Bitcoin Forum

Economy => Micro Earnings => Topic started by: Gifted on August 04, 2016, 09:20:39 PM


Title: Security patch for Xapo faucet script
Post by: Gifted on August 04, 2016, 09:20:39 PM
Ok guys, there is another hack that can be fixed by replacing this code in your index.php file not the one in style.


 Patch V1.1

find this code
Code:
if($response->success){
      $view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Congratulations you have won '.$amount.' Satoshis !!!</p></div></div>';
      $url = get_main_url()."?r=".$username;
      $view['main']['ref_link'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Share your referal link and earn a '.$settings["referral_percentage"].'% lifetime bonus. Your referal link is '.$url.'</p></div></div>';

and replace with this


Code:
if($response->success){
   header('Refresh: 30;url=change to your faucets url');
 $view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Congratulations you have won '.$amount.' Satoshis !!!</p></div></div>';
      $url = get_main_url()."?r=".$username;
      $view['main']['ref_link'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Share your referal link and earn a '.$settings["referral_percentage"].'% lifetime bonus. Your referal link is '.$url.'</p></div></div>';

This redirects back to your page after 30 seconds so that the captcha resets so that a imacro program cannot be programmed to just refresh and get credit every hour when they are sleeping. i would suggest do this immediately!  Make sure you put your faucet address where is says change to your faucet url.

Title: Re: Security patch for Xapo faucet script
Post by: Gifted on August 04, 2016, 09:44:05 PM
Security Patch V1.2 :



Got to index.php in the main root and find this:

Code:
$response = @file('http://verify.solvemedia.com/papi/verify?privatekey=' . $settings['solvemedia_verification_key'] . '&challenge=' . rawurlencode($captchaChallange) . '&response=' . rawurlencode($captchaResponse) . '&remoteip=' . $ip);

  if (!isset($response[0]) || trim($response[0]) === 'false'){
    $view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-danger"><p>Wrong captcha!</p></div></div>';
    $message                     = "Wrong captcha";
  }
  
$q = $sql->prepare("select * from users where LOWER(username) = LOWER(?) or ip = ? order by claimed_at desc");
  $q->execute(array($username,$ip));
  $row = $q->fetch();

Put this code right underneath the one you find above:

Code:
//We do not allow proxy here

 if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
{ 
  $view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-danger"><p>Bots not allowed !! If you are not a bot and not on a proxy, i still cant help you !</p></div></div>';
    $message                     = "Proxy";
    goto error; 
  }
  //end proxie check

This will stop proxies and throw a message as you can see in the picture

http://bitcoinfaucetrelay.com/wp-content/uploads/2016/08/bot.png

Title: Re: Security patch for Xapo faucet script
Post by: Gifted on August 04, 2016, 09:58:12 PM
 Security Patch v1.3


Put this .htaccess in root : http://bitcoinfaucetrelay.com/wp-content/uploads/2016/08/htaccess.zip (http://bitcoinfaucetrelay.com/wp-content/uploads/2016/08/htaccess.zip)




This blocks Russia,TOR and most VPN then redirects to another page of your choice when detected, also speeds up your site.

Title: Re: Security patch for Xapo faucet script
Post by: Gifted on August 06, 2016, 05:26:59 AM
reserved

Title: Re: Security patch for Xapo faucet script
Post by: Gifted on August 06, 2016, 05:27:08 AM
reserved

Title: Re: Security patch for Xapo faucet script
Post by: Gifted on August 06, 2016, 05:27:24 AM
reserved


Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines