bots have figured out funcaptcha Post by: Funny on December 19, 2015, 11:45:06 PM My faucet was emptied in about an hour from a bot. Funcaptcha has been great against bots, but doesn't look like anymore. The culprit referrer: 35iPaDcjQqViRkXXHnagGYoKGxvCpEmcZk https://i.imgur.com/9TKfwqS.png?1 Wow. Never thought that funcaptcha was vulnerable. I had difficulties completing funcaptcha myself. Title: Re: PSA: Bots have figured out funcaptcha Post by: Bought on December 20, 2015, 01:19:12 AM Fuck the bots. they're ruining all the faucets.
Title: Re: PSA: Bots have figured out funcaptcha Post by: FaucetRank.com on December 20, 2015, 01:59:58 AM That's why I said don't use faucet box script . Create a xapo faucet and force users to claim with only email . A xapo user need to create a verified xapo account in order to withdraw his fund if email doesn't have xapo account then claimed amount will be returned to you after 7days.
Title: Re: PSA: Bots have figured out funcaptcha Post by: FaucetRank.com on December 20, 2015, 02:02:05 AM My faucet was emptied in about an hour from a bot. Funcaptcha has been great against bots, but doesn't look like anymore. As I know your captcha wasn't set to advance security .The culprit referrer: 35iPaDcjQqViRkXXHnagGYoKGxvCpEmcZk https://i.imgur.com/9TKfwqS.png?1 Title: Re: PSA: Bots have figured out funcaptcha Post by: Funny on December 20, 2015, 02:36:12 AM That's why I said don't use faucet box script . Create a xapo faucet and force users to claim with only email . A xapo user need to create a verified xapo account in order to withdraw his fund if email doesn't have xapo account then claimed amount will be returned to you after 7days. Wow.. I never knew that was the case. I'm might develop my own faucet, now that I see that's the case I'll definitely stick with Xapo if I do open a faucet. Title: Re: PSA: Bots have figured out funcaptcha Post by: Gifted on December 20, 2015, 03:09:51 AM That's why I said don't use faucet box script . Create a xapo faucet and force users to claim with only email . A xapo user need to create a verified xapo account in order to withdraw his fund if email doesn't have xapo account then claimed amount will be returned to you after 7days. Not to put xapo down because i own one too, btc address works too.Xapo cashes them out on the btc address when it reaches 5500 and there is a way to change when they cash out through their apiTitle: Re: PSA: Bots have figured out funcaptcha Post by: maokoto on December 20, 2015, 04:07:19 AM Too bad, as a faucet user, I like funcaptcha. It is easy to complete and fast, and you do not make mistakes easy as with other faucets in which you have to type to complete.
Title: Re: PSA: Bots have figured out funcaptcha Post by: FaucetRank.com on December 20, 2015, 04:09:04 AM That's why I said don't use faucet box script . Create a xapo faucet and force users to claim with only email . A xapo user need to create a verified xapo account in order to withdraw his fund if email doesn't have xapo account then claimed amount will be returned to you after 7days. Not to put xapo down because i own one too, btc address works too.Xapo cashes them out on the btc address when it reaches 5500 and there is a way to change when they cash out through their apiThat's why I said force users to enter only email and you can do it by simple coding. Title: Re: PSA: Bots have figured out funcaptcha Post by: ixus on December 20, 2015, 06:48:59 AM Thou OP don't shares his faucet link, my opinion is that it rather proxy scheme than the bot one. If you use two different type of captchas simultaneously and consequently it will reduce probability for bots. But, in the other hand, too complicated claiming procedure(especially with those "anti-bot" tricks ) will repel simple users.
Title: Re: PSA: Bots have figured out funcaptcha Post by: lelouch90 on December 20, 2015, 09:13:18 AM Bad news for faucet owners if your settings were the highest against bots.
Title: Re: PSA: Bots have figured out funcaptcha Post by: monbux on December 20, 2015, 04:11:35 PM Thou OP don't shares his faucet link, my opinion is that it rather proxy scheme than the bot one. If you use two different type of captchas simultaneously and consequently it will reduce probability for bots. But, in the other hand, too complicated claiming procedure(especially with those "anti-bot" tricks ) will repel simple users. Yeah, many might get annoyed and just leave your faucet and never come back. Why not just switch your captcha provider and see what happens?Title: Re: PSA: Bots have figured out funcaptcha Post by: FunCaptcha_James on December 20, 2015, 10:45:36 PM Hi everyone,
We appreciate everyone's diligence! The good news is that we're not seeing any traffic that would indicate a breach but we want to be sure. Can you please link me to the faucet which you believe is seeing enhanced bot traffic? This will allow us to confirm if there is or isn't bot activity. Thanks, James Title: Re: PSA: Bots have figured out funcaptcha Post by: Racey on December 20, 2015, 10:52:18 PM That's why I said don't use faucet box script . Create a xapo faucet and force users to claim with only email . A xapo user need to create a verified xapo account in order to withdraw his fund if email doesn't have xapo account then claimed amount will be returned to you after 7days. Not to put xapo down because i own one too, btc address works too.Xapo cashes them out on the btc address when it reaches 5500 and there is a way to change when they cash out through their apiThat's why I said force users to enter only email and you can do it by simple coding. Send me a phone to use Xapo ;D You cannot penalize users with no moblie phone. Title: Re: PSA: Bots have figured out funcaptcha Post by: ixus on December 21, 2015, 07:59:37 AM Looking at https://faucetbox.com/check/35iPaDcjQqViRkXXHnagGYoKGxvCpEmcZk
It's probably http://bitcodice.com/ . It has "4 factor" Funcaptcha and as I told is susceptible to a proxy scheme. But captcha, most probably, is solved by a real person, not a bot. Title: Re: PSA: Bots have figured out funcaptcha Post by: FaucetRank.com on December 21, 2015, 08:12:50 AM The truth is 90-99% cheating/spams done by real humans not by bot .
Title: Re: PSA: Bots have figured out funcaptcha Post by: BitcoinFuture99 on December 21, 2015, 09:35:39 AM Hi everyone, We appreciate everyone's diligence! The good news is that we're not seeing any traffic that would indicate a breach but we want to be sure. Can you please link me to the faucet which you believe is seeing enhanced bot traffic? This will allow us to confirm if there is or isn't bot activity. Thanks, James I have better Idea for you FunCaptcha. FunCaptcha should introduce new feature that every user must be registered with Funcaptcha and to solve captcha user must login. And user account must be verified with phone verification. This might reduce allot of bot attacks, also funcaptcha can then watch suspicious location activity. Bot Makers will have then allot of struggle to solve it. CaptchaSolver services introducing allot of new ways daily to solve any kind of captcha. I had a bot attack and funcaptcha not worked during attack. |
