|
Title: Possible Google Recaptcha exploit used by scam sites to drain legit faucets Post by: johnjacksonbtc on March 14, 2016, 07:35:21 PM I want to report this triplet of websites that looks one level more suspicious than usual SCAM sites - freecoinmonster.com, satoshihere.com, satoshisatoshi.com. Possible scheme follows - user claims enormous amounts of satoshis just for solving Google Captcha more than few times per minutes and per user. At the beginning of scam testing I was unable to figure how they can earn money with this scam. Google Captcha's sometimes randomly appears with messages - session expires or invalid API. I came to conclusion that these captchas are coming from different sites to bypass antibot systems that depends only on Google Captcha. So whether is this possible (google captcha iframe data retrieving from other sites) or not I strongly recommend faucet owners to make their antibot systems unique to solve this possible nasty issue. I have studied lot of bitcoin faucets and considerable part sits only on Google Captcha, you may check up my site for faucet list.
Happy non-bot earnings from bitcoin faucets, John Jackson Title: Re: Possible Google Recaptcha exploit used by scam sites to drain legit faucets Post by: Fortify on March 14, 2016, 09:30:32 PM Most varieties of captchas are vulnerable to automatic analysis. The highest end captchas are usually defeated in the way you describe - human viewers entering the captcha that is then submitting a form elsewhere. It might be creating thousands of accounts at places like yahoo and some blackhat people make a lot of money with this sort of automation hacking. Anyone who is giving away money via things like a faucet will always be a target for attacks
Title: Re: Possible Google Recaptcha exploit used by scam sites to drain legit faucets Post by: Racey on March 14, 2016, 11:47:49 PM I want to report this triplet of websites that looks one level more suspicious than usual SCAM sites - freecoinmonster.com, satoshihere.com, satoshisatoshi.com. Possible scheme follows - user claims enormous amounts of satoshis just for solving Google Captcha more than few times per minutes and per user. At the beginning of scam testing I was unable to figure how they can earn money with this scam. Google Captcha's sometimes randomly appears with messages - session expires or invalid API. I came to conclusion that these captchas are coming from different sites to bypass antibot systems that depends only on Google Captcha. So whether is this possible (google captcha iframe data retrieving from other sites) or not I strongly recommend faucet owners to make their antibot systems unique to solve this possible nasty issue. I have studied lot of bitcoin faucets and considerable part sits only on Google Captcha, you may check up my site for faucet list. Happy non-bot earnings from bitcoin faucets, John Jackson Good catch, I guess you could iframe the captcha, it is there if you inspect element in your browser. Title: Re: Possible Google Recaptcha exploit used by scam sites to drain legit faucets Post by: johnjacksonbtc on March 15, 2016, 09:14:55 AM I want to report this triplet of websites that looks one level more suspicious than usual SCAM sites - freecoinmonster.com, satoshihere.com, satoshisatoshi.com. Possible scheme follows - user claims enormous amounts of satoshis just for solving Google Captcha more than few times per minutes and per user. At the beginning of scam testing I was unable to figure how they can earn money with this scam. Google Captcha's sometimes randomly appears with messages - session expires or invalid API. I came to conclusion that these captchas are coming from different sites to bypass antibot systems that depends only on Google Captcha. So whether is this possible (google captcha iframe data retrieving from other sites) or not I strongly recommend faucet owners to make their antibot systems unique to solve this possible nasty issue. I have studied lot of bitcoin faucets and considerable part sits only on Google Captcha, you may check up my site for faucet list. Happy non-bot earnings from bitcoin faucets, John Jackson Good catch, I guess you could iframe the captcha, it is there if you inspect element in your browser. Their captcha's structurally does not differs in structure, usual google captcha iframe. The point is that google does not knows for which endpoint (IP address) captcha must be applied, most likely because faucet server does not tells google - please use this captcha for user with ip adress 12.34.56.78. Title: Re: Possible Google Recaptcha exploit used by scam sites to drain legit faucets Post by: jackg on March 28, 2016, 10:42:21 PM The tripplet of sites in the OP, does anyone know if they are legit.
What you are saying, could tey be using this as a way of solving vaptchas on other faucet sites for their own personal gain. I.E. A site of satoshisatoshi, could be using another site to gain earnings from with the users getting a certain payment from this. Specific to satoshisatoshi: the links at the top of the pages are refferral links, not links for a partnetship site. Title: Re: Possible Google Recaptcha exploit used by scam sites to drain legit faucets Post by: Sweetasdad on October 15, 2018, 06:12:20 AM HAS TO BE THE BIGGEST "SCUM WITH A SCAM!. 100% +...Google Recaptcha, and sites that use it allow it, so BOTH are "SCUM WITH A SCAM!."
|